Author Topic: Buffer overflows (Read 2939 times)

linux · « **on:** January 10, 2005, 10:11:48 pm »

Ever wondered what a buffer overflow is? well i was looking around and found some info..

http://www.linuxjournal.com/article/6701
http://destroy.net/machines/security/P49-14-Aleph-One

iago · « **Reply #1 on:** January 11, 2005, 07:33:20 am »

If anybody has any questions about buffer overflows (heap or stack), format string vulnerabilities, shellcode, etc., feel free to ask here. I know all about that stuff in gory detail. Or if you're really interested, "Hacking: The Art of Exploitation" by Jon Erickson is an amazing book.

linux · « **Reply #2 on:** January 11, 2005, 05:45:26 pm »

hrm, ill look into the book...The art of deception is a good book

linux · « **Reply #3 on:** January 11, 2005, 11:41:23 pm »

Wanna shed some insight on shellcode to a curious person

Mythix · « **Reply #4 on:** January 12, 2005, 12:51:58 am »

http://shellcode.org/Shellcode/

iago · « **Reply #5 on:** January 12, 2005, 01:48:52 am »

Shellcode is some machine code which, when tricked into running, spawns a shell for you (which lets you enter arbitrary commands). There are all sorts of ways to do it, like for example:

Compact shellcode -- least number of instructions
polymorphic shellcode -- rewrites itself to get around programs that recognize shellcode
visible-character (or even alphanumeric) shellcode -- all machine code instructions are made up of visible characters, or even alphanumeric. That way if a field only permits a-zA-Z0-9, you can put your shellcode in anyway.

There are other sneaky ways to do it, but the main point is that you trick a program (using a stack overflow, heap overflow, format string vulnerability, etc.) into running the code.

Clan x86

News:

Author Topic: Buffer overflows (Read 2939 times)

linux

Buffer overflows

iago

Re: Buffer overflows

linux

Re: Buffer overflows

linux

Re: Buffer overflows

Mythix

Re: Buffer overflows

iago

Re: Buffer overflows