.

Payloads in buffer overflows?

<<

Job314

Newbie
Newbie

Posts: 9

Joined: Tue Sep 15, 2009 8:47 pm

Post Tue Sep 15, 2009 8:52 pm

Payloads in buffer overflows?

I'm studying for my CEH exam, and when I came across a segment on buffer overflows I had more questions than my book had answers.  I have taught myself quite a bit on the topic, but still have one question that I cannot locate the answer to.

How exactly do you attach a PAYLOAD to the buffer overflow?

For example in this "lesson" video:
http://www.youtube.com/watch?v=NZMJA9S8EiQ

the author is causing AOL instant messenger to crash because it was not expecting such an abnormally long screen name.  Great- but how does that benefit an attacker?  What else would they need to do to say... execute a file, or otherwise deliver the payload?
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Sep 15, 2009 9:28 pm

Re: Payloads in buffer overflows?

The payload has to do with where the buffer lies on the stack or the heap and overriding the program's instructions to redirect execution flow to your set of instructions.  The instructions you substitute are called Shell Code.  The following articles should help you understand:

http://insecure.org/stf/smashstack.html
http://www.ethicalhacker.net/content/view/122/2/

If you really want to understand how this works, I highly recommend the book "Hacking, The Art of Exploitation"

http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&s=books&qid=1253068107&sr=8-1
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Sep 16, 2009 6:37 am

Re: Payloads in buffer overflows?

If you are seriously interested in this, I would second the recommendations given by Ketchup. Smashing The Stack For Fun And Profit is a classic and worth to read, as well as the book Hacking: The Art of Exploitation.

Another book I can recommend is The Shellcoder's Handbook: Discovering and Exploiting Security Holes.
<<

Job314

Newbie
Newbie

Posts: 9

Joined: Tue Sep 15, 2009 8:47 pm

Post Wed Sep 16, 2009 11:12 pm

Re: Payloads in buffer overflows?

Thanks both of you.  I'll need some time to read over all the material you have suggested.  I appreciate your help!

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software