SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Buffer Overflow Primer Part 6 (Exploiting a Program)
Welcome to Part 6 of the Buffer Overflow Primer. If you have not already done so, please start this series by viewing Part 1. The Buffer Overflow Primer requires that you know at least some basic Assembly Language. I have created a series of Assembly Language video tutorials for Hackers here, for those not familiar with the language.
In this video we will understand how to use the shellcode created in the previous video to exploit an actual program. We will first take an example program ExploitMe.c and look at how it's stack is organized. Then, we will create a environment variable "EGG" which will be custom made to smash ExploitMe.c's stack and overwrite it with the shellcode and replace the original RET address with a new one pointing to our shellcode. Once this is done, we have full control of the EIP and once main() returns, our shellcode will be executed. Though this video is entirely in presentation mode, it is probably the most important video of this entire series. If you understand the stack overwriting logic explanied here, you are done learning buffer overflows :) The next video will consist of the actual demo of the exploitation process.
In this video we will understand how to use the shellcode created in the previous video to exploit an actual program. We will first take an example program ExploitMe.c and look at how it's stack is organized. Then, we will create a environment variable "EGG" which will be custom made to smash ExploitMe.c's stack and overwrite it with the shellcode and replace the original RET address with a new one pointing to our shellcode. Once this is done, we have full control of the EIP and once main() returns, our shellcode will be executed. Though this video is entirely in presentation mode, it is probably the most important video of this entire series. If you understand the stack overwriting logic explanied here, you are done learning buffer overflows :) The next video will consist of the actual demo of the exploitation process.
We hate these ADs as much as you do! Help us stay FREE and CLEAN by making a Generous Donation!
Related Videos from: Buffer Overflow Primer Series (2)
.jpg) | .jpg) | .jpg) | .jpg) | ||
You are Viewing this Video Now! | |||||
3118 views | 3100 views | 3300 views | 2994 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |