Description: Welcome to Part 2 of the Buffer Overflow Primer. If you have not already done so, please start this series by viewing Part 1. The Buffer Overflow Primer requires that you know at least some basic Assembly Language. I have created a series of Assembly Language video tutorials for Hackers here, for those not familiar with the language. <br><br>In this video we will look at how to create Shellcode which we can use as payload while exploiting a buffer overflow vulnerability. Shellcode is nothing but machine code which the CPU can execute directly without requiring any further assembling, compilation or linking. Thus instructions in the Shellcode will be executed as-is. We will look at the exit() syscall and see how we can convert the assembly language code for invoking it into shellcode. In the process, we will be using the Objdump utility which ships with the Binary utils package. After you have gone through this video, you will be able to convert almost any assembly code into it's shellcode equivalent.<br><br><br><br><style type="text/css">body { background: #FFF; } </style> </div>
Tags: programming ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Loose focus? I will not even loose focus if you make videos that are 6 hours long. Not of they are of this quality!
"
H4TT1fn4TT on Fri 04 Mar 2011
Loose focus? I will not even loose focus if you make videos that are 6 hours long. Not of they are of this quality!"
+1
Amazing video. These really help me as I am a visual learner. Reading about this confuses me.
Great videos
Great video, looking forward to more viewing tomorrow!
Thanks.
Excellent. =)
Good video as always
Hello Vivek! Thank you very much for your tutorials and help. You are helping us very much, I am personally learning more than I do at Uni. Tnak you again.
Excellent. Thanks. :)
Thanks vivek. Another great video.
This is my second intro to shell code, the first was the Wiley press Shellcoder's handbook.
You both explain almost exactly the same technique -- which is just testament to your teaching ability.
Great video. Thanks.
thank you Vivek
Excellent job as usual Vivek,
I have a small problem, when i run gcc -static - o exit exit.c it gave some error:
oot@bt:~/Files/codes open security/Buffer-Overflow-Primer/part2# gcc -static -o exit exit.c
/usr/lib/gcc/i486-linux-gnu/4.3.2/../../../../lib/libc.a(elf-init.o): In function `__libc_csu_irel':
(.text+0xe5): undefined reference to `__rel_iplt_end'
/usr/lib/gcc/i486-linux-gnu/4.3.2/../../../../lib/libc.a(elf-init.o): In function `__libc_csu_irel':
(.text+0xec): undefined reference to `__rel_iplt_start'
/usr/lib/gcc/i486-linux-gnu/4.3.2/../../../../lib/libc.a(elf-init.o): In function `__libc_csu_irel':
(.text+0xfd): undefined reference to `__rel_iplt_start'
/usr/lib/gcc/i486-linux-gnu/4.3.2/../../../../lib/libc.a(elf-init.o): In function `__libc_csu_irel':
(.text+0x106): undefined reference to `__rel_iplt_start'
/usr/lib/gcc/i486-linux-gnu/4.3.2/../../../../lib/libc.a(elf-init.o): In function `__libc_csu_irel':
(.text+0x113): undefined reference to `__rel_iplt_start'
/usr/lib/gcc/i486-linux-gnu/4.3.2/../../../../lib/libc.a(elf-init.o): In function `__libc_csu_irel':
(.text+0x11b): undefined reference to `__rel_iplt_start'
collect2: ld returned 1 exit status
can you please advise?
Brilliant... loved the video and how everything was explained step by step. Looking forward to watch all videos.
Hello .Is there who know about segmentation fault. actually, I did any work like inside movie, step by step in my Vmware Machine with ubuntu 11 x86 but I couldn't fix that moreover I used -fno-stack-protector switch but it didn't work however is there anyone have a solution please help me .thanks
Hello all,
Im a little bit confused, i have compiled the exit.c program but my disassemble is so different than vivek dump.
Dump of assembler code for function main:
0x08048250 <+0>: push %ebp
0x08048251 <+1>: mov %esp,%ebp
0x08048253 <+3>: and $0xfffffff0,%esp
0x08048256 <+6>: sub $0x10,%esp
0x08048259 <+9>: movl $0x0,(%esp)
0x08048260 <+16>: call 0x8048b30 <exit>
End of assembler dump.
(gdb) disassemble exit
Dump of assembler code for function exit:
0x08048b30 <+0>: push %ebp
0x08048b31 <+1>: mov %esp,%ebp
0x08048b33 <+3>: sub $0x18,%esp
0x08048b36 <+6>: mov 0x8(%ebp),%eax
0x08048b39 <+9>: movl $0x1,0x8(%esp)
0x08048b41 <+17>: movl $0x80c600c,0x4(%esp)
0x08048b49 <+25>: mov %eax,(%esp)
0x08048b4c <+28>: call 0x8048a30 <__run_exit_handlers>
Whats the __run_exit_handlers ?? And why is my code so different ?
Thank you
>SpEcTeR on Thu 08 Sep 2011
>
>Hello .Is there who know about segmentation fault. >actually, I did any work like inside movie, step by step >in my Vmware >Machine with ubuntu 11 x86 but I couldn't >fix that moreover >I used -fno-stack-protector switch but >it didn't work >however is there anyone have a solution >please help me .thanks
http://en.wikipedia.org/wiki/Executable_space_protection
I need someone who is capable of hacking* websites & accessing their email database
I don't need scraping,web crawling or extractors
I need this sites HACKED so I gain access to their email DB
I will need to test the result u give me,if it checks out,I am willing to pay up to 3000$
per website and 10-20 websites monthly,which will increase upon delivery of faster & quality
service
Pls note,CONTINUITY is what I am after...I NEED A GOOD PARTNER I CAN WORK WITH FOR A VERY
LONG TIME!. I HAVE AT LEAST 500 WEBSITES ON MY LIST AND IM WILLING TO PAY 3000$ PER WEBSITE
PLEASE SEND ME A MAIL IF U CAN DO THIS ASAP ; omorye007 (at) yahoo (dot) com
Cheers
Hi Vivek
video is simply amazing. But I have a doubt.
I am using slackware64 bit, so when I disassemble my code, I get the assembly code according 64-bit architecture. I would like to know whether should I learn 64-bit architecture or not??? Will it be useful in future???
Thank You
Awesome. Loosing focus?? :) No way...
hi Vivek ,
your videos are all very nice, However at the end of every video you ask people to make some comments, why don't you reply then when they are asking for help??
Hello,
For the people trying to compile for Ubuntu 11/32bits:
gcc -ggdb -fno-stack-protector -mpreferred-stack-boundary=2 -z execstack -o ShellCode ShellCode.c
Thank you.
After Assembly Primer for Linux I have started watching this videos and no doubt it is extreamly good..thank you for sharing and teaching us in such a good way....!!!!
Thanks, this is really helpful!
Sir writting exit sys call shellcode, why we put 20 into ebx register, i mean why 20??
strongly appreciated if anyone help...