Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#10103 - 08/29/03 02:42 AM Buffer Overflow Attacks  
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost  Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Likes: 1
Wisconsin
Whats a buffer overflow attack, what does it speciffically do, and how is it executed?

Sponsored Links
#10104 - 08/29/03 04:03 AM Re: Buffer Overflow Attacks  
Joined: Mar 2002
Posts: 815
sinetific Offline
nobody
sinetific  Offline
nobody

Joined: Mar 2002
Posts: 815
Ann Arbor
A buffer is an allocated space of temporary memory. A buffer overflow is when too much data is recieved causing the buffer to overflow. To understand how they work you'll need to know some uP(microprocessor) theory. But basically you want to offerflow the buffer and have the part is left over an instruction, usually a malicious instruction that would grant you certain privledges on this system. This part that is overflows is the next set of instructions to execute instead of what should normally be executed.

#10105 - 08/29/03 04:17 AM Re: Buffer Overflow Attacks  
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost  Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Likes: 1
Wisconsin
how would i execute one; is it a program or do i connect to a port to do it

#10106 - 08/29/03 05:08 AM Re: Buffer Overflow Attacks  
Joined: Aug 2003
Posts: 240
paradox Offline
Member
paradox  Offline
Member

Joined: Aug 2003
Posts: 240
New Zealand
I think you are talking about exploits.
there are two general kinds of exploits local and remote. Remote exploits use the internet to send a payload to a certain service to overflow it and execute code.. While a local service will do the same but not remotely.. simple really..
A buffer overflow works as said above by writing more data then the buffer allowed.. hence "buffer" overflow an example in c is.
#include
int main(int argc,char *argv[]){
char *buff[20];
strcpy(buff,argv[1]);
}
Now when you run the program
"c:\lala.exe AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
more data is written to the buffer then was allocated and the registers get overwritten if your in windows a error box will pop up and you can find out which registers you overwrote by looking for 41 which is the hex value of "A"
it should overwrite the esp and ebp if you have enuf data seeing as how the buffer is 20 bytes and you wrote more than 21 bytes u overwrite the register why did i say 21 well thats because of the null terminated byte every buffer has '\0' (thats a basic explanation of it all) How do exploits work.. they do just that they overflow buffers and execute shellcode (ahh what is shellcode?) shellcode is opcode(operation code) of an asm program an example .
#include
#include

void main()
{

LoadLibrary("msvcrt.dll");

__asm {

mov esp,ebp
push ebp
mov ebp,esp
xor edi,edi
push edi
sub esp,04h
mov byte ptr [ebp-08h],63h
mov byte ptr [ebp-07h],6Dh
mov byte ptr [ebp-06h],64h
mov byte ptr [ebp-05h],2Eh
mov byte ptr [ebp-04h],65h
mov byte ptr [ebp-03h],78h
mov byte ptr [ebp-02h],65h
mov eax, 0x77c28044 //put your system() address here
push eax
lea eax,[ebp-08h]
push eax
call dword ptr [ebp-0ch]
}
}
this program just runs cmd.exe using the system function and when u convert this to opcode you have your shellcode.. to get the system address you just use a debugger to find out where the function is stored in memory
Ok thats shellcode.. you understand buffer overflows well the simple version.. So now we make an exploit what this does is overwrite the return address of the program so when it tries to return it executes or shellcode..
there is no easy way to explain this..
but basically you store your shellcode in public memory range 0x00000000 to 0x7FFFFFFF
and overwrite the stack with your shellcodes memory address and execute it. Voila
just google for buffer overflow tutorials for a more in depth idea of what they are


The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth
#10107 - 08/29/03 11:30 AM Re: Buffer Overflow Attacks  
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice  Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Likes: 1
Canada
heres a good txt file by a member of the german group called The Hackers Choice (THC) thc.org

heres the link to the good read, hope this helpes you on ur way of learning

Its on Stacks Overflow's

http://www.thc.org/papers/OVERFLOW.TXT


Good artists copy, great artists
steal.

-Picasso
Sponsored Links
#10108 - 08/30/03 03:59 AM Re: Buffer Overflow Attacks  
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost  Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Likes: 1
Wisconsin
thanx Sin, Black Night, and 1c3 [yum]

#10109 - 08/30/03 08:03 AM Re: Buffer Overflow Attacks  
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice  Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Likes: 1
Canada
np, glad to help

+++EDITED+++
heres another OK txt file i found on packetstorm
its called:

Writing buffer overflow exploits - a tutorial for beginners

and the link is:

http://packetstormsecurity.nl/papers/unix/exploit.txt

Hope this one helps like the last one hopefully did


Good artists copy, great artists
steal.

-Picasso
#10110 - 08/30/03 12:52 PM Re: Buffer Overflow Attacks  
Joined: Jan 2003
Posts: 217
Ntd Offline
Member
Ntd  Offline
Member

Joined: Jan 2003
Posts: 217
Melbourne, Victoria, Australia
nice work blackKnight, so lets say i connect to a FTP server and for the password and username i paste 300 characters of stuff will that overflow the buffer?

#10111 - 08/30/03 01:08 PM Re: Buffer Overflow Attacks  
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice  Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Likes: 1
Canada
heres yet another great txt file

Advanced buffer overflow exploits
http://www.zone-h.org/files/32/aboep.txt


Good artists copy, great artists
steal.

-Picasso
#10112 - 08/30/03 08:33 PM Re: Buffer Overflow Attacks  
Joined: Jun 2002
Posts: 207
Gollum Offline
Member
Gollum  Offline
Member

Joined: Jun 2002
Posts: 207
US


Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me
Sponsored Links
#10113 - 08/31/03 07:39 AM Re: Buffer Overflow Attacks  
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost  Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Likes: 1
Wisconsin
hey thanx guys.

#10114 - 08/31/03 06:01 PM Re: Buffer Overflow Attacks  
Joined: Aug 2003
Posts: 240
paradox Offline
Member
paradox  Offline
Member

Joined: Aug 2003
Posts: 240
New Zealand
NTD
Depends if they have error checking for the usernames buffer.. but there was a MS ftp vulnrability which allowed people to remotely exploit MS ftp servers because they didnt have buffer checking and of course all the exploit had to do was send a tcp stream
"USER (buffer gets printed here)" and your shellcode should be executed :p but of course remember seeing as how its remote you also have to store the shell code in there memory sumwhere
But i belive u can store your shellcode b4 u overwrite the esp and ebp registers and make them execute the USER buffer's address and that should load your shellcode.. but you would have to find a way to find the address all the time.. i'm not good with remote attacks.. never had to make one..


The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth
#10115 - 09/01/03 10:25 PM Re: Buffer Overflow Attacks  
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice  Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Likes: 1
Canada
hehe Black ur one 1337 guy = )
Heres another pretty good one

Writing buffer overflow exploits - a tutorial for beginners
http://www.zone-h.org/files/32/buffer_overflows_for_newbies.txt


Good artists copy, great artists
steal.

-Picasso
#10116 - 09/02/03 06:52 PM Re: Buffer Overflow Attacks  
Joined: Aug 2003
Posts: 240
paradox Offline
Member
paradox  Offline
Member

Joined: Aug 2003
Posts: 240
New Zealand
lol thanks..
i don't consider myself "1337" im just learning like the rest, but i just seem to be ahead atm.. everyone can bring forward a different aspect to a project.. like games; they have 20 different people some for algorithims some for gui's etc.. But i appreciate the comment :p


The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth

Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,195
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics47,469
Posts82,639
Average Daily Posts8
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 40,633
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)