Buffer overflows in C

Dublin3344

Hi,

I'm looking for a tutorial from someone proficient in c programming and in particular demonstrating stack and buffer overflow vulnerabilities.

Get in touch if you're out there!

D

LoLth

there are plenty of tutorials / examples on the web

for example:

assuming you are familiar with what a buffer overflow is:
http://stackoverflow.com/questions/6220212/buffer-overflow-in-c

a lot more comprehensive:
http://www.tenouk.com/cncplusplusbufferoverflow.html

http://www.eecis.udel.edu/~bmiller/cis459/2007s/readings/buff-overflow.html

https://www.owasp.org/index.php/Buffer_overflow_attack

all from the first page of a search in google. a lot more can be found on security sites and I'm almost certain there's been at least one decent book published on the subject.

Dublin3344

..thanks for the email..yes, I understand the theory and I've looked at various websites, papers etc but the practice is somewhat more difficult than the theory..what I'm looking for is a tutorial that actually demonstrates the exploit..step by step etc

Khannie

The second link posted there includes examples. It's something I'd like to understand at a practical level myself (purely for curiosity reasons) but have never broken the desire / time barrier on. The general idea is lovely in its simplicity.

h57xiucj2z946q

Look at the exploit writing tutorials section of:

https://www.corelan.be/index.php/articles/



I had a hack-me challenge here before:
http://www.boards.ie/vbulletin/showthread.php?p=74028232 The server is no longer online, however you can run the exploitable server yourself.
https://us.v-cdn.net/6034073/uploads/attachments/81378/172116.zip (this contains no malicious code)
Source code is here: https://us.v-cdn.net/6034073/uploads/attachments/81378/175704.zip

This was originally ran on Win XP SP3 which had no ASLR or GS. Vista/7/8 will make your job significantly harder.

LoLth

Sorry, that constitutes advertising. Not the forum for it I'm afraid.

As suggested, check out the tutorials and practise (safely) where you can. Best way to learn to be honest. No-one can teach you everything you'll need to cover every possible scenario you'll come across. Only experience and patience can do that.

Dublin3344

Lolth,

While I appreciate your email, I do not require a lecture on the virtues of learning, nor did I ask for this type of patronizing response.

D

moneymad

Dublin3344 wrote: »

..thanks for the email..yes, I understand the theory and I've looked at various websites, papers etc but the practice is somewhat more difficult than the theory..what I'm looking for is a tutorial that actually demonstrates the exploit..step by step etc

There's a loads of videos on youtube.

syklops

Dublin3344 wrote: »

Lolth,

While I appreciate your email, I do not require a lecture on the virtues of learning, nor did I ask for this type of patronizing response.

D

Email?

The book The Art of Exploitation has a great chapter on writing buffer overflows. It gives you basic vulnerable C code and shows you how to exploit it. It was very good.