Re: Buffer Overflow Help

From: Erlend J. Leiknes (nookieat_private)
Date: Tue Jul 30 2002 - 10:33:12 PDT

Next message: many Lists..: "Sendmail 8.9.3 RELAY List"

Previous message: Scott Nursten: "Re: Buffer Overflow Help"
In reply to: Leonard Leblanc: "Buffer Overflow Help"
Next in thread: jmiller: "Re: Buffer Overflow Help"
Next in thread: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Reply: jmiller: "Re: Buffer Overflow Help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You could try www.pulltheplug.com
its a war-game where you will write buffer overflow exploits



Leonard Leblanc wrote:
> Hello All,
> 
> I am trying to experience buffer overflows first hand. I have glanced at a
> number of articles and have decided to focus on "Smashing the Stack for Fun
> and Profit" from Phrack Issue 49. I am trying out the examples from the text
> and when I get to example 3 (which is the first real overflow example) it
> doesn't quite work and I'm having a little trouble figuring it out.
> 
> The following example should bypass the "x=1" statement and print the
> original value of "x" which is 0 (zero). Here's the code.
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=
> void function(int a, int b, int c) {
>   char buffer1[5];
>   char buffer2[10];
>   int *ret;
> 
>   ret = buffer1 + 12;
>   (*ret) += 8;
> }
> 
> void main() {
>   int x;
> 
>   x=0;
>   function(1,2,3);
>   x=1;
>   printf("%d\n",x);
> }
> -=-=-=-=-=-=-=-=-=-=-=-=
> 
> When I compile and execute this code it displays one and exits. I have tryed
> this on RedHat 7.3 and Debian 2.2r6, both giving me the same result. Does
> anyone have any insight into why this wouldn't work? After looking into the
> assembly behind it, I think it has something to do with the "word size", but
> can't seem to find any information as to what the "word size" is in Debian
> or RedHat.
> 
> Any and All comments/suggestions are more than welcome. Also if anyone knows
> of some other good text files/documents that talk about buffer overflows I
> would be happy to receive links.
> 
> Leonard Leblanc
> 
> 
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
> 
> 
> 


-- 

Public-key [ http://home.no.net/jullum/ejl.asc ]


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: many Lists..: "Sendmail 8.9.3 RELAY List"
Previous message: Scott Nursten: "Re: Buffer Overflow Help"
In reply to: Leonard Leblanc: "Buffer Overflow Help"
Next in thread: jmiller: "Re: Buffer Overflow Help"
Next in thread: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Reply: jmiller: "Re: Buffer Overflow Help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 30 2002 - 21:09:12 PDT