Hack
Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Hack

  1. #1
    Junior Member
    Join Date
    Feb 2002
    Posts
    7

    Hack

    HI guys
    When we make a system buffer overflow
    then how should we send arbitrary commands as they say
    like
    Buffer Overflow and executed arbitrary command
    Does this mean the commands or executed on the OS or the file system which is having trouble overflow
    How can we execute commands is it by capsulating the command in a UDP packet

    please help

  2. #2
    Junior Member
    Join Date
    Mar 2002
    Posts
    8
    and why would you like to buffer overflow a system ???

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Umm I really got NO idea what the hell you just said. It see buffer overflow, OS, filesystem, and UDP packets. Thats about it.
    So....lets see.
    Some buffer overflows work on OS's
    Some buffer overflows work on file systems.
    Buffer Overflows do NOT work on UDP (or TCP, or IP, or SNMP, or etc etc)

    Ummm, if you are asking where the buffer overflow is exectued, it is excuted in RAM. The "buffer overflow" is information that gets run from RAM in unprotected memory space.

    If you want to know more, search google. There are plenty of text files about buffer overflows.

    If you want to write a buffer overflow, go ahead. Just go someplace else to find out how to do it. Here you won't get anything but flames, because this is not a site on how to write cracks. If you want to learn how to protect your system from buffer overflows, then start dl'ing patches.

    And if you are just looking for information out of pure curiousity, learn how to write complete sentences so we can understand them. I know that English isn't your native tongue, but we can't help you if we can't understand you. And I personally don't understand you.,
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    First you have to open the PC case. If it's an ATX leave it as is, if it's an AT turn it on it's side. If it's a rackmount remove it. Place PC in a large watertight container or plastic trash bag. Add detergent and allow to sudds up. Then remove the PC and buff it to a shine. Now to buffer overflow it. You allow the container to overflow with water while buffing the case rigorously while humming the theme to The Matrix. There you have it. The buffer overflow...
    Hope this helps...
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    You allow the container to overflow with water while buffing the case rigorously while humming the theme to The Matrix. There you have it. The buffer overflow...
    Hope this helps...
    That sure helped me... of course I had to bake it in my oven to dry it out..
    but now I have the cleanest mobo in town. Makes dem electrons flow faster too...
    try it.. you'll like it...honest..

  6. #6
    Junior Member
    Join Date
    Mar 2002
    Posts
    2

    Post

    here, I'll try to be helpful revanthn... understanding buffer overflows requires a detailed understanding of how programs internally use memory. There's no real cookie-cutter way to get a buffer overflow working, it varies by program and by operating system.

    The basic gist: a program allocates an empty area in memory for storing an input string or something. The program gets too much input and doesn't check it, and puts it right into the empty area. It ends up overwriting memory after the buffer, which can be data which is changed by the attacker, or code (machine instructions) which are overwritten by the attacker. If it's code, you have to make sure it gets executed too. And you have to be careful not to overwrite anything that's going to crash the program or make things inoperable. So you see, writing a successful buffer overflow exploit requires knowledge of the internal memory structure of the program.

    One common kind of buffer overflow is the "stack smash." There's a phrack article -- smashing the stack for fun and profit -- that goes into some detail. I forget what phrack # it is. Basically in a programming language like C, when you call a subroutine it places several things in a memory area called the "stack", including the arguments passed to the subroutine, and a number which points to the instruction in memory after the one that called the subroutine (the return address). Sometimes you can overflow one of the arguments and are able to overwrite the return address, so when the subroutine finishes it returns somewhere different. Usually, you'd make it "return" to a point in your buffer with your own arbitrary code to execute. This requires knowledge of how the binary you're attacking is formatted, so you can input the correct address.

    Then there's the question of what you put in your arbitrary code. Usually, you'd put a system call to do something like run an command shell. Again, this requires knowledge of how system calls are set up in machine language in the operating system and hardware you're targeting.

    Overall, buffer overflows are not easy to set up. The "arbitary command" you're executing is usually machine code. You might be able to overflow over UDP, but only if there's a service listening to UDP packets that has an overflow bug in it. Other than known exploits, there's no cookie cutter way to make buffer overflows.

    btw, there's also some exploits that i've heard people refer to as "buffer overflows" when they're really not, like the phf %0acat%20/etc/passwd or whatever... this is an evaluation bug that lets the inputted string execut arbitary unix commands, but it's not a buffer overflow.

  7. #7
    Junior Member
    Join Date
    Mar 2002
    Posts
    1
    When someone requests information innocently or not, it surprises me how those people with the experience and the know how, ridicule that knowledge seeker. I myself do not know what a system buffer overflow is but mark my words, some day I will! That and much more god willing and if I choose to ask for advice here and a so-called senior anti-online member with a bunch of little green dots by his or hers avatar gives me a sarcastic reply on doing laundry as the solution to my question then I would be discouraged. PenguiN42 restores my faith in the knowledge sharing dept.P2pApokolipse obviously is much to advanced to help a newbie in his or hers search for answers. Such a shame!
    Peace-on-the-Earth

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Originally posted here by lobstertails
    P2pApokolipse obviously is much to advanced to help a newbie in his or hers search for answers. Such a shame!
    For one. You need to check my profile and see how much I help newbies before you run off at the mouth. I help when someone approaches with a legit question. NOTE: For you!! This is a security site. Not a 5kr1pt k1DD1d3 site for persons wanting to bring about havoc and mayhem. So stop acting as if you are "somebody" and read the posts before you spout off. I go over the top at times helping noobs that are interested in security. Not "hacking" systems, hotmail or the such. You need to get a clue or stay off your mommys puter. I am getting fed up with babbies like you that spout off without reading or doing some research.

    I have been working on systems and routing *******s like you since the early 80's. So get a life. I usualy retain my decorum in this forum. Lately though. I am agrevated as hell with morons such as yourself. This used to be an excellent forum unitl people such as yourself turned up. (Hmmmm, you sound like Oblio or some noob) So I'm putting asside my civility for this post. So as for you, go to hell.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Originally posted here by lobstertails
    When someone requests information innocently or not, it surprises me how those people with the experience and the know how, ridicule that knowledge seeker.
    PS...Get some humor in your life. That way you won't come off as such an *******....
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  10. #10
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    p2p - just wondering if the detergent should be something like armor-all or would basic dish soap be okay.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides