Buffer Overflow Information

Hi,

I'm looking for information on buffer overflows. I've learnt what it is, but I cant seem to find out how to use one. I've tried google and just found confusing code and stuff I do not understand. If anyone knows of a tutorial or article were I could get some good information on how to perform a buffer over flow, the different types of buffer overflows, or anything that would be useful, it would be greatly appreciated.

Thanks, ahead of time

Overwriting the buffer with enough data to crash it, then inserting your own string such as shell code.

Anyways, this is an extremely annoying way to go about things in more complex applications, your best bet is to learn programming and exploits pertaining to overflows and their dangers.

Myself I haven't gone into them very deep, but I'm sure someone here has

goto milw0rm.com and at the bottom there is a video on 'classic buffer overflow'

it fills memory until you are at "sensitive" portion of memory, where computer runs it as root, and overwrite such portion of memory with you own shellcode, mainly code that force computer to surrender root privilege.

obviously it's not easy…. now if you wanna do heap overflow it's get even more nasty….

now if you don't know C++, C, Assembly or any other low language….

don't even bother….

otherwise PM me about it and i will send you link to a very good website where it illustrates logically….

For a wile, I was just ignoring buffer overflows. But they seem to be popping up every-were on my vulnerability scanners, so I finally decided to pay attention to them. That's why I'm looking for information.

Mb0742 wrote: goto milw0rm.com and at the bottom there is a video on 'classic buffer overflow'

I thought about trying Milw0rm, but I thought they would just have more confusing code. Videos dont work on my current computer,but ill be sure to check that out later.

Wait what? So If I'm not root I can just whip up a program and overflow it to become root?

Mb0742 wrote: Wait what? So If I'm not root I can just whip up a program and overflow it to become root?

yes, that what usually means when "hackers" says buffer overflow….

now when software guys says it, it mean something else similar….

alka wrote: now if you don't know C++, C, Assembly or any other low language….

don't even bother….

otherwise PM me about it and i will send you link to a very good website where it illustrates logically….

Well, I have been web hacking for a wile, but I havn't much programming experience. If its out of my league to learn about this stuff then I think i'll take alka's advice and not look too heavily into it. Ill still look into any advice you guys got, no point in letting it go to waste.

alka can I have that link you told the OP about?

Slash0Drive wrote: [quote]alka wrote: now if you don't know C++, C, Assembly or any other low language….

don't even bother….

otherwise PM me about it and i will send you link to a very good website where it illustrates logically….

Well, I have been web hacking for a wile, but I havn't much programming experience. If its out of my league to learn about this stuff then I think i'll take alka's advice and not look too heavily into it. Ill still look into any advice you guys got, no point in letting it go to waste.[/quote]

i think it's better to keep such concept at back of your head and start studying again when you have sufficient knowledge with proper language to perform such task….

alka:

Srry, i meant to add it i was going to do that 2

Lemur wrote: Overwriting the buffer with enough data to crash it, then inserting your own string such as shell code.

Anyways, this is an extremely annoying way to go about things in more complex applications, your best bet is to learn programming and exploits pertaining to overflows and their dangers.

Myself I haven't gone into them very deep, but I'm sure someone here has

The fuck?

And also, no you have to find an overflow in an application that's running as root, or in the kernel itself.

Provided you're running a reasonably recent Nix based OS then address space is pretty tightly guarded, crossing nto another applications memeory is about impossible, the kernel itself stops you from doing that.,