Tag Archives: assembling

Testing Shellcode on a Non-Executable Stack or Heap

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 1 Comment

EditIf you’re learning about buffer overflows and shellcode, chances are you’re exploiting some stack-based vulnerabilities. If you’re like me you might also find that when you compile your programs they have stack execution disabled by default. So instead of getting excited as you see your shellcode blissfully running after smashing the stack, you might just see this instead:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000601018 in shellcode ()
“Noooo! You can’t do this to me! I want to write exploits!”

Ok.. calm down.. we just need to turn on stack execution when compiling.

Continue reading

Examining a Buffer Overflow in C and assembly with gdb

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 5 Comments

EditWelcome University of Maryland students! Thanks for visiting! :)

I’ve now finished Vivek Ramachandran’s Assembly Primer for Hackers and I’ve decided to move on to his Buffer Overflow Primer. I’ve exploited basic buffer overflows before, but I think going through his videos will give me more perspective now that I’ve brushed up on assembly.

In this article I’ll be stepping through the program in Vivek’s first video and providing some additional tips and tricks that I find useful when reviewing the program in gdb. I’m also on a 64-bit machine, so things are a bit different in gdb for me than they are in the video. Therefore it’s better that I write up my own explanations as I grasp the material so when I review later it will be more clear.

Continue reading

Examining the Stack to Debug Segfaults with gdb

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 1 Comment

EditEarlier, while writing my compare strings method, I made a mistake in the code and came across a segmentation fault. Based on how the program executed I was pretty sure of approximately where the error was occurring, but rather than go and find the mistake I thought it would be a lot more useful to step through the program in the debugger and examine the problem that way. By doing this I’ll make it easier for myself to debug similar (more complex) problems in the future.

Continue reading

Comparing Strings in Assembly Part 2

Posted on by Posted in Linux, Programming Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditEarlier today I wrote some assembly code to compare 2 strings and print out whether or not they were equal to one another. I’ve been learning more assembly and so I thought I would tweak it a bit to improve the way it works and add more “features”. After some studying I’ve managed to get it working as a real function that actually takes arguments via the stack. On top of that, the function now returns a value that designates the index where the comparison failed; this is stored in the EAX register. Even further, by using a buffer in memory I was able to print a string that informs the user of the index where the comparison failed.

Continue reading

Comparing Strings in Assembly

Posted on by Posted in Linux, Programming Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditAs part of my quest to improve my assembly skills I’ve been reviewing Vivek Ramachandran’s Assembly Primer for Hackers. I’ve nearly completed the series and I thought I would try out some of what I learned. I did my best to write this code completely from scratch and without reviewing the videos at all. I did peek at Professor Ben Abdallah’s reference guide to decide which loop instruction was appropriate and how to jump to the correct label after using cmp, but I didn’t feel like I was having to learn the material; it was used as a reference guide just as it was intended.

Continue reading

Data Types and Moving Data in Assembly

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditI’m still following the Assembly Primer for Hackers from Vivek Ramachandran of SecurityTube in preparation for Penetration Testing with BackTrack. In this review I’ll cover data types and how to move bytes, numbers, pointers and strings between labels and registers.

Continue reading

Reviewing Debugging with gdb

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditAs you may have noticed, I’m preparing to become an OSCP. In addition to brushing up on assembly, I’ll also be stepping through the debugger.

Let’s review gdb and go over some tips to make sure the course work becomes smooth sailing. This is primarily an introduction to general use of gdb, but there are a few tips and tricks as well.

Continue reading

Reviewing Assembly

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditAssembly is a language I’ve dabbled in for years, but never really pressed myself to become fluent in. I understand the basics of memory layout and the general idea of how to program in assembly, but I’ve never fully applied these skills in the security realm. In preparation for Penetration Testing with BackTrack, I’ll be reviewing assembly language from the ground up to ensure I’m at maximum potential going into the study course.

To review assembly I’ll primarily be following the Assembly Primer for Hackers from Vivek Ramachandran of SecurityTube. I’ve been through several of these lessons before and they’re very easy to follow for someone who has previous Linux and programming experience but would like a thorough introduction to assembly. What I’ll be doing here is documenting simple tips that will help me later. Hopefully this will become a useful study guide and cheat-sheet for both assembly and gdb (the GNU debugger).

Continue reading

Installing Backtrack in VirtualBox

Posted on by Posted in Administration, Linux, Security Tagged , , , , , , , , , , , , , , , , , Leave a comment

TerminalFor a long time now I’ve been considering security training. I feel like it would really polish my current abilities and help me overcome some artificial learning plateaus. There are plenty of options available, but the two that I hear the most about are the Certified Ethical Hacker (CEH) program and the Offensive Security Certified Professional (OSCP) program. After doing some research it looks like OSCP is far more hands-on and well worth its price tag ($750 minimum for 30-days access to the lab; price goes up if you need more lab time). To be honest, it seems like CEH is a bit of a joke to real security professionals; perhaps it’s more useful to those with an interest in security but little experience.

In preparation for the Pentesting with Backtrack course (the course you take before applying for the OSCP exam), I’ll be installing Backtrack 5 in VirtualBox. Continue reading to learn how.

Continue reading