Basic Guide to Exploits, Buffer Overflows And Shell Code

 

This article is aimed at trying to explain all the exploits that you will see around the place and why MOST of them work. Go to any exploit site and you will see many exploits made in unreadable code that looks impossible to understand. This code comes in 2 types shown similar to the examples below.


"\x31\xd2"
mov bl, 16
push eax


These are a combination of Assembly / shell code that are usually written in C. This means that in order to run these you will need a good C compiler. But the aim of this article is to explain why they work. Lets start with assembly code.

Whatever language you already know, when you compile this language is translated into machine code. Machine code is the lowest-level programming language and is read and executed straight away by the computer's central processing unit. This language however is complicated and is very hard to understand, but with time can be learned. One step above machine code is assembly code, this is also complicated but more recognisable, push and mov for example are codes telling the processing unit where to go. If you open an EXE program in ollydbg this will display some assembly code commands.

next, there's shell code. This is also a form of machine code that is used to exploit bugs in software. The aim of these is to gain the attacker access and control over something which he is usually not allowed. They again tell the computer direct commands to obey just like the other form of machine code above. But if you wonder how making this run in a program or online program results on the program performing actions it wouldn't usually, well this is where buffer / stack overflows come in.


What are buffer overflows?

These in very simple terms, for a more complex definition of buffer or stack overflows try searching google. These work by overflowing the space allowed for a certain value and allowing code to be executed. For example say a program has allowed 8 bytes to store a value. Now this value is being stored in "1st" below  if you enter 12345678 it is stored as below


1st 1st 1st 1st 1st 1st 1st 1st 2nd 2nd
1 2 3 4 5 6 7 8    


This is functioning correctly. But say you were to enter the value followed by some shell code / machine code, This would be executed as shown below


1st 1st 1st 1st 1st 1st 1st 1st 2nd 2nd
1 2 3 4 5 6 7 8 push aex mov..



This could cause the computer to store the value but then execute the code that follows it by adding it straight after the value. Because when the program is run, it is using machine code this is why machine code/shell code is needed. basically all these exploits do are find a certain point in the code and perform an overflow adding their own code to it. C is usually used because of how easy it is to run machine code using C. Also it has no built in protection to stop it from accessing and overwriting any part of memory.


Note that the code doesn't have to find somewhere to enter a value, some can just find the exact point in the program and execute the code straight away.

For more information, research buffer and stack overflows as well as shell / machine code.
SHARE

Dhirendra Biswal

Hi. I'm Dhirendra The Admin of this Blog I'm A Certified Ethical Hacker also a Web Developer With Programming Skills in various Programming Languages.

  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment