Testing Shellcode on a Non-Executable Stack or Heap

Posted on August 21, 2011 by sean • Posted in Linux, Programming, Security • Tagged 64-bit, amd, anonymous memory map, assembling, assembly, buffer, buffer overflow primer, c, eip, evp, execstack, fun and profit, gcc, gdb, hackers, hacking, heap, heap overflow, instruction pointer, intel, linux, nx bit, oscp, overflow, pentesting with backtrack, pointer, pointers, propolice, ret, return-to-libc, rip, segfault, segmentation fault, shell, shellcode, smashing the stack, ssp, stack, stack overflow, x86, xdbit • 1 Comment

If you’re learning about buffer overflows and shellcode, chances are you’re exploiting some stack-based vulnerabilities. If you’re like me you might also find that when you compile your programs they have stack execution disabled by default. So instead of getting excited as you see your shellcode blissfully running after smashing the stack, you might just see this instead:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000601018 in shellcode ()

“Noooo! You can’t do this to me! I want to write exploits!”

Ok.. calm down.. we just need to turn on stack execution when compiling.

Continue reading →

Data Types and Moving Data in Assembly

Posted on August 19, 2011 by sean • Posted in Linux, Programming, Security • Tagged as, assembling, assembly, assembly primer for hackers, bss, data, data types, debugging, df, df flag, gas, gdb, hackers, hacking, heap, linux, lods, memory, mov, movb, moving, movl, movs, movw, oscp, pentesting with backtrack, pointer, pointers, registers, stack, stos, text, vivek ramachandran, x86 • Leave a comment

I’m still following the Assembly Primer for Hackers from Vivek Ramachandran of SecurityTube in preparation for Penetration Testing with BackTrack. In this review I’ll cover data types and how to move bytes, numbers, pointers and strings between labels and registers.

Continue reading →

Reviewing Assembly

Posted on August 18, 2011 by sean • Posted in Linux, Programming, Security • Tagged 0x80, as, assembling, assembly, assembly primer for hackers, bss, data, debugging, exit, gas, gdb, hackers, hacking, heap, int, ld, linking, linux, memory, movl, oscp, pentesting with backtrack, registers, stabs, stack, system call, text, virtual memory, vivek ramachandran, x86 • Leave a comment

Assembly is a language I’ve dabbled in for years, but never really pressed myself to become fluent in. I understand the basics of memory layout and the general idea of how to program in assembly, but I’ve never fully applied these skills in the security realm. In preparation for Penetration Testing with BackTrack, I’ll be reviewing assembly language from the ground up to ensure I’m at maximum potential going into the study course.

To review assembly I’ll primarily be following the Assembly Primer for Hackers from Vivek Ramachandran of SecurityTube. I’ve been through several of these lessons before and they’re very easy to follow for someone who has previous Linux and programming experience but would like a thorough introduction to assembly. What I’ll be doing here is documenting simple tips that will help me later. Hopefully this will become a useful study guide and cheat-sheet for both assembly and gdb (the GNU debugger).

Continue reading →

Tech Blog is Tech

Exploring technology in the modern world

Tag Archives: heap

Testing Shellcode on a Non-Executable Stack or Heap

“Noooo! You can’t do this to me! I want to write exploits!”

Data Types and Moving Data in Assembly

Reviewing Assembly