After having deactivated ASLR, with:
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
I used ldd /path/to/binary to get the address of the shared library that my binary (written in C) was using, and I got the next output :
linux-vdso.so.1 (0x00007ffff7fc4000) libc.so.6 => /usr/lib/libc.so.6 (0x00007ffff7da5000) /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fc6000) The reason I did that is because I'm using gdb-pwndbg to understand how the binary is working in order to exploit it. And in order to exploit the binary i needed the libc address that the binary had in use.
But after running the binary and breaking within execution, I wanted to check that things were working, so I printed out the contents of the /usr/lib/libc.so.6 address and got the following:
pwndbg> x 0x00007ffff7da5000 0x7ffff7da5000: <error: Cannot access memory at address 0x7ffff7da5000> That shouldn't haven been occurring. I was supposed to get :
0x7ffff7da5000: "\177ELF\002\001\001\003" Or something similar. And that is Crazy!
So I remembered that I had I similar file which too needed the use of the /usr/lib/libc.so.6 address, so went to that file and ran ldd and got 0x00007ffff7daa000 as the address.
And like before i printed the contents of that address within an execution break of the binary which i wanted to exploit :
pwndbg> x 0x00007ffff7daa000 0x7ffff7daa000: "\177ELF\002\001\001\003" After that I was capable of use the address to exploit the binary. So i don't know what happens with that binary, even after having recompiled the binary a couple of times, it didn't have any effects.
So I'm curious, or how can I fix this or prevent it?
readelf. Readman readelf ELF ld.soecho '0 | sudo tee /proc/sys/kernel/randomize_va_spacethe actual command used to deactivate ASLR? It seems to have a typo due to containing a single unmatched quote'.