Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Conduct Your Very Own Buffer Overflow

Posted by Zonk on from the a-bug-of-my-very-own dept.

Adam writes "If you've ever wanted to create your own buffer overflow or just to see how one works, check out this tutorial. The article talks about how a buffer overflow works and gives a guided example through an exploit to help you on your way. Definitely worth checking out." From the article: "Every now and again we all hear about an exploit that takes place thanks to a buffer overflow, but what is a buffer overflow? By definition it is when a program attempts to store more data in an array (buffer) than it was intended to hold, thus overwriting the return address of the function. To show how this is actually done, I'll explain how to do a simple attack on a fairly small program."

9 of 186 comments (clear)

  1. Fun and Profit by Anonymous Coward · · Score: 1, Informative

    I agree,

    If anything, one should use this classic text:

    http://www.shmoo.com/phrack/Phrack49/p49-14

  2. Why not just look at this? by Anonymous Coward · · Score: 4, Informative

    This even has great source code and explains the theory quite well.

    http://www.gergltd.com/IATAC-BufferOverflowExploit .pdf

  3. Buffer Overflows by joeytsai · · Score: 5, Informative

    The best article about buffer overflows is the well-known "Smashing the Stack for Fun and Profit" by Aleph One in Phrack. Here's the first link google gave me.

    Everything else (like this article) pales in comparison.

    --
    http://www.talknerdy.org
  4. Another article. by zymano · · Score: 4, Informative

    Great article on countering buffer overflows.

  5. Re:Once again, Zonk lowers the bar. by reynaert · · Score: 5, Informative

    The standard text is still Smashing The Stack For Fun And Profit, I think.

  6. Re:Oh good by chrism238 · · Score: 2, Informative

    By their nature, script-kiddies won't bother reading TFA and writing such an exploit. By their nature, they just download and run them.

  7. Here's a sample... by pg110404 · · Score: 5, Informative

    #include
    #include <string.h>

    char bigBuffer[4096];

    void overflowMe();

    main()
    {
    memset(bigBuffer, 0, sizeof(bigBuffer));
    overflowMe();
    }

    /* this function should never return, in fact it
    should/might SIGSEGV as the return address will be esentially reset to IP=0x00000000 */
    void overflowMe()
    {
    char localBuffer[256];

    /* deliberately copy from a larger buffer to a stack segment buffer more than it can hold */
    memcpy(localBuffer, bigBuffer, sizeof(bigBuffer));
    }

  8. Not too hard by springbox · · Score: 2, Informative

    #include <stdio.h>
    #include <string.h>

    int main()
    {
    struct
    {
    unsigned char buffer[4];
    unsigned char overrun;
    } data;

    data.overrun = 0xFF;

    printf("Initial: %u\n", data.overrun);
    memset(&data.buffer[0], 0, 5);
    printf("Final: %u\n", data.overrun);
    }

    5 bytes get pushed onto the stack to reserve memory for the structure data when main is invoked. Memset starts writing to the base address of the structure at data.buffer[0] for 5 bytes. The space allocated for buffer, however is only 4 bytes, which causes the operation to leak into the variable overrun. When the output is displayed, overrun should change from 255 to 0.

  9. Re:Once again, Zonk lowers the bar. by frakir · · Score: 2, Informative

    There is one old but nicely written buffer overflow tutorial at
    http://www.cultdeadcow.com/cDc_files/cDc-351/essen ce.html