UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
September
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Sponsored Links
Latest Postings
The History Thread...
by Gremelin
09/18/14 09:42 AM
Doom 3
by Cyrez
09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666
08/22/14 09:21 AM
Latest Reviews
Topic Options
Rate This Topic
#10103 - 08/28/03 07:42 PM Buffer Overflow Attacks
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
Whats a buffer overflow attack, what does it speciffically do, and how is it executed?
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
Sponsored Links
      
#10104 - 08/28/03 09:03 PM Re: Buffer Overflow Attacks
sinetific Offline
nobody

Registered: 03/02/02
Posts: 815
Loc: Ann Arbor
A buffer is an allocated space of temporary memory. A buffer overflow is when too much data is recieved causing the buffer to overflow. To understand how they work you'll need to know some uP(microprocessor) theory. But basically you want to offerflow the buffer and have the part is left over an instruction, usually a malicious instruction that would grant you certain privledges on this system. This part that is overflows is the next set of instructions to execute instead of what should normally be executed.

Top
#10105 - 08/28/03 09:17 PM Re: Buffer Overflow Attacks
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
how would i execute one; is it a program or do i connect to a port to do it
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#10106 - 08/28/03 10:08 PM Re: Buffer Overflow Attacks
paradox Offline
Member

Registered: 08/28/03
Posts: 240
Loc: New Zealand
I think you are talking about exploits.
there are two general kinds of exploits local and remote. Remote exploits use the internet to send a payload to a certain service to overflow it and execute code.. While a local service will do the same but not remotely.. simple really..
A buffer overflow works as said above by writing more data then the buffer allowed.. hence "buffer" overflow an example in c is.
#include
int main(int argc,char *argv[]){
char *buff[20];
strcpy(buff,argv[1]);
}
Now when you run the program
"c:\lala.exe AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
more data is written to the buffer then was allocated and the registers get overwritten if your in windows a error box will pop up and you can find out which registers you overwrote by looking for 41 which is the hex value of "A"
it should overwrite the esp and ebp if you have enuf data seeing as how the buffer is 20 bytes and you wrote more than 21 bytes u overwrite the register why did i say 21 well thats because of the null terminated byte every buffer has '\0' (thats a basic explanation of it all) How do exploits work.. they do just that they overflow buffers and execute shellcode (ahh what is shellcode?) shellcode is opcode(operation code) of an asm program an example .
#include
#include

void main()
{

LoadLibrary("msvcrt.dll");

__asm {

mov esp,ebp
push ebp
mov ebp,esp
xor edi,edi
push edi
sub esp,04h
mov byte ptr [ebp-08h],63h
mov byte ptr [ebp-07h],6Dh
mov byte ptr [ebp-06h],64h
mov byte ptr [ebp-05h],2Eh
mov byte ptr [ebp-04h],65h
mov byte ptr [ebp-03h],78h
mov byte ptr [ebp-02h],65h
mov eax, 0x77c28044 //put your system() address here
push eax
lea eax,[ebp-08h]
push eax
call dword ptr [ebp-0ch]
}
}
this program just runs cmd.exe using the system function and when u convert this to opcode you have your shellcode.. to get the system address you just use a debugger to find out where the function is stored in memory
Ok thats shellcode.. you understand buffer overflows well the simple version.. So now we make an exploit what this does is overwrite the return address of the program so when it tries to return it executes or shellcode..
there is no easy way to explain this..
but basically you store your shellcode in public memory range 0x00000000 to 0x7FFFFFFF
and overwrite the stack with your shellcodes memory address and execute it. Voila
just google for buffer overflow tutorials for a more in depth idea of what they are
_________________________
The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth

Top
#10107 - 08/29/03 04:30 AM Re: Buffer Overflow Attacks
Ice Offline
UGN News Staff

Registered: 11/29/02
Posts: 1146
Loc: Canada
heres a good txt file by a member of the german group called The Hackers Choice (THC) thc.org

heres the link to the good read, hope this helpes you on ur way of learning

Its on Stacks Overflow's

http://www.thc.org/papers/OVERFLOW.TXT
_________________________
Good artists copy, great artists
steal.

-Picasso

Top
#10108 - 08/29/03 08:59 PM Re: Buffer Overflow Attacks
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
thanx Sin, Black Night, and 1c3 [yum]
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#10109 - 08/30/03 01:03 AM Re: Buffer Overflow Attacks
Ice Offline
UGN News Staff

Registered: 11/29/02
Posts: 1146
Loc: Canada
np, glad to help

+++EDITED+++
heres another OK txt file i found on packetstorm
its called:

Writing buffer overflow exploits - a tutorial for beginners

and the link is:

http://packetstormsecurity.nl/papers/unix/exploit.txt

Hope this one helps like the last one hopefully did
_________________________
Good artists copy, great artists
steal.

-Picasso

Top
#10110 - 08/30/03 05:52 AM Re: Buffer Overflow Attacks
Ntd Offline
Member

Registered: 01/21/03
Posts: 217
Loc: Melbourne, Victoria, Australia
nice work blackKnight, so lets say i connect to a FTP server and for the password and username i paste 300 characters of stuff will that overflow the buffer?

Top
#10111 - 08/30/03 06:08 AM Re: Buffer Overflow Attacks
Ice Offline
UGN News Staff

Registered: 11/29/02
Posts: 1146
Loc: Canada
heres yet another great txt file

Advanced buffer overflow exploits
http://www.zone-h.org/files/32/aboep.txt
_________________________
Good artists copy, great artists
steal.

-Picasso

Top
#10112 - 08/30/03 01:33 PM Re: Buffer Overflow Attacks
Gollum Offline
Member

Registered: 06/05/02
Posts: 207
Loc: US
_________________________
Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me

Top
#10113 - 08/31/03 12:39 AM Re: Buffer Overflow Attacks
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
hey thanx guys.
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#10114 - 08/31/03 11:01 AM Re: Buffer Overflow Attacks
paradox Offline
Member

Registered: 08/28/03
Posts: 240
Loc: New Zealand
NTD
Depends if they have error checking for the usernames buffer.. but there was a MS ftp vulnrability which allowed people to remotely exploit MS ftp servers because they didnt have buffer checking and of course all the exploit had to do was send a tcp stream
"USER (buffer gets printed here)" and your shellcode should be executed :p but of course remember seeing as how its remote you also have to store the shell code in there memory sumwhere
But i belive u can store your shellcode b4 u overwrite the esp and ebp registers and make them execute the USER buffer's address and that should load your shellcode.. but you would have to find a way to find the address all the time.. i'm not good with remote attacks.. never had to make one..
_________________________
The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth

Top
#10115 - 09/01/03 03:25 PM Re: Buffer Overflow Attacks
Ice Offline
UGN News Staff

Registered: 11/29/02
Posts: 1146
Loc: Canada
hehe Black ur one 1337 guy = )
Heres another pretty good one

Writing buffer overflow exploits - a tutorial for beginners
http://www.zone-h.org/files/32/buffer_overflows_for_newbies.txt
_________________________
Good artists copy, great artists
steal.

-Picasso

Top
#10116 - 09/02/03 11:52 AM Re: Buffer Overflow Attacks
paradox Offline
Member

Registered: 08/28/03
Posts: 240
Loc: New Zealand
lol thanks..
i don't consider myself "1337" im just learning like the rest, but i just seem to be ahead atm.. everyone can bring forward a different aspect to a project.. like games; they have 20 different people some for algorithims some for gui's etc.. But i appreciate the comment :p
_________________________
The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth

Top

Moderator:  Infinite 
Featured Member
Registered: 03/02/02
Posts: 136
Forum Stats
2148 Members
46 Forums
34505 Topics
69675 Posts

Max Online: 1567 @ 04/25/10 02:20 AM
Top Posters
UGN Security 27667
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
0 registered (), 327 Guests and 297 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!