:[ Welcome ]:
Exploits, Buffer Overflows And Shell Code
This article is aimed at trying to explain all the exploits that you will see around the place and why MOST of them work. Go to any exploit site and you will see many exploits made in unreadable code that looks impossible to understand. This code comes in 2 types shown similar to the examples below.
"\x31\xd2"
mov bl, 16
push eax
push eax
These are a combination of Assembly / shell code that are usually written in C. This means that in order to run these you will need a good C compiler. But the aim of this article is to explain why they work. Lets start with assembly code.
Whatever language you already know, when you compile this language is translated into machine code. Machine code is the lowest-level programming language and is read and executed straight away by the computer's central processing unit. This language however is complicated and is very hard to understand, but with time can be learned. One step above machine code is assembly code, this is also complicated but more recognisable, push and mov for example are codes telling the processing unit where to go. If you open an EXE program in ollydbg this will display some assembly code commands.
next, there's shell code. This is also a form of machine code that is used to exploit bugs in software. The aim of these is to gain the attacker access and control over something which he is usually not allowed. They again tell the computer direct commands to obey just like the other form of machine code above. But if you wonder how making this run in a program or online program results on the program performing actions it wouldn't usually, well this is where buffer / stack overflows come in.
What are buffer overflows?
These in very simple terms, for a more complex definition of buffer or stack overflows try searching google. These work by overflowing the space allowed for a certain value and allowing code to be executed. For example say a program has allowed 8 bytes to store a value. Now this value is being stored in "1st" below if you enter 12345678 it is stored as below
| 1st | 1st | 1st | 1st | 1st | 1st | 1st | 1st | 2nd | 2nd |
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
This is functioning correctly. But say you were to enter the value followed by some shell code / machine code, This would be executed as shown below
| 1st | 1st | 1st | 1st | 1st | 1st | 1st | 1st | 2nd | 2nd |
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | push aex | mov.. |
This could cause the computer to store the value but then execute the code that follows it by adding it straight after the value. Because when the program is run, it is using machine code this is why machine code/shell code is needed. basically all these exploits do are find a certain point in the code and perform an overflow adding their own code to it. C is usually used because of how easy it is to run machine code using C. Also it has no built in protection to stop it from accessing and overwriting any part of memory.
Note that the code doesn't have to find somewhere to enter a value, some can just find the exact point in the program and execute the code straight away.
For more information, research buffer and stack overflows as well as shell / machine code.
Was this tutorial helpful? please rate:
You Must Login To Vote
Previous Tutorial | Next Tutorial
Tutorial By t0mmy9
