Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: buffer overflow

  1. #1
    Junior Member
    Join Date
    Dec 2006

    buffer overflow

    im learning buffer-overflow and im tring to attack a server that i was build , but the server is not using the function "strcpy()" , so what else did i need to search, for doing the BOF ?

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    SW MO
    welcome to AO!

    we probably need some more info about the server... whats running on it?
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"


  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    ya think

    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Junior Member
    Join Date
    Dec 2006
    the server got tcp-connections, and if u connect with the standart client (that i was build speccely for this server) u`ll get menu with this option :
    1.add user (and then u send him the username)
    2.start new game and so on..
    i tryed to send allot of junk beside the username and look at ollydbg what happened, but nothing happened..
    there is any more details i can tell u ?

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    Why not learn with something you've made yourself instead of a blackbox?

    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Junior Member
    Join Date
    Dec 2006
    its not a black-box its a server that i was build...

  7. #7
    Junior Member
    Join Date
    Dec 2006
    by the way: i was read this article , but its not help me coz the server isnt using functions like "strcpy(), scanf() and so..", so i want to know what did i need to search for now... i mean , how can i found a vulerability in this server ? (what did i need to looks for..).. ?
    thanks !

  8. #8
    Senior Member
    Join Date
    Mar 2004

    I like your approach to learn the issue of buffer overflows. As per answering
    your question:

    Simply spoken, all buffer overflows have in common that you are using some
    fixed buffer or you allow the user (or service) to specify the buffer to be
    allocated. While the latter seems strange, still nowadays some (older)
    applications are in use, which actually trust their clients, allowing for this

    Because of this generic character, it is thus impossible to give a complete
    list (I wouldn't be able to) - sure, check for strcpy, scanf etc. but, more
    general, check for all parts in your code where user (or service/protocol/...)
    input from "outside" is used - directly, or more difficult to detect, indirectly.
    For example, with your little server - what happens with the recv-buffer?
    When do you use it, where does it have some impact?

    Furthermore, which OS do you use, which Programming Language, which
    Framework? It all depends - in particular the existence of a vulnerability:
    even if you have found a security flaw, a vulnerable state, which
    allows to reach a compromised state using authorised transitions, may not
    exist at all.

    If you post reasonable code-snippets, I will try to have a look at it

    Cheers, and good luck.

    P.s. Nowaday, fuzzers become more and more popular. What kind of protocol
    are you using? You may find one, which will be appropriate to find some flaw
    in your program.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  9. #9
    Junior Member
    Join Date
    Dec 2006
    first of all, thanks sec_ware !
    the protocol that running is TCP and i tryed to send data and triggered the overflow and when im watching ollydbg i saw that the eip is overwrited by this address: 000012FF (no matter is im sending 1 byte more or 500 bytes more), and i want to know if this is a well known address or something common ?

    if some1 know a good article (and programs) about fuzzer ,i`ll apericate her help..

  10. #10
    Junior Member
    Join Date
    Jan 2007

    First You must learn about security protections of yours OS. If I`m right you are using Windows and that means that you must know what is /safeseh, /GS, DEP, etc ... (this allude that you know what is buffer overflow, format string, code injections, pointers overwite, memory leaks, race conditions, etc ...).

    Than, If you write your own server You will know if there any vuln ... and You can practise writing exploits (You "must" be master of debuging).

    Read, read and read

Similar Threads

  1. Heap-Based Overflows
    By frostedegg in forum The Security Tutorials Forum
    Replies: 0
    Last Post: June 9th, 2005, 02:51 PM
  2. MSN buffer overflow or DoS?
    By hatebreed2000 in forum Microsoft Security Discussions
    Replies: 6
    Last Post: July 23rd, 2003, 12:53 AM
  3. eDonkey 2000 ed2k: URL Buffer Overflow
    By micael in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: June 7th, 2002, 08:07 AM
  4. ALERT: Yahoo IM Buffer Overflow
    By zigar in forum Network Security Discussions
    Replies: 0
    Last Post: May 29th, 2002, 04:04 PM
  5. Vulnerability: EasyBoard 2000 Remote Buffer Overflow
    By s0nIc in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: February 12th, 2002, 05:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts