Exploiting basic vulnerabilities

By popular demand (sort of), I have started writing a series of posts on my Tumblr to explain and demonstrate how some basic vulnerabilities in computer programs can be exploited by an attacker to compromise the security of the system on which the program runs (typically, an attacker will be able to run arbitrary code with the privileges of the user running the vulnerable program). So I’m putting them here as well.

The goal is mostly to enlighten and entertain; you are not going to be able to hack into anything using the techniques presented here. They have been around for a long time (the article widely credited for bringing stack-based vulnerabilites to the attention of the general public was published in Phrack Magazine in 1996, and they had been known in some circles for a while before that), and countermeasures have been developed, which are present in all modern systems.

Prerequisites are fairly low. I assume some degree of familiarity with C programming and the standard UNIX development environment. Familiarity with x86 assembly is recommended, but not required. An excellent source for this background material (and a lot more) is the now classic book by Bryant and O’Hallaron. I stress that this book is highly recommended to the programmer who wishes to gain insight into how low-level issues affect his programs, and can also serve as an excellent starting point for someone who wishes to specialise in low-level things in and of themselves.

Very often, one is told in introductory programming courses (especially in C) that “buffer overflows are bad” and can be exploited, but is not told or shown why, and can end up doubting if they are indeed all that bad, after all. Hopefully, even though the techniques demonstrated here are no longer applicable today, these posts will convince such skeptics that the answer is undoubtedly yes. And of course they can motivate study of the current state of the art for those so inclined.

(This is currently work in progress, links to new posts will be added here as they are written.)

1. The Stack (theory)
2. The Stack (practice)
3. Overwriting a variable
4. Short-circuiting an instruction
5. Shellcodes
6. Return-to-register
7. NOP sleds
8. Return-to-libc
9. Format strings

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.