February 2nd, 2007, 11:33 AM
im learning buffer-overflow and im tring to attack a server that i was build , but the server is not using the function "strcpy()" , so what else did i need to search, for doing the BOF ?
February 2nd, 2007, 01:33 PM
welcome to AO!
we probably need some more info about the server... whats running on it?
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
February 2nd, 2007, 02:09 PM
How people treat you is their karma- how you react is yours-Wayne Dyer
February 2nd, 2007, 03:03 PM
the server got tcp-connections, and if u connect with the standart client (that i was build speccely for this server) u`ll get menu with this option :
1.add user (and then u send him the username)
2.start new game and so on..
i tryed to send allot of junk beside the username and look at ollydbg what happened, but nothing happened..
there is any more details i can tell u ?
February 3rd, 2007, 11:46 AM
Why not learn with something you've made yourself instead of a blackbox?
Experience is something you don't get until just after you need it.
February 3rd, 2007, 06:30 PM
its not a black-box its a server that i was build...
February 3rd, 2007, 09:37 PM
by the way: i was read this article , but its not help me coz the server isnt using functions like "strcpy(), scanf() and so..", so i want to know what did i need to search for now... i mean , how can i found a vulerability in this server ? (what did i need to looks for..).. ?
February 4th, 2007, 02:21 PM
I like your approach to learn the issue of buffer overflows. As per answering
Simply spoken, all buffer overflows have in common that you are using some
fixed buffer or you allow the user (or service) to specify the buffer to be
allocated. While the latter seems strange, still nowadays some (older)
applications are in use, which actually trust their clients, allowing for this
Because of this generic character, it is thus impossible to give a complete
list (I wouldn't be able to) - sure, check for strcpy, scanf etc. but, more
general, check for all parts in your code where user (or service/protocol/...)
input from "outside" is used - directly, or more difficult to detect, indirectly.
For example, with your little server - what happens with the recv-buffer?
When do you use it, where does it have some impact?
Furthermore, which OS do you use, which Programming Language, which
Framework? It all depends - in particular the existence of a vulnerability:
even if you have found a security flaw, a vulnerable state, which
allows to reach a compromised state using authorised transitions, may not
exist at all.
If you post reasonable code-snippets, I will try to have a look at it
Cheers, and good luck.
P.s. Nowaday, fuzzers become more and more popular. What kind of protocol
are you using? You may find one, which will be appropriate to find some flaw
in your program.
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
February 4th, 2007, 10:00 PM
first of all, thanks sec_ware !
the protocol that running is TCP and i tryed to send data and triggered the overflow and when im watching ollydbg i saw that the eip is overwrited by this address: 000012FF (no matter is im sending 1 byte more or 500 bytes more), and i want to know if this is a well known address or something common ?
if some1 know a good article (and programs) about fuzzer ,i`ll apericate her help..
February 4th, 2007, 11:56 PM
First You must learn about security protections of yours OS. If I`m right you are using Windows and that means that you must know what is /safeseh, /GS, DEP, etc ... (this allude that you know what is buffer overflow, format string, code injections, pointers overwite, memory leaks, race conditions, etc ...).
Than, If you write your own server You will know if there any vuln ... and You can practise writing exploits (You "must" be master of debuging).
Read, read and read
By frostedegg in forum The Security Tutorials Forum
Last Post: June 9th, 2005, 02:51 PM
By hatebreed2000 in forum Microsoft Security Discussions
Last Post: July 23rd, 2003, 12:53 AM
By micael in forum AntiOnline's General Chit Chat
Last Post: June 7th, 2002, 08:07 AM
By zigar in forum Network Security Discussions
Last Post: May 29th, 2002, 04:04 PM
By s0nIc in forum Miscellaneous Security Discussions
Last Post: February 12th, 2002, 05:26 AM