Using cat to overcome 'Stack smash detected'

Question

I'm trying now buffer overflow exercise from the site pwnable.kr I found the string that should be entered to the gets frunction but got "Stack Smash Detected" then I found a solution in rickgray.me

They suggest (python -c 'print "A" * 52 + "\xbe\xba\xfe\xca"'; cat -) | nc pwnable.kr 9000

which works, Somehow adding the "cat -" command overcomes the canary. I don't understand why is that

"cat -" tells the netcat to leave standard in open and allow for further requests if a shell is open, so you can interact with your port-bounded shell on the server. You may already know that. However I don't know why that would stop Stack smash detected. — dylan7, Jan 28 '16 at 15:49

user8405 · Accepted Answer · 2016-11-11T03:55:30.173

3

This avoids the stack smashing detection because the checking of the stack cookie/canary happens only at the function's epilogue.

Since the challenge you posted requires smashing something on the stack directly that is used in a logic check in the same function, the canary isn't checked by the time you receive your shell.

The canary mainly prevents against stack smashing to overwrite the return address.

The comment on the question about the cat command being present to allow input/output redirection is correct, otherwise the shell opens and is immediately closed.

edited Nov 11 '16 at 03:55

answered Jan 28 '16 at 20:21

user8405

333
1
2
7

1

Just a small comment, I believe "instruction pointer" should be replaced with "return address". – RoraΖ Feb 04 '16 at 13:38
This should be the accepted answer, as it's right. – Michael Aug 30 '16 at 22:10

Using cat to overcome 'Stack smash detected'

1 Answers1