Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Conduct Your Very Own Buffer Overflow

Posted by Zonk on from the a-bug-of-my-very-own dept.

Adam writes "If you've ever wanted to create your own buffer overflow or just to see how one works, check out this tutorial. The article talks about how a buffer overflow works and gives a guided example through an exploit to help you on your way. Definitely worth checking out." From the article: "Every now and again we all hear about an exploit that takes place thanks to a buffer overflow, but what is a buffer overflow? By definition it is when a program attempts to store more data in an array (buffer) than it was intended to hold, thus overwriting the return address of the function. To show how this is actually done, I'll explain how to do a simple attack on a fairly small program."

23 of 186 comments (clear)

  1. Once again, Zonk lowers the bar. by Anonymous Coward · · Score: 5, Interesting



    Zonk posts a story from a submitter that wrote the page being submitted for the story, who, as it turns out, blatantly plagarized the content from Bryant and O'Hallaron's Computer Systems book.

    As a matter of fact, on the webpage itself, the very first response to the post calls Adam out about this, but apparently, it is still suffficiently 'news' to merit posting here.

    Way to go, Zonk...once again, you've lowered the standard.

    1. Re:Once again, Zonk lowers the bar. by reynaert · · Score: 5, Informative

      The standard text is still Smashing The Stack For Fun And Profit, I think.

    2. Re:Once again, Zonk lowers the bar. by Anonymous Coward · · Score: 5, Insightful

      Mods should have the guts to mod the parent insightful. Speaking up is the only way to prevent our favorite reading forum devolving into a tool for people to drive hits to their websites. I come to /. because I can depend on it doing the filtering for me. If the standards are lowered here, I stop visiting and so will others. For those who say "just don't read it if you don't like it," you're missing the point--the beauty of /. is that we can come here and be assured of a quality read, not a vast dumping ground that we then have to further sift. When abusers like Roland Piqupaille (or whatever his impossible last name is) or this guy (who cribbed it from a book) can make Slashdot do their bidding, we all lose.

  2. News? by American+AC+in+Paris · · Score: 5, Insightful
    Look, this may be useful information, but it's not even remotely newsworthy. It's a freakin' intro-level homework exercise.

    What's next, "How To Conduct Your Very Own Segmentation Fault"?

    --

    Obliteracy: Words with explosions

    1. Re:News? by Otter · · Score: 4, Insightful
      This is a good article. Why shouldn't it have a place here?

      No, it's literally an intro-level homework exercise. It's a code snippet copied out of a textbook.

      --
      What I'm listening to now on Pandora...
    2. Re:News? by ajs · · Score: 4, Interesting
      Hmmm... how to construct your very own SEGV, eh? ... well, I guess "kill -SEGV $$" is a bit obvious.

      How about
      perl -le 'print unpack("P","\0\0\0\01")'
      Good enough? ;-)

      Yeah, I know. You're wondering, "why that trailing 1"? It's because Perl explicitly checks for the boneheaded maneuver of dereferencing NULL in an unpack and prevents it. Of course (as the docs point out), there's not much it can do to prevent you using this particular tool to shoot yourself in the foot.
    3. Re:News? by telstar · · Score: 4, Funny
      What's next, "How To Conduct Your Very Own Segmentation Fault"?
      • nope .... "How to Slashdot a webserver."
  3. Hmm by Dante+Shamest · · Score: 5, Funny

    Is the tutorial correct?

    It doesn't seem to wo----

  4. Tutorials? by Anonymous Coward · · Score: 5, Funny

    Tutorials are for wimps.

    Real men create buffer overflows by accident.

    1. Re:Tutorials? by chucks86 · · Score: 5, Funny

      I accidentally created a tutorial once...

      --
      Help a poor college student. Send a couple cents via paypal to chucks86@gmail.com
  5. The Tao of Windows Buffer Overflow by nweaver · · Score: 4, Insightful

    Another good reference is the Tao of Windows Buffer Overflow by the Cult of the Dead Cow. A very detailed explanation how to exploit stack overflows on Windows.

    --
    Test your net with Netalyzr
  6. Why not just look at this? by Anonymous Coward · · Score: 4, Informative

    This even has great source code and explains the theory quite well.

    http://www.gergltd.com/IATAC-BufferOverflowExploit .pdf

  7. Buffer Overflows by joeytsai · · Score: 5, Informative

    The best article about buffer overflows is the well-known "Smashing the Stack for Fun and Profit" by Aleph One in Phrack. Here's the first link google gave me.

    Everything else (like this article) pales in comparison.

    --
    http://www.talknerdy.org
    1. Re:Buffer Overflows by Stalyn · · Score: 5, Funny

      I'm sorry but the article you mention is not within the blogosphere and therefore meaningless to today's society. Please either contact this "Aleph One" to create a blog and post his/her article there or remove it from your message. Thank You.

      --
      The best education consists in immunizing people against systematic attempts at education. - Paul Feyerabend
  8. Thank you but... by frank_adrian314159 · · Score: 4, Funny

    I can overflow buffers quite well on my own without any help.

    --
    That is all.
  9. Another article. by zymano · · Score: 4, Informative

    Great article on countering buffer overflows.

  10. No Guide Needed! by ThisIsFred · · Score: 5, Funny

    Just teach yourself C! You'll discover every possible way in which things can go wrong, and in no time at all.

    --
    Fred

    "A fool and his freedom are soon parted"
    -RMS
  11. Smashing The Stack For Fun And Profit by bajan_on_ice · · Score: 5, Insightful

    Read what I consider the seminal hacker work on this subject by Aleph One over at phrack.org

    http://www.phrack.org/show.php?p=49&a=14

    A little on the detailed side, especially the gdb stuff, but a GREAT article.

    --
    "The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding."
  12. MOD PARENT UP by wan-fu · · Score: 4, Interesting

    This kid is just trying to drum up visitors to his site. The site itself is pretty much devoid of content and the code is taken without citation.

  13. Here's a sample... by pg110404 · · Score: 5, Informative

    #include
    #include <string.h>

    char bigBuffer[4096];

    void overflowMe();

    main()
    {
    memset(bigBuffer, 0, sizeof(bigBuffer));
    overflowMe();
    }

    /* this function should never return, in fact it
    should/might SIGSEGV as the return address will be esentially reset to IP=0x00000000 */
    void overflowMe()
    {
    char localBuffer[256];

    /* deliberately copy from a larger buffer to a stack segment buffer more than it can hold */
    memcpy(localBuffer, bigBuffer, sizeof(bigBuffer));
    }

    1. Re:Here's a sample... by pg110404 · · Score: 5, Funny

      There's a security bug in your code.

      Yeah, I know. Here's the patch

      #include <stdio.h>
      main()
      {
      }

  14. Submitter's full name by Mr.+Underbridge · · Score: 4, Funny
    Zonk posts a story from a submitter that wrote the page being submitted for the story, who, as it turns out, blatantly plagarized the content from Bryant and O'Hallaron's Computer Systems book.

    The submitter's full name is Adam Piquepaille.

  15. Well I got: by cmacb · · Score: 4, Funny
    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@collegebums.org and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
    So I guess the overflow worked even better than he thought it would.