Skip to main content

Posts

Showing posts with the label Exploit and Reversing

Buffer Overflow Attack on Windows

Generally Exploiting In windows system is very tough,though you have to overcome various protection and bypass.In some cases you have to use Kernel Mode exploits. And also we will show you the target machine which we will perform attack is XP,otherwise if we will try on win7,win8,win10, then we will have to cross the path where all doors are closed.hope you got my point.First we will discuss some of the protection mechanism here. ASLR DEP SEH SAFESEH SEHOP Control Flow Guard(CFG) Stack Compiler Option(/GS cookie option) EMET Heap Isolation and many more coming............. But before starting our exploit development process we should know some theory which is very necessary.Otherwise we are in the middle of way and we don't know the path to go around. Windows Memory Layout   In an X86 system, when a application starts,a process is created and virtual memory assigned.so the address space ranges from 0x00000000 to 0xFFFFFFFF which is called user-land level of OS.If the address range

Vanilla Buffer Overflow And Attack On Linux Platform

Buffer Overflow Attack: What is buffer Overflow: A buffer overflow happens when too much data put into the buffer which exceed the length of buffer defined and memory corruption happens or application crashes. From Crashing to Exploit: After crashing a application with a fuzzer,next step to own the Application or exploit the Application.so after overflown the extra data is overwriteen to EIP register.we will discuss more in the upcoming blogs.so if we point the EIP to the shellcode we can exploit the application or vulnerability. Here we will discuss exploit and gdb on Linux platform.first we will discuss gdb . so far in the Internet we have seen lots of tutorials regarding Exploit,but in modern L:inux there are lots of protection like DEP,ASLR.so we have to disable that in the OS ASLR is implemented by the kernel and the ELF loader by randomising the location of memory allocations (stack, heap, shared libraries, etc). This makes memory addresses harder to predict when an attacker is a

Buffer Overflow And Exploits

Buffer: Well buffer is nothing,but small amount of memory used for temporary storage of data, usually to compensate for different in processing or transmitting speeds of two connected devices,such as computer and a Printer or any devices. Stack: The stack is an area of memory that holds temporary data followed by LIFO(Last In First Out) data structure where items are “pushed” and “popped” onto them. The data is placed on the stack by PUSH operation and removed by POP operation. Let's do same thing by doing some illustration below. First PUSH operation PUSH 1 PUSH 2 PUSH 3 After PUSH Operation: The below is how looks stack after PUSH operation happened Second POP operation: POP EAX POP EBX POP ECX After POP operation: The below is how look like in the stack after POP operation happened in the stack So the following things we have concluded: The current location of  the stack pointer can be accessed at any given time by accessing the stack  pointer register (ESP). The current base of