My first BOF exploit
A few months back I embarked on a mission to figure out how exactly a buffer overflow was designed and used to compromise a target computer. In school they did their job and showed us how memory spaces could be overwritten and everything. But they did not go into detail on how exactly to find that specific memory space, nor did they say how to use it once you found it. It was all a mystery. Until I found a great tutorial on youtube. Here is the link.
Writing buffer overflows part 1 https://www.youtube.com/watch?v=pB7d3ZAXkOo&feature=relmfu
There are four parts to the tutorial, and he covers everything from finding the needed memory spaces with a debugger, all the way to writing in some shellcode to open a VNC session with metasploit on the attackers computer. I would say he did a pretty good job explaining the basics. I will also throw up another great tutorial, which the youtube person references.
This is a bit more in depth, and a very good writeup.
So my adventure is right along side of the youtube video. I installed VirtualBox on my Arch Linux, and threw Win XP SP2 on there to make sure this exploit worked. I installed Immunity debugger and the exploitable program Mini-stream RM-MP3 Converter. I will go about explaining all that I did, and all that I learned, in the video below. In the video, my python code that I wrote to find the offset of the registers is here, http://hacked2bits.com/software/python-bof-pattern-create/
The exploitable program can be downloaded here http://www.exploit-db.com/exploits/18726/
Immunity debugger can be downloaded here http://debugger.immunityinc.com/ID_register.py
Here is my video on the buffer overflow exploit. I should mention that in a few places I comment that some script or program was done in Perl, and I meant to say Ruby.
So that was my first buffer overflow, and I had a great time learning what I did. Definitely more of those to come, it was really fun to study. And I just read on a vulnerability for an old version of Itunes.. what better program to exploit than that! And it’s done via a podcast, I can write the exploit code straight to my website! yay! More to come…
03.23.13 HAM I am
03.23.13 Me John and SAM
03.23.13 Udacity Testing
09.04.12 C++ Trivia game
07.28.12 AVR-ISP500-Tiny mod
07.28.12 My first BOF exploit
07.28.12 Dipole disaster
07.25.12 Python BOF pattern create
07.24.12 Udacity Python class
06.17.12 Python 3 class
06.17.12 Graduation speech