Skip to content

3.7 paxtest命令

https://scz.617.cn/unix/201204281116.txt

A:

paxtest试图检查当前系统的DEP、ASLR设置。我这个版本的paxtest有两种模式, kiddie和blackhat,我没看出来有什么区别。

paxtest blackhat

Writing output to paxtest.log Mode: blackhat Linux debian 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686 GNU/Linux

Executable anonymous mapping : Vulnerable Executable bss : Vulnerable Executable data : Vulnerable Executable heap : Vulnerable Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : 9 bits (guessed) Heap randomisation test (ET_EXEC) : No randomisation Heap randomisation test (ET_DYN) : No randomisation Main executable randomisation (ET_EXEC) : 10 bits (guessed) Main executable randomisation (ET_DYN) : 10 bits (guessed) Shared library randomisation test : 10 bits (guessed) Stack randomisation test (SEGMEXEC) : 19 bits (guessed) Stack randomisation test (PAGEEXEC) : 19 bits (guessed) Return to function (strcpy) : Vulnerable Return to function (strcpy, RANDEXEC) : Vulnerable Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Vulnerable Executable shared library data : Killed Writable text segments : Vulnerable

"Executable ..."测试,将一条指令放在相应内存,并试图执行它。

"... (mprotect)"测试,调用mprotect()将相应内存设置为可执行,再尝试执行。

"Return to function ..."测试,覆盖位于栈上的RetAddr。

"Writable text segments"测试,覆盖本来就标识为可执行的内存。

执行结果中出现下列内容时,表明当前系统未就缓冲区溢出进行过加固:

Vulnerable No randomisation 6 bits