RE: A exploitable C program

RE: A exploitable C program

[Huber, George K CECOM RDEC STCD SRI]

You might want to check out the following two books,

(1) Writing Secure Code
    Michael Howard, Davbid Leblanc
    ISBN: 0735615888
    published Nov 2001.

(2) Building Secure Software: How to Avoid Security Problems the Right Way
    John Viega, Gary McGraw
    ISBN: 020172152X
    published Oct 2001.

Both have extensive sections on buffer overflows (how to manipulate
them and how to fix/prevent them).  The first book focuses on Microsoft
technologies (MS VC++, Visual Basic, C#), but the concepts should be
widely applicable.  The second book is more general. 


George Huber
Computer Scientist
SRI, International
phone: 732-427-8064
fax    : 732-427-2065
cell   : 732-740-4018
george.huber@mail1.monmouth.army.mil

George Huber
Computer Scientist
SRI, International
phone: 732-427-8064
fax    : 732-427-2065
cell   : 732-740-4018
george.huber@mail1.monmouth.army.mil


-----Original Message-----
From: ashtrax [mailto:xlp@emtel.net.co]
Sent: Friday, July 12, 2002 12:34 AM
To: linux-c-programming@vger.kernel.org
Subject: A exploitable C program


Hi, I keep trying to understand buffer overflow, I would like you help me
finding a exploitable C program, not so complex, that demands me a serious
and deep analysis of how find shellcode, elf disamble and other process I
already ignore.
I want to have the ability of release proof of concept exploit and
understand credentials, setiud root and all secure programming topics.
What program do you suggest for have a good start?

bye.
p.s. Why I cant 'get' with majordomo all the list archives? (get
linux-c-programming <date>)



-
To unsubscribe from this list: send the line "unsubscribe
linux-c-programming" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: A exploitable C program

[jnf]

for starts i would go with what Elias had to say, if you dont understand anything of it, perhaps you should start a little higher and just concentrate on the system. c/asm would be where i focused, and i would get handy with a debugger.

here is a link to a paper that i think helps ease people into buffer overflows better than smashing the stack, as i think smashing the stack kinda assumes a basic knowledge of whats going on to some degree, i dunno their both great papers:

http://minimum.inria.fr/%7Eraynal/full-page.php3?page=116

and then these are what ive been working on and i think their the coolest thing since, well i dunno what- but i enjoy them alot:

http://community.core-sdi.com/~gera/InsecureProgramming/

really beyond how c and how those calls in c break into asm, i highly advice you understand the stack and how instructions that manipulate it work...bla bla bla im not gonna say anything you cant learn from reading

_____________________________________________________________
Sign up for FREE email from DoItYourself.com at http://doityourself.com

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag

A exploitable C program

[ashtrax]

Hi, I keep trying to understand buffer overflow, I would like you help me finding a exploitable C program, not so complex, that demands me a serious and deep analysis of how find shellcode, elf disamble and other process I already ignore.
I want to have the ability of release proof of concept exploit and understand credentials, setiud root and all secure programming topics.
What program do you suggest for have a good start?

bye.
p.s. Why I cant 'get' with majordomo all the list archives? (get linux-c-programming <date>)

Re: A exploitable C program

[Elias Athanasopoulos]

On Thu, Jul 11, 2002 at 11:33:56PM -0500, ashtrax wrote:
> Hi, I keep trying to understand buffer overflow, I would like you help me finding a exploitable C program, not so complex, that demands me a serious and deep analysis of how find shellcode, elf disamble and other process I already ignore.
> I want to have the ability of release proof of concept exploit and understand credentials, setiud root and all secure programming topics.
> What program do you suggest for have a good start?

Please, use a mail client with a sane wrapping.

The most combrehensive tutorial regarding buffer overflow, AFAIK, is:

http://www.shmoo.com/phrack/Phrack49/p49-14

It doesn't cover non-executable stacks though. I doubt that you'll test
your code in an OS which provides non-executable stacks.

Elias

-- 
http://gnewtellium.sourceforge.net			MP3 is not a crime.	

Re: A exploitable C program

[ashtrax]

> > Hi, I keep trying to understand buffer overflow, I would like you help me finding a exploitable C program, not so complex, that demands me a serious and deep analysis of how find shellcode, elf disamble and other process I already ignore.
> > I want to have the ability of release proof of concept exploit and understand credentials, setiud root and all secure programming topics.
> > What program do you suggest for have a good start?
> 
> Please, use a mail client with a sane wrapping.
> 
> The most combrehensive tutorial regarding buffer overflow, AFAIK, is:
> 
> http://www.shmoo.com/phrack/Phrack49/p49-14

Hi, each time I  ask for this topic I am suggested to read that document, I have read it several times but I dont understand the concepts.

ashtrax.

Re: A exploitable C program

[Elias Athanasopoulos]

On Fri, Jul 12, 2002 at 03:30:07PM -0500, ashtrax wrote:
> Hi, each time I  ask for this topic I am suggested to read that document, I have read it several times but I dont understand the concepts.

Then, my suggestion is to understand some fundamental things, such as a
programming language (C most probably) and how computers work, by reading
books. After that, come again and have another try with the article I
suggested to you.

Elias

-- 
http://gnewtellium.sourceforge.net			MP3 is not a crime.	

Re: A exploitable C program

[Marius Nita]

On Fri, Jul 12, 2002 at 03:30:07PM -0500, ashtrax wrote:
> Hi, each time I  ask for this topic I am suggested to read that document, I have read it several times but I dont understand the concepts.
>

You need to get some basic knowledge of how a computer functions and how unix
processes are mapped in memory. (some of this is explained in that buffer
overflow document)

The basic idea is that if your program is not sane enough to check for
boundaries on static and dynamic arrays, it could be forced to write past the
end of an array. Since memory is linear (you can think of memory as a big long
row of bytes) there could be important stuff past the end of that array, such
as the return address of a function. If you overwrite that with another
address, you could cause that function to return to some other random place,
which you can use to manipulate the program in malicious ways.

In a nutshell, a buffer overflow is writing past the end of an array. (You say
int foo[4]; and sometime later you say *(foo + 4) = blah;)

a good way to avoid overflows is to use a memory debugger. (valgrind is an
excellent one)