Buffer Overflow Guidance

[imported_l1nuxant_ee]

Hallo all,

I am planning to concentrate on studying BOF, I have read some tutorials, and were able to recreate attacks using BOF. However, I would like to have deeper understanding on Processor Registers (EIP,ESP,EBP,...), also to know the difference between exit methods (SEH, Thread,...).

So expertise here, would do you advise me to read, or from where to begin.
Your contribution is highly appreciated

Thanks in advance,

[ShadowKill]

Hallo all,

I am planning to concentrate on studying BOF, I have read some tutorials, and were able to recreate attacks using BOF. However, I would like to have deeper understanding on Processor Registers (EIP,ESP,EBP,...), also to know the difference between exit methods (SEH, Thread,...).

So expertise here, would do you advise me to read, or from where to begin.
Your contribution is highly appreciated

Thanks in advance,

I'd be glad to give you some in depth information (first hand experience, basic methodology, etc) here if you'd like. Can you provide some specific areas that you'd like to focus on? I know you said registers, pointers, and exit calls, but really that's a pretty small part of the whole shellcode/scripting/BOF field. Are you familiar with the variations of heap/stack/etc attacks and the intricates of memory addressing, at least as far as locating the applicable address(es), building the "appropriate" sized NOP sled, and delivery methods? Also, are you more interested in, say, Perl structured attacks, C++, etc........

[imported_l1nuxant_ee]

I'd be glad to give you some in depth information (first hand experience, basic methodology, etc) here if you'd like. Can you provide some specific areas that you'd like to focus on? I know you said registers, pointers, and exit calls, but really that's a pretty small part of the whole shellcode/scripting/BOF field. Are you familiar with the variations of heap/stack/etc attacks and the intricates of memory addressing, at least as far as locating the applicable address(es), building the "appropriate" sized NOP sled, and delivery methods? Also, are you more interested in, say, Perl structured attacks, C++, etc........

Thanks alot ShadowKill for this response.

I have recreated the BOF on ability ftp server. I understood how it worked, how to get the JMP ESP address, where to put my shellcode, and how to use the NOPs to fill the gaps. But when I tried to recreate BOF for other applications (such as WinGate, Savant) I encountered difficulties (as the exploit needed certain bytes at the begining of my evil packet) so I thought of focusing on the registers, as I dont know the purpose of the ESP, EBP till know.

I have read about the Heap/Stack attacks (from the wikipedia), and somehow understood the difference between them.

I have been able to use both Python & Perl attacks, but I think I wont have problem with using C++.

Overall, I find my self at the starting of this field, and really I found myself loving it, so this is why I would like to get inside it.

Thanks alot again,

[imported_l1nuxant_ee]

Dears,

Anyone knows a got book related to this topic ?

[purehate]

All though the title is pretty gay sounding this book is a excellent read.

http://www.amazon.com/Hacking-Art-Ex...1894923&sr=8-1

[ShadowKill]

All though the title is pretty gay sounding this book is a excellent read.

http://www.amazon.com/Hacking-Art-Ex...1894923&sr=8-1

Excellent book PureH@te, I actually got my copy of the First Edition signed at Defcon some years ago, DC12 I believe.

From what I've seen so far I believe that the First Edition of the same book would benefit you more than the second. It is more technical and goes further into the inner workings of BOFs and their application in various areas such as networking, wired and wireless, as well as others. The Second Edition is more for beginners and those interesting in Object Oriented programming methodologies. I will put up a tutorial, of sorts, on overflowing as well as basic assembly manipulation, etc sometime soon.

[imported_l1nuxant_ee]

Excellent book PureH@te, I actually got my copy of the First Edition signed at Defcon some years ago, DC12 I believe.

From what I've seen so far I believe that the First Edition of the same book would benefit you more than the second. It is more technical and goes further into the inner workings of BOFs and their application in various areas such as networking, wired and wireless, as well as others. The Second Edition is more for beginners and those interesting in Object Oriented programming methodologies. I will put up a tutorial, of sorts, on overflowing as well as basic assembly manipulation, etc sometime soon.

Thanks PureH@te for the book, I will check it.

ShadowKill, I will be waiting your tutorial, so please don't be late

[Armagedeon]

Hello you guys
I need some help please...

l1nuxant_ee you said:
"I have recreated the BOF on ability ftp server"

I'm trying to do the same in a XP SP2 box, with no success...

Is this possible?

I don't even get to recreate the simple-fuzzer.py script...

I get no crash... what I'm i doing wrong??

Could you guys help?

thanks in advance.

[ShadowKill]

Hello you guys
I need some help please...

l1nuxant_ee you said:
"I have recreated the BOF on ability ftp server"

I'm trying to do the same in a XP SP2 box, with no success...

Is this possible?

I don't even get to recreate the simple-fuzzer.py script...

I get no crash... what I'm i doing wrong??

Could you guys help?

thanks in advance.

Armagedeon, please do not hijack other people's threads. Create you own thread, ask the question there, and others will respond. This thread is for the OP's question(s), not yours. Thanks.

[Armagedeon]

Sorry,

Just posted it here because I thought it was within the scope of the subject...
Will take in consideration your advise..
Thanks