Complete Idiots Guide to Buffer Overflows
Well i didnt know where to put this, maybe there should be a programming section. I like this the network section so i just put it here.
Ok this is not a "how to write buffer overflows" or a "in depth on buffer overflows". This is the complete newbie's guide to how buffer overflows work. Anyways read on:
Buffer overflows are really easy to understand. First a buffer is a little piece of memory that a program uses to store some information that its gonna use later on, it might write it to the disk, discard it for any reason, or verify it with some other info. Now that you know what a buffer is well get into the overflow. A buffer overflow is when the buffer is too small to handle the data entered. Say i created a program that created a buffer of 2k to enter my name, and my name comes in over 2k, i enter it as 3k. Now as you can see the buffer is too small to handle this amount of data so 2 things can happen. 1: it can either reject the data or cut off the data so that only half my name is entered so it goes down to 2k to fill up the buffer. 2: it can overflow and let my whole name enter in and the last part of my name is then written onto another part of the memory, this is bad. The memory can be empty of have stuff written to it already, like the computers instruction stack! This is when it becomes really bad, and this is how crackers take advantage of buffer overflows. What happens is when they find one they create data to overflow and run into the computers instruction stack that has new instructions in it. These instructions are then run with the same privilages as the program being run. As you can see when buffer overflows are discovered in programs that need to be run as root or admin it is a big problem. This is how a cracker can become root or admin on a system using a simple buffer overflow.
If anyone would like to add to this feel free to do so, parker i bet you want to. Keep in mind this is a complete newbie thread, please no code, just general on overflows and what they do. Im pretty sure i covered everything in general but once again feel free to add.