Category:Stack

From SecurityForest

Title: Smashing the stack for fun and profit - Wikified by: Loni

Description: A classic and a MUST read! Over the last few months there has been a large increase of buffer overflow vulnerabilities being both discovered and exploited. Examples of these are syslog, splitvt, sendmail 8.7.5, Linux/FreeBSD mount, Xt library, at, etc. This paper attempts to explain what buffer overflows are, and how their exploits work.

Author: Aleph1

Download: p49-0x0d.txt (http://www.securityforest.com/downloads/educationtree/p49-0x0d.txt)

Rated:

Title: Exploit:_Stack_Overflows_-_Basic_stack_overflow_exploiting_on_win32

Description: This tutorial will exploit the common "lamebuf.c" code while documenting every step.

Author: tal.z

Rated:

Title: Stack overflow tutorial

Description: If you are not interested in understanding hundreds of lines pure i80386 (disassembled) assembler code and want to have a more practical guide, continue reading this article in order to easily learn how to use overflow exploits on various unix systems.

Author: THC Dusty

Download: OVERFLOW.TXT (http://www.securityforest.com/downloads/educationtree/OVERFLOW.TXT)

Rated:

Title: Win32 Buffer Overflows

Description: Location, Exploitation and Prevention of Win32 Buffer Overflows. This paper will be separated into 3 sections.The first will cover a standard reversing session, and we'll point out a common vulnerability. The second will demonstrate the process of exploiting the weakness - the problem with most win32 remote overflow exploits stems from the payload, the current trend is to have the shellcode download an external file and execute. Far too many problems result from this echnique, depending on router/firewall configurations etc. The payload I present to you will directly spawn a full-blown shell on any port you specify, eliminating 90% of most reported problems. This is the first of its kind as far as I am aware. The last section will show how to add your own code to the executables of your target to prevent exploitation.

Author: dark spyrit AKA Barnaby

Download: p55-0x0f.txt (http://www.securityforest.com/downloads/educationtree/p55-0x0f.txt)

Rated:

Title: Stack Overflow’s Analysis - Exploiting Ways

Description: The first passage to follow, in order to completely understand the STACK overflows, it’s to study how the main processor works during any program’s execution. When a program is executed his elements are allocated into the memory in a well organized way (look at the Figure 1). Local variables, function arguments and still other things, are allocated into the STACK.

Author: Angelo Rosiello

Download: stack_overflows_analysis_exploiting_ways.zip (http://www.securityforest.com/downloads/educationtree/stack_overflows_analysis_exploiting_ways.zip)

Rated:

Title: Stack Overflows

Description: This article will present the most easily exploitable vulnerability and also the most common found in the wild, the stack overflow.

Author: Burebista

Download: stack_overflows.pdf (http://www.securityforest.com/downloads/educationtree/stack_overflows.pdf)

Rated:

Title: Buffer Overflows Demystified

Description: This document is a starter of a series of documents about some sort of subjects, which require great attention and involve pretty much detail; and aims to explain and clarify the very basic vulnerability type, namely local buffer overflows, and document the way to write exploits making use of such vulnerabilities.

Author: Murat

Download: bof-eng.txt (http://www.securityforest.com/downloads/educationtree/bof-eng.txt)

Rated:

Title: Stack-based Overflow Exploit: Introduction to Classical and Advanced Overflow Technique -

Description: This document does not talk about what overflows are and how much serious they are but then again, there are so many articles about them already. Instead, it covers basic stack-based overflows, overflow techniques under the non-executable stack including the return-into-libc and system() techniques, frame faking and ways of using execl().

Author: vangelis

Link: [1] (http://www.neworder.box.sk/newsread.php?newsid=12476)

Rated:

Title: Exploiting the Stack (Part I-IV): Basics of windows based stack overflow -

Description: This document assumes very little prior knowledge on the part of the reader. There are 4 articles starting with basics of memory layout, basics of windows assembly, local stack overflow, basics of shellcode, writing your own shellcode, exploiting using SEH and remote stack overflow. To make it more interesting the author has also include sample exercises.

Author: Nish Bhalla

Download: Win32 Stack Overflow Basics (http://www.securitycompass.com/Case%20Studies.htm)

Rated: