How To: Attack on Stack [Part 4]; Smash the Stack Visualization: Prologue to Exploitation Chronicles, GDB on the Battlefield.

Attack on Stack [Part 4]; Smash the Stack Visualization: Prologue to Exploitation Chronicles, GDB on the Battlefield.

Hi everyone!

Last time we finished analyzing the assembly representation of our vulnerable piece of code (have I ever told you it is vulnerable?). This time we are going to introduce some fundaments about exploitation by demonstrating how to crash a program's execution. If that sounds lame, next time we will see how this crash can in fact be useful to control the program's execution, achieving remote code execution!

Today's Topic

Today we are going to introduce the "Smash the Stack" technique (yes, finally). "Smash" because a Buffer Overflow happens when a buffer is overflown (you guessed it), which means that the content of the buffer overwrites bytes passed the end of it, "smashing" the bytes that were there for other purposes. For now, we don't need to know how to use it for our own purposes, but to understand it.

The explanation will begin with the demonstration of a "Segmentation Fault error" to then use GDB to visualize data in the stack, by outputting all the bytes in the current stack frame, with the help of the backtrace, full backtrace and examine commands.

Make sure you understood everything we've explained in the past weeks, and if you have any question, don't hesitate to ask, we have a very helpful and rich comment section!

I will leave you with a little challenge to test what you've learned until now, and post the result next time.

Exploitation Chronicles: Preface

Where we introduce the topic.

Exploitation Chronicles: Prologue, Leaving Home.

Experimenting is a fundamental part of exploitation, ad patience the skill you'll need the most. Make sure you know how to use correctly your best tools, as the commands "bt", "bt full" and "examine"!

Exploitation Chronicles: Expectations

It's important to never miss a detail, GDB output is very rich!

Exploitation Chronicles: The Night of the Disbanding

What exactly happens when a buffer gets overflown? What are the consequences?
Today's objective will be to crash the program by entering an endless loop.

Exploitation Chronicles: Dressing Up for the Debut!

Where we prepare to examine the stack.

Exploitation Chronicles: Battlefield! Clash of Beasts!

Where we practically examine the stack frames.

Exploitation Chronicles: The Aftermath.

I'm gonna leave you with a little mystery so that you can train for the next part. See if you can get this working!

References

Aleph1's "Smashing the Stack for Fun and Profit"
"Hacking, The Art of Exploitation"
"Buffer Overflow Demistified" by murat.
"The Shellcoder's Handbook"
Part 1 of "Attack On Stack"
Part 2 of "Attack On Stack"
Part 3 of "Attack On Stack"
Part 5 of "Attack On Stack"
Part 6 of "Attack On Stack"
Prelude to Reverse Engineering: IDA and Hopper Binary Patching Introduction
64 bit shellcoding by Winter Drawlace

Side Note to Null Byte Users

Hey everyone! How is it going?

In the previous parts of this series I've got an overwhelming feedback and a lot of you have been sharing my posts, so thank you!

This part was longer. I had planned to publish 10 pictures each time, but I don't want to break the continuation that I initially programmed while building the series.

I'd like to point out that, while I'm publishing this series of posts, another user, Winter Drawlace (very well done, GG), is publishing another series which might help you to also understand the next part that I'm going to publish, so make sure you read his 64 bit shellcode series!

I'm impressed by how far Null Byte is growing, we have been having new creators every week so far, so don't stop people, thank you Null Byte!

Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:

3 Comments

Coooooooooool !!!
Very well detailed and explained. Thanks for your time.

( Null Byte is also glad to have members like you )

# Sergeant

Thanks!
(You too!)

Ciuffy, my mind can't keep up with you. ;)

Share Your Thoughts

  • Hot
  • Latest