Jump to content
Nytro

Buffer Overflow Basics Video Series!

Recommended Posts

Posted

Buffer Overflow Basics Video Series!

In this video series we will learn the basics of Buffer Overflow attacks and demonstrate how one can exploit Buffer Overflows in programs for fun and profit. The pre-requisite for this video series is that you are familiar with Assembly language. If you are not familiar with Assembly language, no worries, I have created detailed video tutorials for Assembly language here - Assembly Language Primer for Hackers.

1. Smashing the Stack

In Part 1 of the Buffer Overflow series we will look at why buffer overflow attacks happen. We will discuss how the program stack is laid out when a function call happens, then how a buffer can be overwritten if proper bounds checking does not happen and finally how a hacker could take control of the program by overwriting the return address stored on the stack to an arbitrary value.

Buffer Overflow Primer Part 1 (Smashing the Stack) Tutorial

2. Writing Exit Shellcode

In this video we will look at how to create Shellcode which we can use as payload while exploiting a buffer overflow vulnerability.

Buffer Overflow Primer Part 2 (Writing Exit Shellcode) Tutorial

3. Executing Shellcode

In the last video we saw how to create shellcode from assembly language code, this video will concentrate on how to execute the shellcode from within a C program to check that it is working properly.

Buffer Overflow Primer Part 3 (Executing Shellcode) Tutorial

4. Disassembling Execve

In this video we will look at how to create shellcode for the Execve() syscall. We will first create a C program to spawn a shell using Execve(), then we will disassemble the program to understand how the syscall works and the kind of inputs it expects.

Buffer Overflow Primer Part 4 (Disassembling Execve) Tutorial

5. Shellcode for Execve

In this video we will learn how to convert the shellcode created in the previous video to a more usable format. It is important to note that the shellcode in the previous video cannot be used as-is becuase it contains NULLs and hardcoded addresses. Thus we need to convert it into something which can be injected into a buffer - i.e. we need to remove the NULLs and setup relative addressing. This video will show how we can replace the NULLs in the shellcode with instructions which results in non-NULL shellcode. Also, we discuss in detail how we can setup relative addressing within the shellcode and modify it at runtime to make it work.

Buffer Overflow Primer Part 5 (Shellcode for Execve) Tutorial

6. Exploiting a Program

In this video we will understand how to use the shellcode created in the previous video to exploit an actual program.

Buffer Overflow Primer Part 6 (Exploiting a Program) Tutorial

7. Exploiting a Program Demo

In this video we will do a buffer overflow exploitation demo using HackYou.c and ExploitMe.c

Buffer Overflow Primer Part 7 (Exploiting a Program Demo) Tutorial

8. Return to Libc Theory

In this video we will look at how to subvert the NX protection mechanism. The NX protection mechanism basically marks the stack, heap etc. as Non-Executable. This means the processor will not execute any instruction which is on them. From a stack overflow standpoint, this is a problem as our entire shellcode is on the stack, which now has been marked "Non-Executable". The way we counter this problem, is by using a technique called "Return to Libc".

Buffer Overflow Primer Part 8 (Return to Libc Theory) Tutorial

9. Return to Libc Demo

In this video we will do a hands on demo of exploiting a stack protected by NX using the Return to Libc exploitation process. We use GDB and attach it to the vulnerable program to find the address of "/bin/bash" in it's memory. Once this address is found, we modify Ret2libc.c and launch the attack on the vulnerable program. The successful exploitation leads to spawning of a shell.

Buffer Overflow Primer Part 9 (Return to Libc Demo) Tutorial

Thanks,

Vivek

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...