Exploiting Buffer Overflows on kernels with ASLR enabled using Brute Force on the Stack Layer

A short video to illustrate how to exploit a buffer overflow vulnerable application on a Linux kernel >= 2.6.8 and ASLR through a strategy of brute force on the stack layer. In fact, the base stack address for a certain process under a kernel that implements ASLR is chosen in a relatively small range (about 8 MB on a 32 bits machine). If we inject in the stack a quite large amount of NOP bytes with a shellcode at the end, sooner or later (usually in about 30-40 attempts) the execution of the process will be hijacked right somewhere in the sequence of NOPs. They will be executed one by one, until the execution will reach our shellcode, that now will be successfully executed.

Tags: ASLR, buffer overflow, linux security, stack brute force

Computer engineer specialized in network security, low level programming and artificial intelligence. He is also the admin for  http://blacklight.gotdns.org, http://hackerforum.devil.it, http://www.evilsocket.net,  http://www.inj3ct-it.org .

He can be reached at: blacklight [_at_] autistici [_dot_] org