Nytro Posted August 12, 2009 Report Posted August 12, 2009 Buffer Overflow Basics Video Series!In this video series we will learn the basics of Buffer Overflow attacks and demonstrate how one can exploit Buffer Overflows in programs for fun and profit. The pre-requisite for this video series is that you are familiar with Assembly language. If you are not familiar with Assembly language, no worries, I have created detailed video tutorials for Assembly language here - Assembly Language Primer for Hackers.1. Smashing the StackIn Part 1 of the Buffer Overflow series we will look at why buffer overflow attacks happen. We will discuss how the program stack is laid out when a function call happens, then how a buffer can be overwritten if proper bounds checking does not happen and finally how a hacker could take control of the program by overwriting the return address stored on the stack to an arbitrary value. Buffer Overflow Primer Part 1 (Smashing the Stack) Tutorial2. Writing Exit ShellcodeIn this video we will look at how to create Shellcode which we can use as payload while exploiting a buffer overflow vulnerability. Buffer Overflow Primer Part 2 (Writing Exit Shellcode) Tutorial3. Executing ShellcodeIn the last video we saw how to create shellcode from assembly language code, this video will concentrate on how to execute the shellcode from within a C program to check that it is working properly. Buffer Overflow Primer Part 3 (Executing Shellcode) Tutorial4. Disassembling ExecveIn this video we will look at how to create shellcode for the Execve() syscall. We will first create a C program to spawn a shell using Execve(), then we will disassemble the program to understand how the syscall works and the kind of inputs it expects. Buffer Overflow Primer Part 4 (Disassembling Execve) Tutorial5. Shellcode for ExecveIn this video we will learn how to convert the shellcode created in the previous video to a more usable format. It is important to note that the shellcode in the previous video cannot be used as-is becuase it contains NULLs and hardcoded addresses. Thus we need to convert it into something which can be injected into a buffer - i.e. we need to remove the NULLs and setup relative addressing. This video will show how we can replace the NULLs in the shellcode with instructions which results in non-NULL shellcode. Also, we discuss in detail how we can setup relative addressing within the shellcode and modify it at runtime to make it work. Buffer Overflow Primer Part 5 (Shellcode for Execve) Tutorial6. Exploiting a ProgramIn this video we will understand how to use the shellcode created in the previous video to exploit an actual program. Buffer Overflow Primer Part 6 (Exploiting a Program) Tutorial7. Exploiting a Program DemoIn this video we will do a buffer overflow exploitation demo using HackYou.c and ExploitMe.c Buffer Overflow Primer Part 7 (Exploiting a Program Demo) Tutorial8. Return to Libc TheoryIn this video we will look at how to subvert the NX protection mechanism. The NX protection mechanism basically marks the stack, heap etc. as Non-Executable. This means the processor will not execute any instruction which is on them. From a stack overflow standpoint, this is a problem as our entire shellcode is on the stack, which now has been marked "Non-Executable". The way we counter this problem, is by using a technique called "Return to Libc". Buffer Overflow Primer Part 8 (Return to Libc Theory) Tutorial9. Return to Libc DemoIn this video we will do a hands on demo of exploiting a stack protected by NX using the Return to Libc exploitation process. We use GDB and attach it to the vulnerable program to find the address of "/bin/bash" in it's memory. Once this address is found, we modify Ret2libc.c and launch the attack on the vulnerable program. The successful exploitation leads to spawning of a shell.Buffer Overflow Primer Part 9 (Return to Libc Demo) TutorialThanks,Vivek Quote
hirosima Posted August 12, 2009 Report Posted August 12, 2009 super tare, ce exploit sa folosesc pentru ssl_mod Buffer Overflow? Quote