What You Need for Investigation

Previous page
Table of content
Next page

What You Need to Know

Numerous papers exist on how to write exploits for stack overflows; there are slightly fewer about format strings, and still fewer about heap overflows. If the bug you're trying to exploit is not one of these three, then you probably will have difficulty obtaining the relevant information. Hopefully this book fills in many of the gaps, but if you need more information on a certain bug, the following list might help. We deliberately kept this list of our favorite papers in each category brief.

Keep in mind that reading old exploits can be just as valuable as reading papers. Often, the comments and headers detail particular techniques that may be of interest to novice exploit developers.

There is much excellent information out there that we've had to omit for sake of space, so please accept our apologies if your own paper is not listed. You can find all of these resources on the Shellcoder's Handbook Web site, www. wiley .com/compbooks/koziol, in case a URL changes or you want to get everything all in one spot.

Stack Overflow Basics

  • "Smashing the Stack for Fun and Profit" (Aleph One)

    Phrack Magazine, issue 49, article 14

    www.phrack.org/show.php?p=49&a=14

  • Exploiting Windows NT 4 Buffer Overruns (David Litchfield)

    www.nextgenss.com/papers/ntbufferoverflow.html

  • "Win32 Buffer Overflows: Location, Exploitation and Prevention" (dark spyrit, Barnaby Jack, dspyrit@beavuh.org)

    Phrack Magazine, issue 55, article 15

    www.phrack.org/show.php?p=55&a=15

  • The Art of Writing Shellcode (smiler)

    http://julianor.tripod.com/art-shellcode.txt

  • The Tao of Windows Buffer Overflow (as taught by DilDog)

    www.cultdeadcow.com/cDc_files/cDc-351/

  • Unix Assembly Codes Development for Vulnerabilities Illustration Purposes (LSD-PL)

    www.lsd-pl.net/documents/asmcodes-1.0.2.pdf

Advanced Stack Overflows

  • Using Environment for Returning into Lib C (Lupin Bursztein)

    www.shellcode.com.ar/docz/bof/rilc.html (Lupin's home page is www.bursztein.net; however, the paper was not there at time of writing)

  • Non-Stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP (David Litchfield)

    www.nextgenss.com/papers/non-stack-bo-windows.pdf

  • Bypassing Stackguard and StackShield Protection (Gerardo Richarte)

    www.coresecurity.com/common/showdoc.php?idx=242&idxseccion=11

  • Vivisection of an Exploit Development Process (Dave Aitel)

    Blackhat Briefings Presentation, Amsterdam 2003

    www.blackhat.com/presentations/bh-europe-03/bh-europe-03-aitel.pdf

Heap Overflow Basics

  • w00w00 on Heap Overflows (Matt Conover)

    www.w00w00.org/files/articles/heaptut.txt

  • "Once upon a free()"

    Phrack Magazine, issue 57, article 9

    www.phrack.org/show.php?p=57&a=9

  • "Vudo malloc Tricks" (Michel MaXX Kaempf, maxx@synnergy.net )

    Phrack Magazine, issue 57, article 8

    www.phrack.org/show.php?p=57&a=8

Integer Overflow Basics

  • "Basic Integer Overflows" (blexim)

    Phrack Magazine , Issue 60, Article 10

    www.phrack.org/show.php?p=60&a=10

Format String Basics

  • Format String Attacks (Tim Newsham)

    www.lava.net/~newsham/format-string-attacks.pdf

  • Exploiting Format String Vulnerabilities (scut)

    www.team-teso.net/articles/formatstring/

  • "Advances in Format String Exploitation" (Gera, Riq)

    Phrack Magazine , Issue 59, Article 7

    www.phrack.org/show.php?p=59&a=7

Encoders and alternatives

  • "Writing ia32 Alphanumeric Shellcodes" (rix)

    Phrack Magazine, Issue 57, Article 15

    www.phrack.org/show.php?p=57&a=15

  • Creating Arbitrary Shellcode in Unicode Expanded Strings (Chris Anley)

    www.nextgenss.com/papers/unicodebo.pdf

Tracing, Bugging and Logging

  • Tracing activity in Windows NT/2000/XP

    "VTrace" system tracing tool (explanatory article)

    http://msdn.microsoft.com/msdnmag/issues/1000/VTrace/

  • "Interception of Win32 API Calls" (MS Research Paper)

    www.research.microsoft.com/sn/ detours /

  • "Writing [a] Linux Kernel Keylogger" (rd)

    Phrack Magazine, Issue 59, Article 14

    www.phrack.org/show.php?p=59&a=14

  • "Hacking the Linux Kernel Network Stack" (bioforge)

    Phrack Magazine, Issue 61, Article 13

    www.phrack.org/show.php?p=61&a=13

  • ".ida Code Red Worm analysis" (Ryan Permeh, Marc Maiffret)

    www.eeye.com/html/Research/Advisories/AL20010717.html

Paper Archives

The following list contains archives of useful papers. Most of these archives link to many of the papers previously listed, as well as to other useful texts .

  • http://julianor.tripod.com/bufo.html

  • http://packetstormsecurity.nl/papers/unix/

  • www.lsd-pl.net/papers.html


Previous page
Table of content
Next page
The Shellcoder's Handbook. Discovering and Exploiting Security
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors: Neal Krawetz
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Project Management JumpStart
Cisco IOS Cookbook (Cookbooks (OReilly))
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Programming Microsoft ASP.NET 3.5
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy