• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Buffer overflows

C

CTho9305

Elite Member
I had to do a final project for my "information warfare" class, so I did it on exploiting buffer overflows. I wrote two programs, one which is exploited with a stack-smashing attack, and another which overflows a buffer on the heap and works by messing with the data used for virtual functions. Stack-smashing was covered in detail in a CS class I took a few years ago, but I've never read any info about actually exploiting buffer overflows in the heap.

I thought some people here might find them interesting, so here they are:
stack-smashing (poorly commented)
overflowing a heap-allocated buffer (better commenting)

If you actually compile them, you'll probably have to run them under a debugger, and they may still need to be modified to work in your own environment.

The first program requires user interaction (i.e. it acts like a legitimate program unless you attack it), and the second program exploits itself directly for simplicity.

The paper I wrote for the project is here, though the exploit-explanation to BS ratio is sort of low 😉.
 
Could tell you a lot of stories about Teardrop, Ping of Death, and WinGenocide back when MS didn't have their IP stack patched for such things.
 
Originally posted by: CTho9305
I had to do a final project for my "information warfare" class, so I did it on exploiting buffer overflows. I wrote two programs, one which is exploited with a stack-smashing attack, and another which overflows a buffer on the heap and works by messing with the data used for virtual functions. Stack-smashing was covered in detail in a CS class I took a few years ago, but I've never read any info about actually exploiting buffer overflows in the heap.

I thought some people here might find them interesting, so here they are:
stack-smashing (poorly commented)
overflowing a heap-allocated buffer (better commenting)

If you actually compile them, you'll probably have to run them under a debugger, and they may still need to be modified to work in your own environment.

The first program requires user interaction (i.e. it acts like a legitimate program unless you attack it), and the second program exploits itself directly for simplicity.

The paper I wrote for the project is here, though the exploit-explanation to BS ratio is sort of low 😉.
Click to expand...

:thumbsup:
very interesting reading.
 
Originally posted by: spikespiegal
Could tell you a lot of stories about Teardrop, Ping of Death, and WinGenocide back when MS didn't have their IP stack patched for such things.
Click to expand...


And the irony?

None of the above are the result of buffer overflows. 😉

AnthraX101
 
Originally posted by: CTho9305
I had to do a final project for my "information warfare" class, so I did it on exploiting buffer overflows.
Click to expand...

This wouldn't happen to be for a teacher named Shlanger at Drexel University would it?

Edit:

Nahh, I see CMU as your school...never mind. I took and Info Warfare class as well, didn't know others schools were doing it too.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top