| Sploit 101 Buffer Overflows, Format Strings, Heap Overflows |
| Warning |
| Basics For Sploit Testing |
| The Buffer Overflow |
| Example Vuln Program |
| Program Layout in Memory |
| Program Layout in Memory |
| Important Stack Info - Registers |
| Getting ESP |
| Shellcode |
| Example of Shellcode (Aleph1) |
| Using gdb To Find The Sweet Spot |
| gdb In Action |
| Pulling This All Together |
| Live Demo |
| Small Buffer |
| Use An ENV Variable |
| Small Buffer Layout |
| Live Demo |
| Remote Exploits |
| Example Vulnerable Remote Program |
| Assuming You Have Source |
| Live Demo |
| Format String Exploit |
| Vulnerable Format String Code |
| Steps For Format String Exploitation |
| Stack Mapping |
| Reading Memory Locations |
| Writing To Memory |
| .dtors |
| Computing .dtors Location |
| Live Demo |
| Heap Overflow – Simple Example |
| Heap Overflow – Realistic Example |
| Malloc |
| Malloc |
| Bins |
| dlmalloc Functions |
| free() Behavior |
| unlink() |
| Vulnerable Heap Overflow Code |
| We Need Two Values |
| What to Inject |
| What to Inject |
| What to Inject |
| Live Demo |
| Finding The Bugs To Sploit |
| Questions? |
| ./nmrc -sS -T Paranoid *.gov |