Knowledge is not an object, it’s a flow
Save the environment - don’t print this document !
If you want to show your respect for my work - donate : http://www.corelan.be:8800/index.php/donate/
http://www.corelan.be:8800 - Page 1 / 12
Peter Van Eeckhoutte's Blog
:: [Knowledge is not an object, it´s a flow] ::
Exploit writing tutorial part 1 : Stack Based Overflows
Peter Van Eeckhoutte · Sunday, July 19th, 2009
Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via
packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way, failed to
work on my MS Virtual PC based XP SP3 En). Another exploit was released just a little bit later.
Nice work. You can copy the PoC exploit code, run it, see that it doesn’t work (or if you are lucky, conclude that it works), or… you can try to understand the process of
building the exploit so you can correct broken exploits, or just build your own exploits from scratch.
(By the way : unless you can disassemble, read and comprehend shellcode real fast, I would never advise you to just take an exploit (especially if it’s a precompiled
executable) and run it. What if it’s just built to open a backdoor on your own computer ?
The question is : How do exploit writers build their exploits ? What does the process of going from detecting a possible issue to building an actual working exploit look like
? How can you use vulnerability information to build your own exploit ?
Ever since I’ve started this blog, writing a basic tutorial about writing buffer overflows has been on my “to do” list… but I never really took the time to do so (or simply
forgot about it).
When I saw the vulnerability report today, and had a look at the exploit, I figured this vulnerability report could acts as a perfect example to explain the basics about
writing exploits… It’s clean, simple and allows me to demonstrate some of