Attack on Stack [Part 5]; Smash the Stack Visualization: Remote Code Execution and Shellcode Concept.

May 8, 2015 03:07 PM
May 15, 2015 06:23 PM
635666690366684154.jpg

Hi everyone!

In the previous part of this series, I introduced one way to hijack a program's execution flaw, though I only showed you how to crash the program and left you with a little mystery to solve. Today we are giving the solution of that and then introducing shellcode usage and remote command execution.

We won't actually talk about shellcode itself and how to build it, because I first want you to understand that this is just a piece of code, so demonstrations first! Shellcode building will be explored in the next parts of the series.

Today's Topic

First of all, another short one today.

We are starting by first solving the mind tricking problem we had while trying to throw the program in a loop and crash. If you haven't tried to solve it yet, I recommend you do it first, as it is a very useful training for your new mind asset!

We'll then move on to the third part of the series, trying to achieve remote execution. We'll first give a brief introduction to shellcode and definition. We'll then see how can we possibly make our vulnerable program execute arbitrary assembly code.

Exploitation Chronicles: Healing for the Revenge

Did you find the answer? See if you were right...

635666276393243658.jpg
635666276694219294.jpg
635666277131755668.jpg
635666277375027076.jpg
635666277684158315.jpg
635666276393243658.jpg
635666276694219294.jpg
635666277131755668.jpg
635666277375027076.jpg
635666277684158315.jpg

Bascially, the second time that the function loops, the address of the string has been overwritten and compromised. So now that we solved this, we can move on to the next topic.

Exploitation Chronicles: The Advance

Where we start off by introducing shellcode. Don't worry if you don't understand, just ask in the comment section or use the references section.

635666623170183043.jpg

Exploitation Chronicles: Enemy's Echoing

Where we continue and expand the previous brief introduction by showing the shellcode we are going to use and the two main ways to achieve our goal.

635666624844402426.jpg
635666625646098243.jpg
635666624844402426.jpg
635666625646098243.jpg

Exploitation Chronicles: The Vanguard

Where we demonstrate how the exploitation actually works and get a shell on the system by exploiting our vulnerable program for the first time in this series.

635666626813729653.jpg
635666627364553706.jpg
635666627670177516.jpg
635666626813729653.jpg
635666627364553706.jpg
635666627670177516.jpg

Exploitation Chronicles: Looking Backwards

A comprehensive synopsis of our adventure so far.

635666629397683597.jpg

Exploitation Chronicles: Heads Up, Prepare to Fight.

Introducing next week's topic: NOP sled.

635666632676568898.jpg

References

Aleph1's "Smashing the Stack for Fun and Profit"

"Hacking, The Art of Exploitation"

"Buffer Overflow Demistified" by murat.

"The Shellcoder's Handbook"

Part 1 of "Attack On Stack"

Part 2 of "Attack On Stack"

Part 3 of "Attack On Stack"

Part 4 of "Attack On Stack"

Part 6 of "Attack On Stack"

Prelude to Reverse Engineering: IDA and Hopper Binary Patching Introduction

64 bit shellcoding by Winter Drawlace

Side Note to Null Byte Users

Hey everyone! How is it going?

Sorry if this post was shorter than the other ones. I wanted this to be a brief introduction so that we can then focus on another interesting topic next time (which will be short too, but very interesting topic, so keep coming)!

Two things I'd like to question you about: Null Byte's IRC channel and a monthly review of the most interesting topic in the informational security field. Would you be interested in having these? Would these actually be useful?

Thank you for your feedback Null Byters!

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Comments

No Comments Exist

Be the first, drop a comment!