-
April 3rd, 2002, 05:39 PM
#21
Well, first of all, the way the question was worded is what caused all the jokes/flames, not the question itself. I still have no idea exactly what the question was. If I could understand what he was asking, I would be more willing to try and help.
Anyway, as someone else stated, buffer overflows are quite involved. If you take the time to search the forums for buffer overflow, you will notice that there are a few tutorials on how to write them. I posted a link in a different thread to a paper that is VERY in depth on how buffer overflows work, and how to write them. I didn't write the paper, so I didn't post it (since I didn't get the authors permission). Anyway, if you take the time to search for Buffer Overflow, right here in the Forum Search box on the main page, you get 338 results. Of course some are not great, but take the time to look.
For those of you who don't know how to use a search engine, click this little link to go directly to the thread where I posted the links to that report.... http://www.antionline.com/showthread...hreadid=223099
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
April 13th, 2002, 07:23 PM
#22
Junior Member
-
April 13th, 2002, 08:13 PM
#23
P2P Dear computer person i have used the high quality sponge and followed all the other steps
Now my question is this : do you leave the power on or not . I did not like the spark thingies and sizzling noise. O and do wear rubber gloves
Never miss a good opportunity to shut up.....
-
April 25th, 2002, 06:04 PM
#24
Buffer Overflow and executed arbitrary command
Ok --
Lets say we have the following code:
dim name(10)
name = "12345678901"
This causes an error because the length of the value we specified is larger than the memory space that has been allocated. This is an buffer overflow.
If you wrote this in c and ran it you would get an an error message with the memory address of the overflow. This (hex) value refers to the eip pointer which points to the current execution point in the stack.
You can then use a debugger to figure out where other opcodes are loaded in the stack and by moving the eip you can call them. Code run in this manner will run in the security context that started the process.
If you are truly lame, and have far too much time on you hands, you can (largely by trial and error) even 'stuff' the stack full of your own op-codes and call them (the so called arbitrary code).
As I think just about every post to this tread that wasn't about detergent points out - this is a complex thing and if you don't already understand it then you probably need a lot more practice making things before you attempt breaking things.
But hopefully this post explains the basic concept at least (I tried) for those of you that are a little bewildered by it all.
\"I may not agree with what you say, but I will defend to the death your right to say it.\"
Sir Winston Churchill.
-
May 10th, 2002, 06:22 AM
#25
simple.. in your code for a buffer overflow.. include some arbitary commands.. well basically thats what it is.. while the file/system is overflowed it gets confused and executes ur arbitary command..
correct me if im wrong..
-
May 10th, 2002, 06:59 AM
#26
There's no cookie cutter way to make buffer overflows
I'm glad this was pointed out. I can hear the kiddies screaming now, "does that mean I'll actually have to think? No, NO! It's so much easier when someone types it for me! Can't I download Buffer Overflow 6.4? What will I do?"
<pontification>
For the record I'm willing to help newbies with legitimate questions and I often do, as do most of the senior members. But people keep asking this question, "How do I do a buffer overflow?" and it's getting tiresome. This has gotta be up there with "How do I hack hotmail?" or "How do I use sub7?" in the list of most annoying questions.
When a guy like {P²P}Apocalypse gets pissed off, it really says something about the people asking these stupid questions. He doesn't usually lose his cool. I've been around here long enough to know that. So take his advice and do some homework before you start bitching.
</pontification>
OpenBSD - The proactively secure operating system.
-
May 10th, 2002, 08:20 AM
#27
LMAO.. haha i love that.. yeah.. unfortunately for SKs buffer overflows cant be done with a script.. hahah just like the time when someone asked me for an "IP Stealer" LMAO
and he thought that IP spoofing can be done easily with a script.. w/o even thinkin the logic behind IP Spoofing.. hahaha
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|