Buffer Overflow Primer Part 4 (Disassembling Execve)
Posted By: SecurityTube_Bot
Posted On: Mon 21 Feb 2011
Views: 14517
Share this video:
Share it on Facebook Share it on Twitter Share it on Reddit Share it on Digg Share it on Stumbleupon
Support SecurityTube:


Description: Welcome to Part 4 of the Buffer Overflow Primer. If you have not already done so, please start this series by viewing Part 1. The Buffer Overflow Primer requires that you know at least some basic Assembly Language. I have created a series of Assembly Language video tutorials for Hackers here, for those not familiar with the language.

In this video we will look at how to create shellcode for the Execve() syscall. We will first create a C program to spawn a shell using Execve(), then we will disassemble the program to understand how the syscall works and the kind of inputs it expects. We will cover this part in-depth and trace through individual instructions and recreate the program stack before execve() is called. Once the disassembled code has been understood, we will create our own program in assembly to spawn a shell using Execve(). This video is very important for those who want to learn how to convert a complex syscall() into its working assembly language equivalent.


Tags: programming ,

This video is part of the following groups:

1. Buffer Overflow Exploitation Megaprimer for Linux ( 9 videos)

Comments (10)

AHMZAO on Tue 01 Mar 2011

Thank for this video Vivek.

But I have a different assembling code for the function main (see below). I've understood why we allocate 20 bytes rather than 8 bytes, but I don't know why : a different compilation method ??? I've compile the program with this instruction : gcc shell.c -o shell -mpreferred-stack-boundary=2 -ggdb

Thank you in advance for your help.
01- push %ebp
02- mov %esp,%ebp
03- sub $0x14,%esp
04- movl $0x80484c0,-0x8(%ebp)
05- movl $0x0,-0x4(%ebp)
06- mov -0x8(%ebp),%edx
07- movl $0x0,0x8(%esp)
08- lea -0x8(%ebp),%eax
09- mov %eax,0x4(%esp)
10- mov %edx,(%esp)
11- call 0x80482f8 <execve@plt>
12- mov $0x0,%eax
13- leave
14- ret

ElDanzante on Sat 02 Apr 2011

Excellent visual representation..Thanks

JCasper777 on Sun 17 Apr 2011

Again, this is a great video. Thank you for your time and effort.

Is there anyway you could release your slides for us to review? I would really like to have the slides for review when studying.

Thanks.

gnalsa on Sun 17 Apr 2011

@AHMZAO I have noticed the same problem. This is caused by using the newer version of BackTrack instead of BT3.

@JCasper I have been wondering the same thing.

Having the slide decks would be a wonderful resource!

Col_Loki on Wed 27 Apr 2011

Awesome video. Starting to get a grasp of this now. Thanks

FuzzyNop on Fri 27 May 2011

Video is awesome, my only request is that you put a link to the next video in the description. This way I dont have to keep going back to the list of videos to get to the next one. Cheers

3ntropy on Sat 18 Jun 2011

Hello Vivek, it is another great video, I am also half way finishing your wireless Sec. tutorials. Hey Guys Wireless security tutorials are also awesome created by Vivek, check that out. Thank you

3ntropy on Sat 18 Jun 2011

Hello Vivek, it is another great video, I am also half way finishing your wireless Sec. tutorials. Hey Guys Wireless security tutorials are also awesome created by Vivek, check that out. Thank you

security123 on Wed 27 Jul 2011

hi vivek you are awsome as usual.
i have a question can we get dump for this program in hex using objdump - d .when i tried this it is giving a continuous string

hacknix on Thu 26 Jan 2012

I need someone who is capable of hacking* websites & accessing their email database


I don't need scraping,web crawling or extractors


I need this sites HACKED so I gain access to their email DB


I will need to test the result u give me,if it checks out,I am willing to pay up to 3000$

per website and 10-20 websites monthly,which will increase upon delivery of faster & quality

service


Pls note,CONTINUITY is what I am after...I NEED A GOOD PARTNER I CAN WORK WITH FOR A VERY

LONG TIME!. I HAVE AT LEAST 500 WEBSITES ON MY LIST AND IM WILLING TO PAY 3000$ PER WEBSITE

PLEASE SEND ME A MAIL IF U CAN DO THIS ASAP ; omorye007 (at) yahoo (dot) com


Cheers

Login to post a comment