October 28th, 2001, 02:37 AM
I was hoping for some better information that would explain to me what exactly is a buffer overflow? how is one created? How do you send them? And how do you stop them? Why do hackers love them?
I've read lot's of tutorials and none of them cleary answers my questions. So I am looking for some help. To answer my questions. I don't think I have never actually been the victim of one. And am just curious.
October 28th, 2001, 03:26 AM
Put simply without anything technical ....
when programming (usualy in C) the programmers will use variables. A variable is a buffer, and its usualy the character variables that are attacked. ie
now, if the user is allowed to enter the customer name and the amount of data isnt checked before it is copyed into that variable, the buffer could be overflowed.
so imagine trying to stuff 1000 characters into the variable, and theres your overflow. the program would just crash.
it is possible to put to much data into the variable and over write the return address (and there for execute machine code).
it has to be very precise otherwise 1 byte could throw it all off.
so basicly, it allows u to execute code on a computer that will give u privaleges that u are not supposed to have. like executing a listening dos prompt remotly, or executing a root shell from a suid program.
>how is one created?
well, first people will target programs and then just try to put more data into the inputs to see if the program will crash/perform unknown results.
if the program does, the chances are that it has a buffer overflow.
then the person needs to find out how much data exactly he/she has to put into the buffer to overflow it.
the shell code (code to execute) is usualy coppied into the buffer.
then the return address needs to be located and over written to point back to your code.
>How do you send them?
send them ?
well if u mean to a remote machine, the overflow must be attacking a remote service, and sockets need to be implimented into the program, just like any other network application.
>And how do you stop them?
well, its not the users fault that buffer overflows exist, it is the programmers. u cannot predict were buffer overflows exist so ....
u cannot really stop them, thats up to the programmers.
>Why do hackers love them?
They allow u to elivate your privelages on a computer.
in a local case, it could get you Administrator/root rights.
in a remote case, they can get u access to the computer, or even remotly root the machine.
Any other probs see Alpha one 's guide.