.

buffer overflow exploit in python

<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Fri Dec 21, 2007 8:48 pm

buffer overflow exploit in python

I'm trying to work my way down the list of exploits, and I'm kind of grasping what a buffer overflow does, but I have a few questions...

1. how effective is this method?

2. I know essentially it "fills the filter" and the overflow is a script that normally opens a root shell or such, how is this done?

3. where can i see what one looks like to know how to write one, and/or is there some sort of tutorial to help me make one from python (given its the language I'm most familiar with)

Thanks for any responses...

On a "lighter" note...

I came up with the handle "phantom cypher" before, and i have 2 questions regarding this subject.

1. how do I check to make sure no hacker is using the same handle?

2. can i simply change it, or are you usually stuck with it in the hacking community?

Kevan
I may be a newbie, but I am willing to learn.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Sat Dec 22, 2007 2:56 pm

Re: buffer overflow exploit in python

Kevan,
  Buffer Overflows, like almost any exploit, are only as effective as the code allows.  Any exploit is simply a way to interact with a system/app/service/etc in an unexpected way (or in an expected way after which you use the outcome in an unexpected manner).  The code of the target, or the privileges of the target, will dictate your privileges after the attack.  For example, if you use an Apache buffer overflow and the application is running with admin privileges, you are probably going to get su.  If the administrator was diligent enough to restrict its privileges then you'll probably get something less.  If you want to see the gritty details, there are lots of sites that post the code of an exploit.  One of the more popular sites is milw0rm, and this link will take you directly to the code of an lsas exploit that used to be very common:
http://www.milw0rm.org/exploits/293
This should help answer parts 2 and 3 of your question.  Obviously you'll have to be familiar with the code of the exploit (in this case he used C) and the payload.  The payload here is all in hex (the \x(character)(character) that you see), and that hex determines what the exploit will do if it is successful.  You can use hex to directly open a shell, create users, alter files, have a system open a channel back to you, an so on.  There are tutorials for stuff like this all over the net.

On the lighter note, I haven't heard of a central hacker registry (well, outside of the CIA or FBI...) that you can just check to see if your handle is taken.  99% of the time it doesn't matter if you keep it or change it, and many people have several handles for different uses.  The only thing you really need to be careful of is make sure you don't grab the pseudonym of any of the real, no shit l33t guys.  They don't take kindly to that, and flame wars are no where near as much fun as they sound.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Sat Dec 22, 2007 5:36 pm

Re: buffer overflow exploit in python

pseud0 wrote:Kevan,
  Buffer Overflows, like almost any exploit, are only as effective as the code allows.  Any exploit is simply a way to interact with a system/app/service/etc in an unexpected way (or in an expected way after which you use the outcome in an unexpected manner).  The code of the target, or the privileges of the target, will dictate your privileges after the attack.  For example, if you use an Apache buffer overflow and the application is running with admin privileges, you are probably going to get su.  If the administrator was diligent enough to restrict its privileges then you'll probably get something less.  If you want to see the gritty details, there are lots of sites that post the code of an exploit.  One of the more popular sites is milw0rm, and this link will take you directly to the code of an lsas exploit that used to be very common:
http://www.milw0rm.org/exploits/293
This should help answer parts 2 and 3 of your question.  Obviously you'll have to be familiar with the code of the exploit (in this case he used C) and the payload.  The payload here is all in hex (the \x(character)(character) that you see), and that hex determines what the exploit will do if it is successful.  You can use hex to directly open a shell, create users, alter files, have a system open a channel back to you, an so on.  There are tutorials for stuff like this all over the net.

On the lighter note, I haven't heard of a central hacker registry (well, outside of the CIA or FBI...) that you can just check to see if your handle is taken.  99% of the time it doesn't matter if you keep it or change it, and many people have several handles for different uses.  The only thing you really need to be careful of is make sure you don't grab the pseudonym of any of the real, no shit l33t guys.  They don't take kindly to that, and flame wars are no where near as much fun as they sound.


Thanks, that answers several of my unasked questions as well.

As for the handle thing...

Do I pretty much go with one, and if a hacker lets me know my error, the best idea is to change it and not argue? (no problem with that)
I may be a newbie, but I am willing to learn.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat Dec 22, 2007 6:35 pm

Re: buffer overflow exploit in python

Yes, there are some exploit codes written in python, but you would be better off working with hex and C. Maintaining a shell in some environments can be tricky and the more stable your exploit interacts with the OS, the better you off you are.  Oh and please don't rip off my cool handle of Kev, LOL!
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Thu Dec 27, 2007 12:23 pm

Re: buffer overflow exploit in python

An exploit written in hex? As in just sequences of numbers and letters, or what? I only know how to edit the small amounts of hex in fluxbox themes (however stupid that may sound).
I may be a newbie, but I am willing to learn.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Dec 27, 2007 12:46 pm

Re: buffer overflow exploit in python

I think maybe some clarification is needed.  When writing exploits your major concern is going to be the target and the environment in which it will be used.  The target is generally going to dictate what the code actually does (ie.  the how the hack is done and the payload) while the environment will dictate how it does it.  As an example, the lsas exploit I linked earlier has a bunch of hex that is the actual exploit since it is the data that is sent to the service in such a way that it will cause it to react in the way that you want.  The target (in this case the lsas service) dictates what you can do.  The environment will determine how you do it.  This specific example is coded in C which means it is going to have to be compiled in order to run.  Compiling code is system dependent meaning if it is going to run on a linux box you cannot use code compiled for a windows system.  This comes into play because sometimes you run code on your local system and sometimes you run code on the target system.  If you are running code on your local system you have almost complete control of the coding language you will use so it is more a matter of personal preference.  If you are putting together code that will be executed on a target system then the language you use is controlled by the target environment.  For example, if my target is a windows box I am more likely to write something in C, compile it for a windows box, then move it over and use it on the target.  This is done because I can't expect most windows systems to have built in compilers or scripting support.  If the target system is a *ix box, then I'm more likely to put together my exploit in perl or uncompiled C because most *ix systems will have perl (or python and sometimes ruby) support and gcc (c compiler) support bundled into the kernel. 
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Thu Dec 27, 2007 1:50 pm

Re: buffer overflow exploit in python

If I can add, with ref to buffer overflow exploits to have some usefulness to the hacker, it is not only important to know the correct OS of the target machine but also it is very important to know the service pack or patch level. As this will help the attacker to land the exploit code at right memory addresss in the buffer so that it can be executed.

http://www.linuxjournal.com/article/6701

This is a good link which explains the basics of BoF and technique used to write a expolit
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software