Low Level Exploits - Packet Storm

More documents

Recommendations

Info

Return to Stack Return to Stack A buffer overflow attack is a general definition for a class of attacks to put more data in a buffer than it can hold thus overwriting the return address. Return to Stack is a specific stack buffer overflow attack where the return address is the same as the address on the stack for storing the variable information. Thus you are executing the stack. [instructions][instructions][return address]
Return to Stack As you can see in the diagram the local variables of the function have been overwritten. The Return to Stack exploit is also known as "Smashing The Stack". [instructions] [instructions] [stack return address] Parameters Local Variables Return Address Parameters Frame for f() Frame for e()
Page 1 and 2: Low Level Exploits Email: hughpears
Page 3 and 4: Creating Shellcode
Page 5 and 6: Creating Shellcode The ELF file typ
Page 7 and 8: Creating Shellcode Let us write an
Page 9 and 10: Creating Shellcode The output of th
Page 11 and 12: Creating Shellcode Our op-codes sho
Page 13 and 14: Buffer Overflows On the Stack
Page 15 and 16: Buffer Overflows On the Stack Stack
Page 17 and 18: Buffer Overflows On the Stack //exa
Page 19: Return to Stack
Page 23 and 24: Format String Vulnerabilities What
Page 25 and 26: Format String Vulnerabilities But t
Page 27 and 28: Format String Vulnerabilities Lets
Page 29 and 30: Return to LibC
Page 31 and 32: Return to LibC (Linux) Now we can s
Page 33 and 34: Return to SEH (Windows) Stack cooki
Page 35 and 36: Return to Heap
Page 37 and 38: Heap Overflows
Page 39 and 40: unlink() Technique by w00w00 When m
Page 41 and 42: unlink() Technique by w00w00 How a
Page 43 and 44: unlink() Technique by w00w00 Heap o
Page 45 and 46: unlink() Technique by w00w00 We can
Page 47 and 48: Integer Overflows
Page 49 and 50: Integer Overflows Signed 16 bit int
Page 51 and 52: Null Pointers
Page 53 and 54: Null Pointers Address space switchi
Page 55 and 56: Null Pointers Disable OS security e
Page 57 and 58: Null Pointers This works for 2 reas
Page 59 and 60: Return Oriented Programming Chains
Page 61 and 62: ROP Chains Scan executable memory r
Page 63 and 64: ROP Chains Using a stack pivot, the
Page 65 and 66: Questions Questions

Low Level Exploits - Packet Storm

Create successful ePaper yourself

Delete template?

Save as template?