Writing Buffer Overflow Exploits using BackTrack

[lupin]

I have been writing a number of tutorials on my blog about how to create buffer overflow exploits using BackTrack.

I posted the links to parts one and two on the old forums, and I just finished part three, so I decided to post links to all three parts here.

I will update this post with more links when I write further entries.

Part One: A Simple Windows Stack Based Buffer Overflow
Part Two: A Windows Stack Based SEH Buffer Overflow
Part Three: A Windows Stack Based SEH Buffer Overflow with Character Translation
Part Four: A Windows Use After Free Heap Corruption Exploit
Part Five: A Windows Stack Based Overflow using an Egghunter and a Conditional Jump


Update: Added link to part four.
Update: Added link to part five.

[Natty Dreed]

Great

Thanks for ur hardwork

[capron]

Super Thanks !

[Xortor]

Awesome Tutorials.

Thanks, I hope your efforts are recognised

[Socceroos]

Very nice! Easy to understand and very well presented. I like your style.

[Encrypted_Soldier]

Great organization keep up the great work!http://www.backtrack-linux.org/forum...ons/icon14.gif
Thumbs uphttp://www.backtrack-linux.org/forums/images/icons/icon10.gif
Talking

[lupin]

Update: Added link to Part Four, A Windows Heap Corruption Exploit.

This reproduces the Internet Explorer Aurora '0 day' exploit, used (allegedly) by the Chinese to hack Google.

It can be viewed here.

[Noble_Hikikomori]

This reproduces the Internet Explorer Aurora '0 day' exploit, used (allegedly) by the Chinese to hack Google.

So the 'sophisticated' attack used on Google revolved around a '0 day' exploit? I thought it was something else, something more... more... sophisticated.

[lupin]

So the 'sophisticated' attack used on Google revolved around a '0 day' exploit? I thought it was something else, something more... more... sophisticated.

I think its more the whole operation that was considered sophisticated, not just individual elements of it (such as the initial exploitation vector - this 0 day.) Apparently the attack was well targeted at specific individuals within the companies, and the malware installed by the exploit was fairly unique. And of course not everyone thought it was that sophisticated. From what I have heard of it, it all seemed pretty run of the mill to me, but then again those on the inside may see more of the full picture of what was done. The rest of us just get small pieces of detail...

[freemymind]

Awesome work Lupin! Thank you for the time and effort you put into providing this tutorial.