Tag Archives: overflow

Testing Shellcode on a Non-Executable Stack or Heap

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 1 Comment

EditIf you’re learning about buffer overflows and shellcode, chances are you’re exploiting some stack-based vulnerabilities. If you’re like me you might also find that when you compile your programs they have stack execution disabled by default. So instead of getting excited as you see your shellcode blissfully running after smashing the stack, you might just see this instead:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000601018 in shellcode ()
“Noooo! You can’t do this to me! I want to write exploits!”

Ok.. calm down.. we just need to turn on stack execution when compiling.

Continue reading

Examining a Buffer Overflow in C and assembly with gdb

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 5 Comments

EditWelcome University of Maryland students! Thanks for visiting! :)

I’ve now finished Vivek Ramachandran’s Assembly Primer for Hackers and I’ve decided to move on to his Buffer Overflow Primer. I’ve exploited basic buffer overflows before, but I think going through his videos will give me more perspective now that I’ve brushed up on assembly.

In this article I’ll be stepping through the program in Vivek’s first video and providing some additional tips and tricks that I find useful when reviewing the program in gdb. I’m also on a 64-bit machine, so things are a bit different in gdb for me than they are in the video. Therefore it’s better that I write up my own explanations as I grasp the material so when I review later it will be more clear.

Continue reading