Recently my article got published in the April 2013 edition of Linux For You magazine, which is Asia’s first and complete magazine on open source technologies. The name of the article is “Preventing buffer overflow attacks using GDB“. It demonstrates the case of a simple buffer overflow and how it can be exploited. The basic usage of GDB is also explained in the article.
You can read the article from here : Preventing buffer overflow attacks using GDB
Does any of the binary exploiters know who Elias Levy is ?
People know him better by the name Aleph One. He is the person who wrote the article “Smashing the Stack for Fun and Profit” which is the first documentation of Buffer Overflows. Buffer Overflows are one of the most common kinds of vulnerabilities found in a C program, wherein a buffer is overflowed with and its adjacent memory locations are overwritten with the desired memory address. The control of the program is changed in such a manner that the code executes the malicious code that person exploiting the vulnerability wants it to execute.
Coming back to Elias Levy, he is the first person who to ever explain Buffer Overflow publicly. He did so by writing an article in Phrack magazine in the year 1996(which currently issues a copy once in a year or so). For all of you who are aspiring to become an expert in Binary exploitation reading and not just reading but thoroughly understanding this article is absolutely mandatory. Elias Levy is also the CTO and co-founder of the computer security company Security Focus. He was also the moderator of the full disclosure mailing list Bugtraq.
- Elias Levy a.k.a. Aleph One
The article gives a very detailed step-by-step explanation of how to overflow a buffer and not only just overflow it but also to take full advantage of the overwritten values. It also explains how to write your own shell code.
But for this article it would have been difficult for me to understand what exactly is happening in Buffer Overflow. Although I’m no expert at it exploiting the vulnerability, I can atleast follow what exactly is happening.