The Ethical Hacker Network - Suggest me a e-book for understanding basics of buffer over flow?

manoj9372

Jr. Member

Offline

Posts: 72

Suggest me a e-book for understanding basics of buffer over flow?

« on: September 18, 2010, 05:23:51 PM »

I am interested in learning understanding about the basics of buffer over flow ,how it works?
etc,can any one suggest me a good e-book or link or paper to understand the basic operation and functions of buffer overflow?

Hope i will get some help here...


	Logged

hayabusa

Hero Member

Offline

Posts: 1632

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #1 on: September 18, 2010, 08:00:03 PM »

Well, I (and many others) began here:

http://insecure.org/stf/smashstack.html
(Smashing the Stack for Fun and Profit)

There are plenty of other books / tutorials, and a fast Google search will turn up a lot.


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

former33t

Full Member

Offline

Posts: 226

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #2 on: September 18, 2010, 08:07:58 PM »

If you have $32 to spend, jump over to amazon and buy "Hacking: the art of exploitation." Then read some papers and realize that your money was well spent from all the time you saved reading a book that gives you a good grounding to digest everything else. Search the site for some book reviews on this. It is widely read and universally recommended.

BTW, I'm pathologically cheap, but I do invest money freely in two things:
1. Good hardware
2. Good documentation

Both actually save me money over the long haul. The book falls into the later category.


	Logged

Certifications: CREA, MCSE: Security, CCNA, Security+, other junk

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #3 on: September 19, 2010, 06:21:45 AM »

A user actually requested similar information recently on the forum I host, so I thought I'd share the same links here Wink

------------ Link Start ------------

Writing Windows Exploits:
http://forum.intern0t.net/cinema/video-21/ (or: http://guides.intern0t.net/msf2.php )
http://www.offensive-security.com/videos/pwb-v3.0-demo/pwb-v3.0-demo_controller.swf
http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit

Egghunters:
http://www.offensive-security.com/videos/defcon-presentation-2008-video/defcon-presentation-2008_controller.swf

SEH Overflow:
http://www.offensive-security.com/videos/cracking-the-perimeter-demo/cracking-the-perimeter-demo_controller.swf

Smashing the Stack 2010: (paper)
http://5d4a.wordpress.com/2010/08/02/smashing-the-stack-in-2010/
http://mariano-graziano.llab.it/docs/report.pdf

Metasploit Unleashed: (chapter 07)
http://www.offensive-security.com/metasploit-unleashed/

There's also a couple of books, I would probably read these:
http://www.amazon.com/Buffer-Overflow-Attacks-Exploit-Prevent/dp/1932266674/
http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/
http://www.amazon.com/Writing-Security-Tools-Exploits-Foster/dp/1597499978/

I haven't read any of these books yet though I intend to

There's also a couple of interesting articles I would read:
http://www.phrack.com/issues.html?issue=62&id=7
http://www.phrack.com/issues.html?issue=55&id=15
http://www.phrack.com/issues.html?issue=49&id=14
http://www.phrack.org/issues.html?id=14&issue=49

Smashing the Stack: (original)
http://insecure.org/stf/smashstack.html
http://www-inst.eecs.berkeley.edu/%7Ecs161/fa08/papers/stack_smashing.pdf

The Tao of Windows Buffer Overflow:
http://www.cultdeadcow.com/cDc_files/cDc-351/

And of course lets not forget the tutorials from Corelan:
http://www.corelan.be:8800/index.php/category/security/exploit-writing-tutorials/page/3/

------------ Link End ------------

There's some resources to get you started Wink

Reference:
http://forum.intern0t.net/general-hacking-discussions/3049-windows-exploitation.html


	Logged

I'm an InterN0T'er

Equix3n-

Sr. Member

Offline

Posts: 386

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #4 on: September 19, 2010, 06:58:49 AM »

Do you have basic understanding of C/C++, specifically arrays,strings and pointers? If not then it'll be useful to firstly get some programming experience. I suggest reading "C programming language" http://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628/ref=sr_1_1?ie=UTF8&s=books&qid=1284897188&sr=8-1

You can then move to assembly language tutorials from securitytube especially videos 1,2,3,4 and 11. (I suggest watching all the videos, but if you can't then don't miss at least these five)
http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-1%29-System-Organization-video.aspx

Armed with this knowledge it should be easy for you to understand bufferoverflows.
Again, securitytube has free buffer overflow primer videos. I found these very useful.
http://www.securitytube.net/Buffer-Overflow-Primer-Part-1-%28Smashing-the-Stack%29-video.aspx


	Logged

H4TT1fn4TT

Jr. Member

Offline

Posts: 54

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #5 on: February 17, 2011, 10:11:12 AM »

Quote from: Equix3n- on September 19, 2010, 06:58:49 AM

Do you have basic understanding of C/C++, specifically arrays,strings and pointers? If not then it'll be useful to firstly get some programming experience. I suggest reading "C programming language"

Just a quick note (and sorry for bringing up an old topic) as far as I am aware C does not support strings so that should only refer to C++. From how I learned it C only supports array's of characters.

Next to that all a great book that should be mentioned for learning C, some assembly and how it is used to write exploits would be "hacking, the art of exploitation".

http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=pd_sim_b_2


	Logged

"The quality of programmers is a decreasing function of the density of go to statements in the programs they produce."

ambient

Newbie

Offline

Posts: 20

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #6 on: July 10, 2011, 09:47:34 AM »

A nice video tutorial set from securitytube.net,
http://www.securitytube.net/groups?operation=view&groupId=4

I'm quite sure you might like it Cool


	Logged

We secure the nation.
GPEN,eCPPT,C|EH,CCNA
http://incognitolab.com/
https://www.facebook.com/secure.thailand

mesho

Newbie

Offline

Posts: 24

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #7 on: July 10, 2011, 10:20:14 AM »

Quote from: H4TT1fn4TT on February 17, 2011, 10:11:12 AM

Quote from: Equix3n- on September 19, 2010, 06:58:49 AM

Do you have basic understanding of C/C++, specifically arrays,strings and pointers? If not then it'll be useful to firstly get some programming experience. I suggest reading "C programming language"

this is absolutely untrue, C is the father of C++/Java..

there's a pleny ways to define string in C:
char *string=""
char string[]=""

and define your own struct to use only the keyword string Wink


	Logged

WCNA

Full Member

Offline

Posts: 187

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #8 on: July 11, 2011, 12:37:32 PM »

As others have already pointed out, securitytube is where I start for all such questions. With over 2,000 videos there's almost always something of interest on whatever subject you're interested in. And the videos are getting much better as people like Vivek have upgraded their editing software.

His wireless security megaprimer is *awesome* (as he would say). Cheesy


	Logged

ISC2 Associate, WCNA, CWNA, OSCP, Network+

bigapple

Newbie

Offline

Posts: 8

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #9 on: August 20, 2011, 11:16:41 AM »

If you want a book, you should read Hacking: The Art Of Exploitation. Even if you cant program in C or Assembly it should get you into writing exploits. If you can do that well, you should read The Shellcoders Handbook, which goes a little bit further than The Art Of Exploitation but both will teach you how to write exploits, and how exploits work.


	Logged

mambru

Jr. Member

Offline

Posts: 98

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #10 on: August 20, 2011, 06:24:02 PM »

Quote

Quote from: H4TT1fn4TT on February 17, 2011, 05:11:12 PM
Quote from: Equix3n- on September 19, 2010, 01:58:49 PM
Do you have basic understanding of C/C++, specifically arrays,strings and pointers? If not then it'll be useful to firstly get some programming experience. I suggest reading "C programming language"
Just a quick note (and sorry for bringing up an old topic) as far as I am aware C does not support strings so that should only refer to C++. From how I learned it C only supports array's of characters.

this is absolutely untrue, C is the father of C++/Java..

there's a pleny ways to define string in C:
char *string=""
char string[]=""

and define your own struct to use only the keyword string

I think H4TT1fn4TT meant that C does not have a built-in "Strings" type, and he's right. Of course you can define your own types and data structures and call them whatever you want, but in C you don't have that native type as other languages do.


	Logged

Sys0pinion

Newbie

Offline

Posts: 2

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #11 on: September 18, 2011, 07:50:10 PM »

Hey forumer33t i was wondering does the book cover the ability to hack or just defend a website? I want to know to see if i shoupd get it.


	Logged

raptorsl

Newbie

Offline

Posts: 4

Re: Suggest me a e-book for understanding basics of buffer over flow?

« Reply #12 on: September 28, 2011, 01:39:27 AM »

I found this training session from Dino Dai Zovi to be very useful.

http://pentest.cryptocity.net/exploitation/


	Logged

Pages: [1] Go Up

« previous next »