Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27

Thread: Hack

  1. #21
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Well, first of all, the way the question was worded is what caused all the jokes/flames, not the question itself. I still have no idea exactly what the question was. If I could understand what he was asking, I would be more willing to try and help.

    Anyway, as someone else stated, buffer overflows are quite involved. If you take the time to search the forums for buffer overflow, you will notice that there are a few tutorials on how to write them. I posted a link in a different thread to a paper that is VERY in depth on how buffer overflows work, and how to write them. I didn't write the paper, so I didn't post it (since I didn't get the authors permission). Anyway, if you take the time to search for Buffer Overflow, right here in the Forum Search box on the main page, you get 338 results. Of course some are not great, but take the time to look.

    For those of you who don't know how to use a search engine, click this little link to go directly to the thread where I posted the links to that report.... http://www.antionline.com/showthread...hreadid=223099
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  2. #22
    Junior Member
    Join Date
    Apr 2002
    Posts
    2

    Talking

    I was reading this thread, not understanding jack **** about buffer overflows. my wife was reading it over my shoulder, She commented 'is it about cleaning computers'

    That made me giggle!!!

    Gotta love em...
    Doh!!!

  3. #23
    Senior Member
    Join Date
    Feb 2002
    Posts
    216
    P2P Dear computer person i have used the high quality sponge and followed all the other steps
    Now my question is this : do you leave the power on or not . I did not like the spark thingies and sizzling noise. O and do wear rubber gloves
    Never miss a good opportunity to shut up.....

  4. #24
    Senior Member
    Join Date
    Apr 2002
    Posts
    324
    Buffer Overflow and executed arbitrary command
    Ok --

    Lets say we have the following code:
    dim name(10)
    name = "12345678901"

    This causes an error because the length of the value we specified is larger than the memory space that has been allocated. This is an buffer overflow.

    If you wrote this in c and ran it you would get an an error message with the memory address of the overflow. This (hex) value refers to the eip pointer which points to the current execution point in the stack.

    You can then use a debugger to figure out where other opcodes are loaded in the stack and by moving the eip you can call them. Code run in this manner will run in the security context that started the process.

    If you are truly lame, and have far too much time on you hands, you can (largely by trial and error) even 'stuff' the stack full of your own op-codes and call them (the so called arbitrary code).

    As I think just about every post to this tread that wasn't about detergent points out - this is a complex thing and if you don't already understand it then you probably need a lot more practice making things before you attempt breaking things.

    But hopefully this post explains the basic concept at least (I tried) for those of you that are a little bewildered by it all.
    \"I may not agree with what you say, but I will defend to the death your right to say it.\"
    Sir Winston Churchill.

  5. #25
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    simple.. in your code for a buffer overflow.. include some arbitary commands.. well basically thats what it is.. while the file/system is overflowed it gets confused and executes ur arbitary command..

    correct me if im wrong..

  6. #26
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    There's no cookie cutter way to make buffer overflows
    I'm glad this was pointed out. I can hear the kiddies screaming now, "does that mean I'll actually have to think? No, NO! It's so much easier when someone types it for me! Can't I download Buffer Overflow 6.4? What will I do?"

    <pontification>
    For the record I'm willing to help newbies with legitimate questions and I often do, as do most of the senior members. But people keep asking this question, "How do I do a buffer overflow?" and it's getting tiresome. This has gotta be up there with "How do I hack hotmail?" or "How do I use sub7?" in the list of most annoying questions.

    When a guy like {P²P}Apocalypse gets pissed off, it really says something about the people asking these stupid questions. He doesn't usually lose his cool. I've been around here long enough to know that. So take his advice and do some homework before you start bitching.
    </pontification>
    OpenBSD - The proactively secure operating system.

  7. #27
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    LMAO.. haha i love that.. yeah.. unfortunately for SKs buffer overflows cant be done with a script.. hahah just like the time when someone asked me for an "IP Stealer" LMAO
    and he thought that IP spoofing can be done easily with a script.. w/o even thinkin the logic behind IP Spoofing.. hahaha

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •