I could go into a lot of detail here, but I guess it would be mostly off-topic.

However generally a successful buffer overflow attack requires two things:

Once you've written past the end of the buffer to be overflowed, and modified the saved "return address" value you want to write the address of your shellcode there. The net result is that once the buffer is overflown your own code gets executed, and you win!

Traditionally this is done by saving the code to execute in an environmental variable - which will exist in all processes spawned by a parent shell, and which won't move around.

So the process becomes:

Or you could cheat and use a pre-made tool to do all the work ..

Steve
--

In reply to Re^4: Finding stack addresses by skx
in thread Finding stack addresses by perianmellon

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.