iamismael - Buffer Overflow Tutorial 1/2: Intro
90iamismael brings us today's videos on buffer overflows, he'll go over the basics and show you what it looks like in a debugger and then show you how to exploit one in a vulnerable server, setup for practicing this technique. The first video will show you the basics using ollydbg on Windows, and then the second video he will show you how to perform the exploit and send a payload to a vulnerable server using Python on a Linux box.
Timestamp
0:00 Introduction
0:33 Writing vulnerable program
2:32 Analysing the program in OllyDbg
7:16 Explaining the stack
17:18 Overflowing the buffer
This tutorial will teach you what buffer overflows are and how exploit them. A buffer overflow is a popular vulnerability in cyber security that generally occurs when untrusted user input is not validated correctly. There are many ways to exploit them but essentially you need to acquire knowledge of the target by means of reverse engineering. Then you could use python exploits to target the vulnerability for example.
We first start by writing a program that is susceptible to a buffer overflow exploit, initially the program takes a string as an argument and copies it to a buffer using strcpy. Code Blocks will be our IDE on Windows XP because visual studio inlines strcpy and we do not want that. After compiling it we do some reverse engineering on it using ollydbg. It is really important to understand the stack to fully gain knowledge about buffer overflows. Basically the stack grows downwards towards lower addresses, so when you push some data you are decreasing the stack pointer by the word size and then writing the data to the new stack pointer location. Using Olly we see that if we pass a string to strcpy bigger than the destination buffer we overwrite data after the buffer, and because the buffer is on the stack we will overwrite whatever is on the stack after the buffer like local variables, parameters and return values. One of the ways to exploit a buffer overflow is to make a specially created string with a certain length in such a way that we overwrite the return value so we gain execution of the program.
The live overflow youtube channel made a very informative buffer overflow tutorial, it has great content about ethical hacking and information security in general, for example how to hack things. There you can also find a path to follow an ethical hacking career.
He has many more youtube videos you should checkout:
https://www.youtube.com/user/CosmoCopulates1
Learn more about Ismael:
https://iamismael.com/
https://github.com/IsmaelVazquez
I am continually impressed by the people wanting to contribute to our community and want to say thank you everyone, but especially to Ismael right now for making us these videos!
https://guidedhacking.com