Latest Research

TrackBack Spam: Abuse and Prevention Contemporary blogs receive comments and TrackBacks, which result in cross-references between blogs. We conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples...

Readmore

XCS: cross channel scripting and its impact on web... We study the security of embedded web servers used in consumer electronic devices, such as security cameras and photo frames, and for IT infrastructure, such as wireless access points and lights-out management...

Readmore

Embedded Management Interfaces: Emerging Massive Insecurity Over the last few years, the number of devices that embed user-friendly management interfaces accessible from the network has drastically increased. These interfaces can be found on almost every kind of...

Readmore

Decaptcha: Breaking 75% of eBay Audio CAPTCHAs. CAPTCHA tests aim at preventing attackers from performing automatic registration. In this paper we show that our prototype Decaptcha is able to successfully break 75% of eBay audio captchas. We compare...

Readmore

Extending Anticipation Games with Location, Penalty... Over the last few years, attack graphs have became a well recognized tool to analyze and model complex network attack. The most advanced evolution of attack graphs, called anticipation games, is based...

Readmore

  • Prev
  • Next

Smashing the stack for understanding and learning

Posted on : 19-01-2008 | By : Elie Bursztein | In : Exercise, Teaching

0

Ce TD permet de mieux comprendre les problèmes de sécurité lié à la mémoire des programmes et la nature des “exploits”. Il les aborde en vous faisant réaliser un exploit sur un programme qui souffre d’un débordement de mémoire (buffer overflow). Ce type de bug est le plus courant et concerne près de 80% des failles actuelles.

Le premier article expliquant comment détourner un bug mémoire pour l’exploiter est du à Aleph-One dans phrack 49. Il s’appelle smashing the stack for fun and profite. La méthode proposée dans le TP est d’utiliser un shellcode. Il existe d’autres méthodes comme le retour dans la libc (Libc return) mais celles-ci sont moins abordables. Il existe de nombreux type de buffers overflow : off-by-one, heap-overflow, double-free …

TD Smashing the stack for understanding and learning (pdf)

Write a comment

You must be logged in to post a comment.