Description: Welcome to Part 5 of the Buffer Overflow Primer. If you have not already done so, please start this series by viewing Part 1. The Buffer Overflow Primer requires that you know at least some basic Assembly Language. I have created a series of Assembly Language video tutorials for Hackers here, for those not familiar with the language. <br><br>In this video we will learn how to convert the shellcode created in the previous video to a more usable format. It is important to note that the shellcode in the previous video cannot be used as-is becuase it contains NULLs and hardcoded addresses. Thus we need to convert it into something which can be injected into a buffer - i.e. we need to remove the NULLs and setup relative addressing. This video will show how we can replace the NULLs in the shellcode with instructions which results in non-NULL shellcode. Also, we discuss in detail how we can setup relative addressing within the shellcode and modify it at runtime to make it work. This is probably the most important video in the series, if one wants to understand the shellcode generation process completely.<br><br>Please download ExecveShellCode.s and ShellCode.c before you view this video. <br><br><br><br> <style type="text/css"> body { background: #FFF; } </style> </div>
Tags: programming ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Man you're awsome!
Hehe :) Enjoy the series and let me know if you have any feedback.
You can be sure that I'm having a lot of knowledge about this. I'm studying exploit some times ago, like 1 and half year, and I'm graduating on Computer Cience, and my conclusion paper will be on exploit! :D
I love this! =)
You're helping me a lot to understand! Your explanations are very clean and easy to understand!
Thank once more! :D
@xplt welcome! :) Pass a link on to your friends in class :)
I've already done this! ;D
I really enjoyed the way you used your slides to step through the program.
Thanks so much for your effort!
Bloody amazing! Really enjoying this. Again fantastic video.
Hi Vivek, I m following ur vedios. They are awesome. I am trying practically everything you are teaching. It is wonderful experience.
I am using BT4 intel core 2 duo platform. In this ExecveShellCode.s example segmentation fault is coming. When i traced down by gdb it came when movb al,0x9(%esi) instruction execute . i am not able to find the reason.
Pls help me or any other person solve this kind of problem give some advise..
thanks
Thanks much for this series, it all makes clear sense, and shows that this is all not so hard as one might think!
Thank you man for all the tutorials and hard work you put into this, this is really helping me a lot in my studies, I just wanted to ask you if you are planning anything interesting about the VPN technology, and I really did enjoy your Caffee Latte vuln. and you defcon speech, you are great, I hope I will contribute to the community one day. Thank you.
thanks, this series is addicting.
So clever...so awesome.
Hi Vivek,
First of all, many thanks for this series. I always want to learn about stack overflow. And this series helped me a lot.
Btw, I am uding BT 5 and getting segmentation fault as neo_panky did. I think somehow code in "ShellCode" routine cannot modify the data in "/bin/bashABBBBCCCC" strings due to the some sort of restrictions of compiler. Please help me.
@albahal and @neo_panky , you WILL get the error message "Segmentation fault", BUT if you try it out without executing it and continue to the objdump command, you will see that it will work as expected spawning you a bash shell
Hey vivek, keep posting, ur videos are so helpful !
I love this series!! always great!!
I need someone who is capable of hacking* websites & accessing their email database
I don't need scraping,web crawling or extractors
I need this sites HACKED so I gain access to their email DB
I will need to test the result u give me,if it checks out,I am willing to pay up to 3000$
per website and 10-20 websites monthly,which will increase upon delivery of faster & quality
service
Pls note,CONTINUITY is what I am after...I NEED A GOOD PARTNER I CAN WORK WITH FOR A VERY
LONG TIME!. I HAVE AT LEAST 500 WEBSITES ON MY LIST AND IM WILLING TO PAY 3000$ PER WEBSITE
PLEASE SEND ME A MAIL IF U CAN DO THIS ASAP ; omorye007 (at) yahoo (dot) com
Cheers
@neo_panky & @albahala
I think the segmentation fault is caused by placing that whole string value into the .text section which then gets mapped into a read-only segment. The kernel sigfaults the user process because of a protection mechanism. It's like trying to change the code while it's running ...
Super!!
Awesome work, thank you :D
@ringneckparrot & @dragosh: Thank you for the answers!
First i want to thank for these amazing video series, now i want to ask some questions with the hope of getting response:
1. We remove NULL bytes in order to prevent end of string, so that we have the entire /bin/bash ?
If this is the case, why does the shellcode work in previous video where we have null bytes? I mean we load the bash when we run the .c program.
2) How do you setup relative addressing? I don't think that you mentioned in the video.
THANKS!
guys can any one explain me that how shell code we write for exit syscall did not contain null bytes, shell code for execve contains null bytes???
mean both shellcodes contain zero's .