February 21st, 2005, 09:49 PM
Hi i dont know much about exploits so i have been messing with them and i was wornding how would i get a buffer overflow to spawn off an admin account in winXP. what i did is make a program that i could overflow the buffer but now that i have gotten it to overflow what code would i need to put into the buffer to get it to spawn off a admin account. like is it diffrent for each exploit or is it a set code that could be used in diffrent exploits and what i mean by the code i mean the actual code that would spawn off the account.
February 21st, 2005, 11:19 PM
Like you, my knowledge of Buffer Overflows is pretty limited, but here is a resource:
In other words, you can put any program in the buffer and then load it up. Not sure how this works in practice though, because, like I said, I haven't played with it that much.
Because we know it is easy to overwrite a function's return address, an intelligent hacker might want to spawn a shell (with root permissions) by jumping the execution path to such code. But, what if there is no such code in the program to be exploited? The answer is to place the code we are trying to execute in the buffer's overflowing area. We then overwrite the return address so it points back to the buffer and executes the intended code. Such code can be inserted into the program using environment variables or program input parameters. An example code that spawns a root shell can be found in a classic paper written by Aleph One for Phrack Magazine (see Resources).
Hope this helps,
Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
-- Homer S.
February 22nd, 2005, 12:40 AM
thanks very much Iron-Kurton thats a really good article and i just found this book Hacking the art of exploitation when i went to B&N you should pick it up if your looking to get into Buffer overflows it is a really good book about them and other kinds of exploits.
February 23rd, 2005, 12:37 AM
You gotta understand that it's not the code that will spawn an admin account. Your code will do something, perhaps give you access to the command prompt or run some sort of process. Whether it has admin access depends on what runlevel the code is run at. So basically, if the program that you overflow only has limited access (XP terminology, I believe), you will not be able to spawn an admin account. The program has to have admin access in the first place.
February 23rd, 2005, 05:01 AM
In other words, you can put any program in the buffer and then load it up.
Thats because you control the program so you'll be gaining whatever privileges set for it. Since almost every home user does everything with full administrative access it would never matter.
perhaps give you access to the command prompt or run some sort of process. Whether it has admin access depends on what runlevel the code is run at. So basically, if the program that you overflow only has limited access (XP terminology, I believe), you will not be able to spawn an admin account. The program has to have admin access in the first place.