•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Assembly section within the Software Development category of DaniWeb, a massive community of 456,528 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,781 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Assembly advertiser: Programming Forums
Views: 1126 | Replies: 1
 |
•
•
Join Date: Sep 2005
Posts: 7
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Hi,
I was just learning about buffer overflow attacks... I was curious as to how to generate a simple shellcode. For example, I've written two codes - One is the typical program that has a vulnerability inside and the other is the shellcode.
main program:
I was thinking of putting the shellcode into the shellcode found in the end which is a character array.
And as for the shellcode generation, I've written something like:
But I don't know how to generate the shellcode from this so that I can put it in the original program. Can someone please guide me on how to achieve this?
I was just learning about buffer overflow attacks... I was curious as to how to generate a simple shellcode. For example, I've written two codes - One is the typical program that has a vulnerability inside and the other is the shellcode.
main program:
void test();
int main() {
test();
return 0;
}
void test() {
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}I was thinking of putting the shellcode into the shellcode found in the end which is a character array.
And as for the shellcode generation, I've written something like:
#include <unistd.h>
int main() {
char buf[]="Hello World";
write(1,buf,sizeof(buf));
exit(0);
}But I don't know how to generate the shellcode from this so that I can put it in the original program. Can someone please guide me on how to achieve this?
•
•
Join Date: Oct 2007
Location: Cherry Hill, NJ
Posts: 1,878
Reputation: 
Rep Power: 13
Solved Threads: 193
Your example is contrived, so just stick the shellcode in your first program as a function.
An overflow attack works by contaminating the code segment with data. For example, if I say:
The vulnerability is that the user may enter more than eleven characters before hitting ENTER. (Which is why gets() should never be used.) An attacker recognizes that after twelve characters he can insert executable code, so that the next time do_something() is called then what it actually looks like is this:
If you compile two separate programs you will have to find and get the actual 'attacker' code out of your second program. Skip the grief and just use debug.exe to turn your assembly into opcodes you can insert, or if you are going to play exclusively with C, just make the 'attacker' code another function.
Also, remember that exploiting this vulnerability always corrupts and/or destroys the attacked program, often leading to a crash. The attacker's goal isn't to be invisible, just to get his code executed at least once. That code can do anything the attacked program was privileged to do.
Also remember that this is a very simple example. A true attacker must be a bit more sophisticated than this. True attacks are wickedness and evil, so I won't go into further detail.
Hope this helps.
An overflow attack works by contaminating the code segment with data. For example, if I say:
void do_something() {
char s[ 12 ];
printf( "Enter a string> " );
gets( s );
printf( "The string you entered is \"%s\", s );
}void do_something() {
char s[ 12 ];
<attacker's code here>
...If you compile two separate programs you will have to find and get the actual 'attacker' code out of your second program. Skip the grief and just use debug.exe to turn your assembly into opcodes you can insert, or if you are going to play exclusively with C, just make the 'attacker' code another function.
Also, remember that exploiting this vulnerability always corrupts and/or destroys the attacked program, often leading to a crash. The attacker's goal isn't to be invisible, just to get his code executed at least once. That code can do anything the attacked program was privileged to do.
Also remember that this is a very simple example. A true attacker must be a bit more sophisticated than this. True attacks are wickedness and evil, so I won't go into further detail.
Hope this helps.
|
•
•
•
•
•
•
•
•
DaniWeb Assembly Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
Similar Threads
- help regarding automated test case generation tool (Java)
- dynamic generation of any component (Java)
- Relevant Link Exchange: B2B, Marketing, Lead Generation, Telemarketing, Sales Cycle (Relevant Link Exchanges)
- Dynamic Generation of fields (HTML and CSS)
- Automatic Code Generation (C#)
- Reports generation in VB6 (Visual Basic 4 / 5 / 6)
- Random number generation (C)
Other Threads in the Assembly Forum
- Previous Thread: Normal and delayed branch
- Next Thread: sound code
