In the previous part of this series, I introduced one way to hijack a program's execution flaw, though I only showed you how to crash the program and left you with a little mystery to solve. Today we are giving the solution of that and then introducing shellcode usage and remote command execution.
We won't actually talk about shellcode itself and how to build it, because I first want you to understand that this is just a piece of code, so demonstrations first! Shellcode building will be explored in the next parts of the series.
First of all, another short one today.
We are starting by first solving the mind tricking problem we had while trying to throw the program in a loop and crash. If you haven't tried to solve it yet, I recommend you do it first, as it is a very useful training for your new mind asset!
We'll then move on to the third part of the series, trying to achieve remote execution. We'll first give a brief introduction to shellcode and definition. We'll then see how can we possibly make our vulnerable program execute arbitrary assembly code.
Did you find the answer? See if you were right...
Bascially, the second time that the function loops, the address of the string has been overwritten and compromised. So now that we solved this, we can move on to the next topic.
Where we start off by introducing shellcode. Don't worry if you don't understand, just ask in the comment section or use the references section.
Where we continue and expand the previous brief introduction by showing the shellcode we are going to use and the two main ways to achieve our goal.
Where we demonstrate how the exploitation actually works and get a shell on the system by exploiting our vulnerable program for the first time in this series.
A comprehensive synopsis of our adventure so far.
Introducing next week's topic: NOP sled.
Aleph1's "Smashing the Stack for Fun and Profit"
"Hacking, The Art of Exploitation"
"Buffer Overflow Demistified" by murat.
"The Shellcoder's Handbook"
Part 1 of "Attack On Stack"
Part 2 of "Attack On Stack"
Part 3 of "Attack On Stack"
Part 4 of "Attack On Stack"
Part 6 of "Attack On Stack"
Prelude to Reverse Engineering: IDA and Hopper Binary Patching Introduction
Hey everyone! How is it going?
Sorry if this post was shorter than the other ones. I wanted this to be a brief introduction so that we can then focus on another interesting topic next time (which will be short too, but very interesting topic, so keep coming)!
Two things I'd like to question you about: Null Byte's IRC channel and a monthly review of the most interesting topic in the informational security field. Would you be interested in having these? Would these actually be useful?
Thank you for your feedback Null Byters!