News:

Happy New Year! Yes, the current one, not a previous one; this is a new post, we swear!

Main Menu

Buffer overflows

Started by linux, January 10, 2005, 10:11:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

linux

January 10, 2005, 10:11:48 PM
Ever wondered what a buffer overflow is? well i was looking around and found some info..


http://www.linuxjournal.com/article/6701
http://destroy.net/machines/security/P49-14-Aleph-One

iago

#1
January 11, 2005, 07:33:20 AM
If anybody has any questions about buffer overflows (heap or stack), format string vulnerabilities, shellcode, etc., feel free to ask here.  I know all about that stuff in gory detail.  Or if you're really interested, "Hacking: The Art of Exploitation" by Jon Erickson is an amazing book.

linux

#2
January 11, 2005, 05:45:26 PM
hrm, ill look into the book...The art of deception is a good book :)

linux

#3
January 11, 2005, 11:41:23 PM
Wanna shed some insight on shellcode to a curious person :)

Mythix

#4
January 12, 2005, 12:51:58 AM
Philosophy, n. A route of many roads leading from nowhere to nothing.

- Ambrose Bierce

iago

#5
January 12, 2005, 01:48:52 AM
Shellcode is some machine code which, when tricked into running, spawns a shell for you (which lets you enter arbitrary commands).  There are all sorts of ways to do it, like for example:

Compact shellcode -- least number of instructions
polymorphic shellcode -- rewrites itself to get around programs that recognize shellcode
visible-character (or even alphanumeric) shellcode -- all machine code instructions are made up of visible characters, or even alphanumeric.  That way if a field only permits a-zA-Z0-9, you can put your shellcode in anyway.

There are other sneaky ways to do it, but the main point is that you trick a program (using a stack overflow, heap overflow, format string vulnerability, etc.) into running the code.
Print
Go Up Pages1
User actions