In 1996, Elias Levy ("Aleph One") published "Smashing The Stack For Fun And Profit" in Phrack magazine. The article showed how to overflow a buffer to launch a shell.
I’m almost ashamed I never took a closer look for over a decade. My background would suggest I’d be one of the early adopters. As a kid, I loved messing with assembly language and poking around the system. I collected computer viruses. I bypassed copy protection systems. I knew how to make free phone calls. In grad school, my advisor and my colleagues taught a computer security class, where rooting a system by smashing the stack was a homework assignment.
With pride, and relief, I can now announce that at long last, in 2012, I have exploited a buffer overflow. Moreover, I have written a truly marvelous step-by-step guide to this, which this post is too narrow to contain. (I’m afraid of overflowing it.) I took notes because I encountered difficulties with other tutorials:
-
32-bit systems are often assumed. My system is 64-bit.
-
Various countermeasures are now enabled on stock installs.
-
I wanted to try a newer variant of the attack known as return-oriented programming, which defeats one of the countermeasures.
Luckily my website has ample room. Read now, and get a bonus shell script that demonstrates the attack!
No comments:
Post a Comment