Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Conduct Your Very Own Buffer Overflow

Posted by Zonk on from the a-bug-of-my-very-own dept.

Adam writes "If you've ever wanted to create your own buffer overflow or just to see how one works, check out this tutorial. The article talks about how a buffer overflow works and gives a guided example through an exploit to help you on your way. Definitely worth checking out." From the article: "Every now and again we all hear about an exploit that takes place thanks to a buffer overflow, but what is a buffer overflow? By definition it is when a program attempts to store more data in an array (buffer) than it was intended to hold, thus overwriting the return address of the function. To show how this is actually done, I'll explain how to do a simple attack on a fairly small program."

26 of 186 comments (clear)

  1. Hmm by Dante+Shamest · · Score: 5, Funny

    Is the tutorial correct?

    It doesn't seem to wo----

  2. Tutorials? by Anonymous Coward · · Score: 5, Funny

    Tutorials are for wimps.

    Real men create buffer overflows by accident.

    1. Re:Tutorials? by chucks86 · · Score: 5, Funny

      I accidentally created a tutorial once...

      --
      Help a poor college student. Send a couple cents via paypal to chucks86@gmail.com
    2. Re:Tutorials? by Loki_1929 · · Score: 2, Funny

      Wimp.

      --
      -- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
    3. Re:Tutorials? by fbjon · · Score: 2, Funny
      Real Men log in by using creative buffer overflowing instead of wimpy user/pass combinations. Real Men use buffer overflows just to write to disk.

      Real Men flip out regularly and buffer overflow just for the hell of it, because they are sooo cool!

      Once I heard that this wimpy guy dropped a teaspoon, and this Real Man like totally buffer overflowed him, right there on the spot!

      Buffer Overflows are totally sweet.

      And that's what I call real ultimate power! Check it out, it's totally sweet!

      --
      True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
  3. I can confirm that this works by joshv · · Score: 1, Funny

    It definitely works, I just compil..0xdeadbeef

  4. Thank you but... by frank_adrian314159 · · Score: 4, Funny

    I can overflow buffers quite well on my own without any help.

    --
    That is all.
  5. No Guide Needed! by ThisIsFred · · Score: 5, Funny

    Just teach yourself C! You'll discover every possible way in which things can go wrong, and in no time at all.

    --
    Fred

    "A fool and his freedom are soon parted"
    -RMS
  6. How to exploit a buffer overflow in windows: by GNUALMAFUERTE · · Score: 2, Funny

    1 - Choose random windows version.
    2 - Choose random exe or dll that cames with the OS.
    3 - Choose a random base address.
    4 - Write your code
    5 - ???
    6 - Profit!

    It's like trying to throw a rock to the floor, you just can't miss ;-)

    --
    WTF am I doing replying to an AC at 5 A.M on a Friday night?
    1. Re:How to exploit a buffer overflow in windows: by CypherXero · · Score: 2, Funny

      I live in space, you insensitive clod!

  7. Re:Here's a sample... by HyperChicken · · Score: 3, Funny

    There's a security bug in your code.

    --
    Free of Flash! Free of Flash!
  8. Re:Here's a sample... by pg110404 · · Score: 5, Funny

    There's a security bug in your code.

    Yeah, I know. Here's the patch

    #include <stdio.h>
    main()
    {
    }

  9. Re:slashdotted... by millennial · · Score: 2, Funny

    Yeah. You have a web site that makes it onto Slashdot, and you have a comment system with no size limit on your comments, and comments can be made every 15 seconds per connection. Wow, that's a pretty bad idea.

    --
    I am scientifically inaccurate.
  10. Re:Buffer Overflows by Stalyn · · Score: 5, Funny

    I'm sorry but the article you mention is not within the blogosphere and therefore meaningless to today's society. Please either contact this "Aleph One" to create a blog and post his/her article there or remove it from your message. Thank You.

    --
    The best education consists in immunizing people against systematic attempts at education. - Paul Feyerabend
  11. Re:News? by telstar · · Score: 4, Funny
    What's next, "How To Conduct Your Very Own Segmentation Fault"?
    • nope .... "How to Slashdot a webserver."
  12. How To Conduct Your Very Own Slashdot Effect by TrevorB · · Score: 2, Funny

    from the downtime-of-my-very-own dept.
    Adam writes "If you've ever wanted to create your own Slashdot effect or just to see how one works, check out this tutorial. The article talks about how a Slashdotting works and gives a guided example through an exploit to help you on your way. Definitely worth checking out." From the article: "Every now and again we all hear about an exploit that takes place thanks to the Slashdot effect, but what is the Slashdot effect? By definition it is when a website attempts to service more users than it was intended to hold, thus returning an error message from the server. To show how this is actually done, I'll explain how to do a simple attack on a fairly small Slashdot post."

  13. Ironic - /. ad was for MS Visual Studio .NET by davidwr · · Score: 2, Funny

    I loaded up this article and what do I see?
    This ad from Microsoft staring back at me.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  14. How To Slahdot Your Very Own Server by Electron · · Score: 3, Funny

    Zonk writes "If you've ever wanted to slashdot your own server or just to see how one works, check out this tutorial. The article talks about how the slashdot effect works and gives a guided example through an exploit to help you on your way. Definitely worth checking out." From the article: "Every now and again we all hear about a server disappearing from the face of the earth thanks to the slashdot effect, but what is the slashdot effect? By definition it is when a slashdot editor posts a link on the frontpage to a small server without using coral cache and zillions of slashdotters click on the link the minute the story is published, thus hammering the server into oblivion. To show how this is actually done, I'll explain how to submit a story with a link to your own server by praising Apple, dissing Microsoft or revealing more SCO conspiracies."

  15. Re:MOD PARENT UP by HikeFanatic · · Score: 2, Funny

    The web site got /.'d fast. This is what I see now. I love explanation #2. Just comical.

    If he wanted traffic to his web site, he got it! As the saying goes, "Be careful what you wish for".

    Account Suspended
    Your account has been suspended for 1 of 2 reasons.

    1. Your bill is over due. In this case please email billing@vizaweb.com

    2. You account what causing a problem of some sort. In this case please contact CustomerCare@vizaweb.com

  16. account suspended :) by Inigo+Montoya · · Score: 3, Funny

    The /. effect knocked the account out of existence!

    "Account Suspended
    Your account has been suspended for 1 of 2 reasons.

    1. Your bill is over due. In this case please email billing@vizaweb.com

    2. You account what causing a problem of some sort. In this case please contact CustomerCare@vizaweb.com"

    hmm... Even Slashdotted sites can't spell!

  17. Re:News? by aluser · · Score: 2, Funny
    golf!

    perl -e%::=1,//

  18. Submitter's full name by Mr.+Underbridge · · Score: 4, Funny
    Zonk posts a story from a submitter that wrote the page being submitted for the story, who, as it turns out, blatantly plagarized the content from Bryant and O'Hallaron's Computer Systems book.

    The submitter's full name is Adam Piquepaille.

  19. Well I got: by cmacb · · Score: 4, Funny
    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@collegebums.org and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
    So I guess the overflow worked even better than he thought it would.
  20. Re:News? by Anonymous Coward · · Score: 1, Funny

    How about a new /. rule where whenever someone posts a perl script, they have to translate it into something people who don't think in punctuation can understand?

  21. Re:News? by Anonymous Coward · · Score: 1, Funny

    ^+5!:)

  22. Re:News? by ajs · · Score: 2, Funny

    "How about a new /. rule where whenever someone posts a perl script [...]"

    How about a new /. rule where whenever someone can't tell the difference between a script and a one-liner, they aren't allowed to use a keyboard?