Writing Windows Buffer Overflows Exploit- A step by step tutorial

Introduction

Writing a buffer overflow attack against a Windows program present several challenges that make it a bit more difficult than writing exploits on a Linux platform. In addition to not having popular tools such as gdb (the GNU Debugger) an attacker is faced with a closed box. Not only are most Windows applications closed source, but the operating system itself doesn't provide much transparency. When taken together this makes an attackers job fairly daunting.

Windows buffer overflow attacks are quite possible, however, and I'm writing this tutorial to walk you through developing one such attack. This article assumes some prior knowledge of assembly, x86 architecture, C and Perl programming. I hate to raise the bar like that, but if you're not familiar with these concepts then writing buffer overflows will be next to impossible as their inner workings hinge on all of these topics. While there are many tools you can use to assist in the process of finding and exploiting buffer overflow vulnerabilities, without a thorough understanding of how they work you're going to have a very hard time actually creating new exploits.

I'm going to skip over the obligatory explanation of what a buffer overflow or shellcode actually is because others have done a much better job in other places on the web. Poke around and you're sure to find some excellent articles explaining exactly how this sort of attack works. For the purposes of this tutorial we're going to attack an explicit (known) vulnerability in a certain piece of software. You can use this process to develop exploits for other programs as soon as vulnerability announcements are released.

Read Full Article here :Mad Irish

Your rating: None Average: 3.3 (9 votes)

Some other tutorials about

Some other tutorials about exploit writing can be found here :

* Stack based overflows (direct RET overwrite) :
Tutorial Part 1
http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial...

* Jumping to shellcode :
Tutorial Part 2
http://www.corelan.be:8800/index.php/2009/07/23/writing-buffer-overflow-...

* Stack based overflows - SEH
Tutorial Part 3
http://www.corelan.be:8800/index.php/2009/07/25/writing-buffer-overflow-...

* Stack based overflows - SEH part 2
Tutorial Part 3b
http://www.corelan.be:8800/index.php/2009/07/28/seh-based-exploit-writin...

* Writing Metasploit exploits
Tutorial Part 4
http://www.corelan.be:8800/index.php/2009/08/12/exploit-writing-tutorial...

* Using debuggers to speed up exploit development
Tutorial Part 5
http://www.corelan.be:8800/index.php/2009/09/05/exploit-writing-tutorial...

* Bypassing Stack Cookies, Safeseh, NX/DEP and ASLR
Tutorial Part 6
http://www.corelan.be:8800/index.php/2009/09/21/exploit-writing-tutorial...

* Writing stack based unicode exploits
Tutorials Part 7
http://www.corelan.be:8800/index.php/2009/11/06/exploit-writing-tutorial...

Search

Loading

Sponsered links

Bookmark Us!

Share/Save

Page Rank

Quotes

The worth of shade is only known when the sun is beating down hot

Explore Tags

Follow Us