|
|
|
|
| |
| The following article will try to explain what Buffer Overflows are, why they occur and how to exploit them. |
| |
Credit:
The complete article can be downloaded from:
http://www.enderunix.org/docs/eng/bof-eng.txt
The information has been provided by Murat Balaban.
|
| |
Introduction:
Emergence of buffer overflow vulnerabilities dates back to 1970s. Morris Worm (1980s) can be considered the first public use of them. A document such as Aleph1's famous "Smashing the Stack for Fun and Profit" and code related to it has been being published on the Internet since 1990s.
This document is a starter of a series of documents about some sort of subjects, which require great attention and involve pretty much detail; and aims to explain and clarify the very basic vulnerability type, namely local buffer overflows, and document the way to write exploits making use of such vulnerabilities.
To understand what goes on, some C and assembly knowledge is required. Virtual Memory, some Operating Systems essentials, like, for example, how a process is laid out in memory will be helpful. You MUST know what a setuid binary is, and of course you need to be able to -at least- use UNIX systems. If you have an experience of gdb/cc, it will be a good bonus. Document is Linux/ix86 specific. The details differ depending on the Operating System or architecture you're using. In the upcoming documents, relatively more advanced overflow and shellcode techniques will be explained.
|
|
|
|
|
|
|
