How To: Attack on Stack [Part 5]; Smash the Stack Visualization: Remote Code Execution and Shellcode Concept.

Attack on Stack [Part 5]; Smash the Stack Visualization: Remote Code Execution and Shellcode Concept.

Hi everyone!

In the previous part of this series, I introduced one way to hijack a program's execution flaw, though I only showed you how to crash the program and left you with a little mystery to solve. Today we are giving the solution of that and then introducing shellcode usage and remote command execution.

We won't actually talk about shellcode itself and how to build it, because I first want you to understand that this is just a piece of code, so demonstrations first! Shellcode building will be explored in the next parts of the series.

Today's Topic

First of all, another short one today.

We are starting by first solving the mind tricking problem we had while trying to throw the program in a loop and crash. If you haven't tried to solve it yet, I recommend you do it first, as it is a very useful training for your new mind asset!

We'll then move on to the third part of the series, trying to achieve remote execution. We'll first give a brief introduction to shellcode and definition. We'll then see how can we possibly make our vulnerable program execute arbitrary assembly code.

Exploitation Chronicles: Healing for the Revenge

Did you find the answer? See if you were right...

Bascially, the second time that the function loops, the address of the string has been overwritten and compromised. So now that we solved this, we can move on to the next topic.

Exploitation Chronicles: The Advance

Where we start off by introducing shellcode. Don't worry if you don't understand, just ask in the comment section or use the references section.

Exploitation Chronicles: Enemy's Echoing

Where we continue and expand the previous brief introduction by showing the shellcode we are going to use and the two main ways to achieve our goal.

Exploitation Chronicles: The Vanguard

Where we demonstrate how the exploitation actually works and get a shell on the system by exploiting our vulnerable program for the first time in this series.

Exploitation Chronicles: Looking Backwards

A comprehensive synopsis of our adventure so far.

Exploitation Chronicles: Heads Up, Prepare to Fight.

Introducing next week's topic: NOP sled.

References

Aleph1's "Smashing the Stack for Fun and Profit"
"Hacking, The Art of Exploitation"
"Buffer Overflow Demistified" by murat.
"The Shellcoder's Handbook"
Part 1 of "Attack On Stack"
Part 2 of "Attack On Stack"
Part 3 of "Attack On Stack"
Part 4 of "Attack On Stack"
Part 6 of "Attack On Stack"
Prelude to Reverse Engineering: IDA and Hopper Binary Patching Introduction

64 bit shellcoding by Winter Drawlace

Side Note to Null Byte Users

Hey everyone! How is it going?

Sorry if this post was shorter than the other ones. I wanted this to be a brief introduction so that we can then focus on another interesting topic next time (which will be short too, but very interesting topic, so keep coming)!

Two things I'd like to question you about: Null Byte's IRC channel and a monthly review of the most interesting topic in the informational security field. Would you be interested in having these? Would these actually be useful?

Thank you for your feedback Null Byters!

Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:

11 Comments

Thanks for this series, Ciuffy!

Great job again.

Oh, guys, you really keep me going, thanks for the feedback!
I'm honored to contribute to Null Byte, awesome platform, really. Thank you all for supporting me!

A Nullbyte IRC channel would be very useful. Instead of discussing the problems with my putting Kali Live onto a USB drive, and then installing it to dual boot on my computer, we could take up less space in the comments section and use the IRC instead. :)

Btw, I've just answered you there.
Will see if I can get this project going then, thanks for feedback.

Great work as always Ciuffy. Did ya get qwerty tattoo on your face when you passed out writing this the other night?

#C3

Not actually, but almost got a pen in my sleepy eye at school because of my head falling on it. But faith wanted me to live.

#C3

Lol, same happened to me while writing the BeEF tutorials. XD

I have to say these are getting pretty impressive. I hope you can move onto techniques for bypassing ALSR and DEP in the future as well, with jumping and syscalls, etc. Looking forward!

Agreed. Ciuffy really did his studying.

Summer will eventually come. Sooner or later. Hopefully.

Yeah, I got a lot to do as well. Hoping to learn more about Heartbleed, smashing the stack, and more C. I'm hoping to experiment with MitM attacks too.

Share Your Thoughts

  • Hot
  • Latest