Results 1 to 5 of 5

Thread: Buffer Overflows

  1. #1
    Senior Member
    Join Date
    Apr 2002

    Buffer Overflows

    Hey i have been searching for ages for exploitable programs that are vulnerable to a buffer or heap overflow.Programs like level9 level11 and level15 on hackerslab does any one know where i can get source code (not for a exploit)but for code to compile that i can try and exploit on my own box i dont want exploits just a old program that is exploitable to a overflow of somesort heh im bored and buffer overflows are interesting i would really apreciate it if any one knows where i could find source code for this thanks to all oin advance
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    I know this isn't exactly what you wanted...
    It does contain source code (in C i believe) along with a very nice description of the whole process. this is not an exploit it's just a paper about them...
    cDc is pretty cool th0 ;-)

    anyway- i hope this helps...
    void func(void)
       int i;
       char buffer[256];   
                                      // *
          buffer[i]='A';              // !
        #include <stdio.h>
        void manipulate(char *buffer) {
          char newbuffer[80];
        int main() {
          char ch,buffer[4096];
          int i=0;
          while ((buffer[i++] = getchar()) != '\n') {};
          printf("The value of i is : %d\n",i);
          return 0;
    yeah, I\'m gonna need that by friday...

  3. #3
    Join Date
    Dec 2002
    Hmm.. the text from Aleph1, "Smashing the stack for fun and profit", has some examples as well, and I found some buggy example code in a page, but it is in portuguese. I will paste some examples here, though. (translated, when needed)
    #include <stdio.h>
    #include <stdlib.h>

    main(int argc, char *argv[]){
    char buffer[512];
    if(argc < 2){
    printf("Buggy program!!\n");
    printf("Usage: %s <string>\n",argv[0]);
    printf("You typed: %s!!\n",buffer);
    return 0;
    This is the most classical one. strcpy copies argv to buffer, without checking its size.

    #include <stdio.h>
    #include <string.h>

    #define TAMANHO 100

    main(int argc, char *argv[])
    char nick[TAMANHO];
    char *digitado;
    if(argc < 2){
    printf("Buggy program 2!!\n");
    printf("Usage: %s <seu_nick>\n",argv[0]);
    digitado = argv[1];
    printf("Welcome, master!!\n");
    return 0;
    printf("Get out!!You are a newbie!!\n");
    printf("Only hackos have access!!\n");
    return 0;
    Digitado=typed , and tamanho=size. Now you know some Portuguese.. . Congratulations!

    This link is about stackguard, which is intended to protect your programs against buffer overflow.. may be worth a read, if youre interested: http://www.cse.ogi.edu/DISC/projects...enixsc98_html/
    A text on Buffer overflows: http://www.insecure.org/stf/mudge_bu..._tutorial.html
    Text on heap overflow, with examples: http://www.w00w00.org/files/articles/heaptut.txt
    Smashing the stack.., phrack 49: http://www.phrack-dont-give-a-****-a...rack/49/P49-14
    The examples here were taken from http://coracaodeleao.virtualave.net . In Portuguese!
    Have fun!

    Found in a diary:
    \".... and yes, since i am a l337 hax0r, i am also using vi to write this. ^[[D^[[B^ exit ^X^C quit :x :wq dang it :w:w:w :x ^C^C^Z^D\"

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002

    From your post, you already know about buffer overflows and how to exploit them.

    My recommendataion.... do a default install of any operating system (m$ would be a good one) and read up on programs that are vulnerable to buffer overflow attacks. You can read up on these at bugtraq of course. Just exploiting m$ should keep you busy for months to come.
    Either use script kiddie tools to exploit them, or write your own.

    If you want to find out what programs have vulnerablilities in there... use something like Saint or Satan, or there are several others. Check here.

    I will sometimes do stuff similar to what you want to do. Build up a test box and just go at it. One of my favorites to do is to release several different viruses on a box that isn't on the net or my network and watch them eat up the OS. Then try to repair it.

    Well, keep us posted on your progress! If I had time, I'd be doing it too!

    I know.... I know... I have no life...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Join Date
    Dec 2002
    tatui, right!
    Smashing the Stack for fun or profit
    is really good. Then try 2 write some on your own. disassemble programs,
    single-step through a debugger. figure how they work then see if there
    possible a way to exploit the program some way.

    I suggest buying 'assembly language step-by-step' it's a excellent book.
    covers asm in win and linux

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts