Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Buffer overflows in C

  • 17-04-2013 9:42pm
    #1
    Registered Users, Registered Users 2 Posts: 5


    Hi,

    I'm looking for a tutorial from someone proficient in c programming and in particular demonstrating stack and buffer overflow vulnerabilities.

    Get in touch if you're out there!

    D


Comments

  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    there are plenty of tutorials / examples on the web

    for example:

    assuming you are familiar with what a buffer overflow is:
    http://stackoverflow.com/questions/6220212/buffer-overflow-in-c

    a lot more comprehensive:
    http://www.tenouk.com/cncplusplusbufferoverflow.html

    http://www.eecis.udel.edu/~bmiller/cis459/2007s/readings/buff-overflow.html

    https://www.owasp.org/index.php/Buffer_overflow_attack

    all from the first page of a search in google. a lot more can be found on security sites and I'm almost certain there's been at least one decent book published on the subject.


  • Registered Users, Registered Users 2 Posts: 5 Dublin3344


    ..thanks for the email..yes, I understand the theory and I've looked at various websites, papers etc but the practice is somewhat more difficult than the theory..what I'm looking for is a tutorial that actually demonstrates the exploit..step by step etc


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    The second link posted there includes examples. It's something I'd like to understand at a practical level myself (purely for curiosity reasons) but have never broken the desire / time barrier on. The general idea is lovely in its simplicity.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Look at the exploit writing tutorials section of:

    https://www.corelan.be/index.php/articles/



    I had a hack-me challenge here before:
    http://www.boards.ie/vbulletin/showthread.php?p=74028232 The server is no longer online, however you can run the exploitable server yourself.
    https://us.v-cdn.net/6034073/uploads/attachments/81378/172116.zip (this contains no malicious code)
    Source code is here: https://us.v-cdn.net/6034073/uploads/attachments/81378/175704.zip

    This was originally ran on Win XP SP3 which had no ASLR or GS. Vista/7/8 will make your job significantly harder.


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    Sorry, that constitutes advertising. Not the forum for it I'm afraid.

    As suggested, check out the tutorials and practise (safely) where you can. Best way to learn to be honest. No-one can teach you everything you'll need to cover every possible scenario you'll come across. Only experience and patience can do that.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5 Dublin3344


    Lolth,

    While I appreciate your email, I do not require a lecture on the virtues of learning, nor did I ask for this type of patronizing response.

    D


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Dublin3344 wrote: »
    ..thanks for the email..yes, I understand the theory and I've looked at various websites, papers etc but the practice is somewhat more difficult than the theory..what I'm looking for is a tutorial that actually demonstrates the exploit..step by step etc

    There's a loads of videos on youtube.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Dublin3344 wrote: »
    Lolth,

    While I appreciate your email, I do not require a lecture on the virtues of learning, nor did I ask for this type of patronizing response.

    D

    Email?

    The book The Art of Exploitation has a great chapter on writing buffer overflows. It gives you basic vulnerable C code and shows you how to exploit it. It was very good.


Advertisement