Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
May
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#10103 - 08/29/03 02:42 AM Buffer Overflow Attacks
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Wisconsin
Whats a buffer overflow attack, what does it speciffically do, and how is it executed?

Top
Sponsored Links
#10104 - 08/29/03 04:03 AM Re: Buffer Overflow Attacks
Joined: Mar 2002
Posts: 815
sinetific Offline
nobody
sinetific Offline
nobody

Joined: Mar 2002
Posts: 815
Ann Arbor
A buffer is an allocated space of temporary memory. A buffer overflow is when too much data is recieved causing the buffer to overflow. To understand how they work you'll need to know some uP(microprocessor) theory. But basically you want to offerflow the buffer and have the part is left over an instruction, usually a malicious instruction that would grant you certain privledges on this system. This part that is overflows is the next set of instructions to execute instead of what should normally be executed.

Top
#10105 - 08/29/03 04:17 AM Re: Buffer Overflow Attacks
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Wisconsin
how would i execute one; is it a program or do i connect to a port to do it

Top
#10106 - 08/29/03 05:08 AM Re: Buffer Overflow Attacks
Joined: Aug 2003
Posts: 240
paradox Offline
Member
paradox Offline
Member

Joined: Aug 2003
Posts: 240
New Zealand
I think you are talking about exploits.
there are two general kinds of exploits local and remote. Remote exploits use the internet to send a payload to a certain service to overflow it and execute code.. While a local service will do the same but not remotely.. simple really..
A buffer overflow works as said above by writing more data then the buffer allowed.. hence "buffer" overflow an example in c is.
#include
int main(int argc,char *argv[]){
char *buff[20];
strcpy(buff,argv[1]);
}
Now when you run the program
"c:\lala.exe AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
more data is written to the buffer then was allocated and the registers get overwritten if your in windows a error box will pop up and you can find out which registers you overwrote by looking for 41 which is the hex value of "A"
it should overwrite the esp and ebp if you have enuf data seeing as how the buffer is 20 bytes and you wrote more than 21 bytes u overwrite the register why did i say 21 well thats because of the null terminated byte every buffer has '\0' (thats a basic explanation of it all) How do exploits work.. they do just that they overflow buffers and execute shellcode (ahh what is shellcode?) shellcode is opcode(operation code) of an asm program an example .
#include
#include

void main()
{

LoadLibrary("msvcrt.dll");

__asm {

mov esp,ebp
push ebp
mov ebp,esp
xor edi,edi
push edi
sub esp,04h
mov byte ptr [ebp-08h],63h
mov byte ptr [ebp-07h],6Dh
mov byte ptr [ebp-06h],64h
mov byte ptr [ebp-05h],2Eh
mov byte ptr [ebp-04h],65h
mov byte ptr [ebp-03h],78h
mov byte ptr [ebp-02h],65h
mov eax, 0x77c28044 //put your system() address here
push eax
lea eax,[ebp-08h]
push eax
call dword ptr [ebp-0ch]
}
}
this program just runs cmd.exe using the system function and when u convert this to opcode you have your shellcode.. to get the system address you just use a debugger to find out where the function is stored in memory
Ok thats shellcode.. you understand buffer overflows well the simple version.. So now we make an exploit what this does is overwrite the return address of the program so when it tries to return it executes or shellcode..
there is no easy way to explain this..
but basically you store your shellcode in public memory range 0x00000000 to 0x7FFFFFFF
and overwrite the stack with your shellcodes memory address and execute it. Voila
just google for buffer overflow tutorials for a more in depth idea of what they are


The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth
Top
#10107 - 08/29/03 11:30 AM Re: Buffer Overflow Attacks
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Canada
heres a good txt file by a member of the german group called The Hackers Choice (THC) thc.org

heres the link to the good read, hope this helpes you on ur way of learning

Its on Stacks Overflow's

http://www.thc.org/papers/OVERFLOW.TXT


Good artists copy, great artists
steal.

-Picasso
Top
#10108 - 08/30/03 03:59 AM Re: Buffer Overflow Attacks
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Wisconsin
thanx Sin, Black Night, and 1c3 [yum]

Top
#10109 - 08/30/03 08:03 AM Re: Buffer Overflow Attacks
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Canada
np, glad to help

+++EDITED+++
heres another OK txt file i found on packetstorm
its called:

Writing buffer overflow exploits - a tutorial for beginners

and the link is:

http://packetstormsecurity.nl/papers/unix/exploit.txt

Hope this one helps like the last one hopefully did


Good artists copy, great artists
steal.

-Picasso
Top
#10110 - 08/30/03 12:52 PM Re: Buffer Overflow Attacks
Joined: Jan 2003
Posts: 217
Ntd Offline
Member
Ntd Offline
Member

Joined: Jan 2003
Posts: 217
Melbourne, Victoria, Australia
nice work blackKnight, so lets say i connect to a FTP server and for the password and username i paste 300 characters of stuff will that overflow the buffer?

Top
#10111 - 08/30/03 01:08 PM Re: Buffer Overflow Attacks
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Canada
heres yet another great txt file

Advanced buffer overflow exploits
http://www.zone-h.org/files/32/aboep.txt


Good artists copy, great artists
steal.

-Picasso
Top
#10112 - 08/30/03 08:33 PM Re: Buffer Overflow Attacks
Joined: Jun 2002
Posts: 207
Gollum Offline
Member
Gollum Offline
Member

Joined: Jun 2002
Posts: 207
US


Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me
Top
#10113 - 08/31/03 07:39 AM Re: Buffer Overflow Attacks
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Wisconsin
hey thanx guys.

Top
#10114 - 08/31/03 06:01 PM Re: Buffer Overflow Attacks
Joined: Aug 2003
Posts: 240
paradox Offline
Member
paradox Offline
Member

Joined: Aug 2003
Posts: 240
New Zealand
NTD
Depends if they have error checking for the usernames buffer.. but there was a MS ftp vulnrability which allowed people to remotely exploit MS ftp servers because they didnt have buffer checking and of course all the exploit had to do was send a tcp stream
"USER (buffer gets printed here)" and your shellcode should be executed :p but of course remember seeing as how its remote you also have to store the shell code in there memory sumwhere
But i belive u can store your shellcode b4 u overwrite the esp and ebp registers and make them execute the USER buffer's address and that should load your shellcode.. but you would have to find a way to find the address all the time.. i'm not good with remote attacks.. never had to make one..


The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth
Top
#10115 - 09/01/03 10:25 PM Re: Buffer Overflow Attacks
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Canada
hehe Black ur one 1337 guy = )
Heres another pretty good one

Writing buffer overflow exploits - a tutorial for beginners
http://www.zone-h.org/files/32/buffer_overflows_for_newbies.txt


Good artists copy, great artists
steal.

-Picasso
Top
#10116 - 09/02/03 06:52 PM Re: Buffer Overflow Attacks
Joined: Aug 2003
Posts: 240
paradox Offline
Member
paradox Offline
Member

Joined: Aug 2003
Posts: 240
New Zealand
lol thanks..
i don't consider myself "1337" im just learning like the rest, but i just seem to be ahead atm.. everyone can bring forward a different aspect to a project.. like games; they have 20 different people some for algorithims some for gui's etc.. But i appreciate the comment :p


The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth
Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics45,753
Posts80,921
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 38,917
Gremelin 7,194
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 1 guest and 4 spiders.
Latest News