Monday, 28 March 2011

Shellcode Tutorial - Part 1

This is the first of several posts I am going to write, giving a (hopefully) quite easy explanation of a buffer overflow vulnerability, exploit, and payload (that last part is what people call the shellcode, but we'll get to that).

The fundamental problem at the root of buffer overflow vulnerabilities is that in any computer that operates a stack (and, thats just about any machine you could care to think of), program variables are mixed in with thread control data. This means that program data (anything from names, email addresses, the number of cats in new york city) is stored alongside flow control data (memory addresses, jumps, library calls etc).

So what does this all mean? It means that if you can jingle around the program data in a program running on a remote machine, you might just be able to cause it to write over some 'nearby' process control data, and if you do it just right, you can take control of the process entirely.

Thats all for part 1, just a very abstract and brief overview of what happens during a buffer overflow attack (an attack by the way that has been at the heart of nearly every single major computer breach in history)