Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Saturday, April 25, 2015
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 19
TeamSpeak Online : 5 Members Online: 2

Registered Members: 88048
Newest Member: AashirHacker
Latest Articles
Our sponsor needs your help!


One of our sponsors needs your help, http://www.virginmediabusiness.co.uk/pitch-to-rich/grow/krystal-hosting/
Go check out their video and Don't forget to vote !


~ Thanks for your help
HBH
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

How to execute buffer overflows


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-10 12:03
Hey guys, just wondering, but before I start reading up on buffer overflows, I want to know if their mostly remotely executable and how most of them are done Pfft I know the three exploits for apache 2.0 my friends server is running are all buffer overflows, he said he said hed let me get into it before he updates his server. But I just want to know if buffer overflows are for the most part -- remotely exploitable -- and if apache 2.0's exploits are remotely exploitable. They can be found with a quick google search "apache server 2.0 exploits." Thanks guys!




Edited by rex_mundi on 11-12-13 13:42
Author

RE: How to execute buffer overflows?

ynori7
Member



Posts: 1486
Location: #valhalla
Joined: 08.10.07
Rank:
God
Posted on 17-12-10 12:46
Are buffer overflows remotely exploitable? As opposed to what? Buffer overflows are exploitable as long as you're able to insert the malicious input.


halls-of-valhalla.org/images/affiliateLogo.png voodoorage.halls-of-valhalla.org/images/smallLogo.png
i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg
ynori7 http://halls-of-valhalla.org
Author

RE: How to execute buffer overflows?

suid
Member



Posts: 33
Location: /
Joined: 12.11.10
Rank:
Newbie
Posted on 17-12-10 13:23
Buffer overflows are executable whereever there is an app running that is vulnerable to this attack. If that service is a networked app then it is probably remotely exploitable. Whatever means a user has to accessing the service is the same way an attacker can exploit the program. If the program is not networked then it is probably just a priv escalation, DoS, crash, etc.

suid
Author

RE: How to execute buffer overflows?

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 17-12-10 15:45
If you understood buffer overflows to any degree, you wouldn't be asking this question.
I suggest you try to learn more about how programs work before you worry about exploiting them.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: How to execute buffer overflows?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-10 22:32
I know, I'm sorry I dont know more about them, I just found a nice ebook I'm going to read. I was just looking for an answer wether or not they were remotely exploitable -- And it was quickly answered, thanks guys Smile I'm not going to try and exploit anything yet, but after reading up on the apache 2.0 server exploits, how would i execute them? I dont want to do anything yet, because I want a full understanding before I skid the hell out of a site. But just to null my curiosity Pfft


Author

RE: How to execute buffer overflows?

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 17-12-10 23:28
They are executed by creating/downloading programming code that exploits the vulnerability, and then inserts a "payload" into the system's memory so it is executed. The payload is usually in Assembler, and does things like opening remote programs or creating shells.

That's a severely over simplified version, and the process can vary depending on the exploit type, but that's generally how it goes.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: How to execute buffer overflows?

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 17-12-10 23:34
./hax



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: How to execute buffer overflows?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-12-10 05:50
Hmm, alright I read part of the ebook, and it just assumes I know how to execute them -- like for example the infamous IIS 5.0 buffer overflow its something like http:site.com/255%/script/%255/c:/cmd.exe or something along those lies, anyways, say I found a buffer overflow, how would I execute the shell code? Could anyone explain it to me? Or point me to an ebook/tutorial? I'm sort of grasping this concept, but I cant quite fit my head around it. Theres alot of things I cant quite fit together yet -- like executing the shell code remotely for example. Thanks for any replies.


Author

RE: How to execute buffer overflows?

j4m32
Member

Your avatar

Posts: 81
Location:
Joined: 01.05.10
Rank:
Newbie
Posted on 18-12-10 15:00
Hey there,

I hate to burst your bubble.

What you've quoted isn't exactly a 'buffer overflow exploit' and has nothing strictly to do with 'shellcode' (this is a different term completely), but it is however an exploit of paths and how IIS filters the HTTP 'path' (I guess it's called) passed before it then reads the file and decide either:

1) display as HTML/image/etc to the clien
2) executes something, such as ASP or PHP, to then return the output to return to the client.

IIS assumes all paths are relative to the wwwroot directory so you can essentially change directory and as you correctly state, run DOS/Command Prompt on the server. However do not confuse the term 'shellcode' in this, because that is primarily used where raw op code instructions are involved and you're overfilling an array of values / block of memory of fixed size within the program where it uses non-memory safe functions.

For buffer overflow in IIS 5.0 you need to be looking at the "Host: " part of the HTTP request and what IIS does with it. You'll need some knowledge of Assembly, CPU and how instructions are carried out, (maybe) memory addressing schemes, how functions are executed and knowledge of the stack for the parameters to the function.

In main system memory, there are three segment "types":
1) Data
2) Code and
3) Stack

A lot of buffer overflow is done by exploiting the stack segment of the program where it uses non-memory safe functions. I believe there are other forms of doing buffer overflow.

To exploit it you add some op codes to "jump" (putting the instruction pointer) to the address they're "injected" on to the stack and then it will execute what you put after that address in place of the original programs' functionality.

This often requires disassembling the code to find the point at which it does all this, to know what various register values are so that you can do a relative short relative memory address jump rather than an absolute memory address - this is because we cannot guarantee the location that IIS is loaded in to memory in the "same place" every time.

*Correct me if I am wrong here, I am no expert on this as I've only ever read about it and tried a few examples*

http://www.tonews.com/thread/730158/viwa/crack/and/hack/hacking_iis_50_the_complete_guide.html This might be of use.

Note: We don't normally say "remotely execute the code" if you consider, in this case, each system separate... some code runs "locally" on the server (IIS), and on the client (Web Browser / some program with sockets that immitates a web browser request). So the term remote is a bit redundant and miss leading.

You will, however, see the terms "remote code injection" in or "remote file include" in things like ASP/PHP script exploits.

*Again, if I have used terminology incorrectly let me know I'm a bit rusty*

Hope this helps!

Jim,

Edited by j4m32 on 18-12-10 15:03
Author

RE: How to execute buffer overflows?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-12-10 19:00
Ahh thank you for the reply! I really appreciate it and it cleared up alot.


Author

RE: How to execute buffer overflows?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-12-10 19:13
Hey one last question -- I read that artice you gave me -- it was invaluable, ,I loved it, however it says that IIS 5.0 exploit is vulnerable via the URL (duh) however most people recommend netcat for these types of exploits... if I'm going to start running buffer overflows and server exploits, what tools should I use? And if anyone says firefox, I'm just going to feel really dumb. :angry:


Author

RE: How to execute buffer overflows?

j4m32
Member

Your avatar

Posts: 81
Location:
Joined: 01.05.10
Rank:
Newbie
Posted on 18-12-10 21:52
No no, not a dumb question I think,
given that you've not learned anything about networks (data is sent as packets so called "datagram" structures at the application level)


Think about what it is your trying to pass to the server in the URL:

1) If it's just [a-zA-Z0-9] text type characters rather than raw bytes / op codes, yes you can in the original case you posted about, use a web browser. Since this exploit doesn't provide you an interactive interface with the command prompt you initiate on the server, but rather you can tell it to execute a command and you might get some feed back.

2) If you're doing buffer overflow stuff, you maybe better off learning a programming language that gives you the power to open a connection to a host and send it the specifically formatted "exploit string".
This maybe in the form of a script language like Perl/Python, even in PHP you can run on your local machine has capabilities of interfacing with the network.

Why? Well, there are two parts to this,
a) we can make sure the program sends the exact binary data to the server which we cannot be certain a web browser would do (at least I think so).

b) it give you greater power to manipulate the format of the exploit and hopefully find an exploit that works, it's rather teadious doing this stuff by hand with PuTTY or Telnet and pasting it in, and again we would have problems with NULL character, and all sorts, as the clipboard treats it as a "string" rather than binary if you wrote it out in a text editor.

Once you have done it once, I reckon it is then easier to pick up the example you know and understand how it works, and then apply it again to a similar challenge.

*Addon to previous post: May need a disassembler too... There are many out there: W32DASM, IDA, HVIEW, OllyDebug (Freeware) and gdb (OpenSource Win32 & Linux/UNIX versions).

Hope this suffices!

Jim,
Author

RE: How to execute buffer overflows?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-12-10 04:29
Hey, with case 1 like you said, are you refferring to SQL injection and RFI? Also I'm reading a book on shell code, and Im re-learning C. I learned it back when I was 12 so im re learning quick, and learning a ton about networking -- I stripped it down from the physical layer to the application layer and now i understand how TCP and UDP work and what their heights and downfalls are. However, I dont mean to become a charity case, but I'm a real visual learner, and I cant find any youtube videos on using shellcode to exploit a server. Could you hop on TeamViewer or something of the sort and demonstrate it for me? If not thats fine, I'm learning at a steady rate, I'd just learn more that way. And thanks for the help man!


Author

RE: How to execute buffer overflows?

j4m32
Member

Your avatar

Posts: 81
Location:
Joined: 01.05.10
Rank:
Newbie
Posted on 19-12-10 12:11
Good that you've read around...

Where did you pluck SQL injection and Remote File Inclusion from? Grin
You can do those in a browser, or in a program if you want to, the HTTP Server obviously can't differentiate between the two. (They're both unrelated to the first case)

*In the first case, nothing you're doing has anything to do with "remote" anything. You're simply telling IIS, which is run as System, to execute Command Prompt which will also be run as System, inherited from IIS.*


I've only ever followed some examples on buffer overflow, a long time ago, so it would be useless me attempting to show you anything... I know there is a very good article written on this website which would probably be more suitable. Again for shellcode, you'll need to know assembly.

A visual demonstration of what goes on in memory would probably help you understand all of what is gong on, most of the time no one does that they assume the knowledge and just show the "proof of concept".

But it needs a lot of explanation about various other things, to get it across to someone with minimal knowledge of this low level machine code and how it all works.

Things like: assembly instructions [mov, shl, shr, jmp, jne, jnz..., you might need to know about different addressing schemes (absolute - the value at the address / indirect - a pointer to the value), how functions are called and how their parameters are passed by using the stack, passing by reference (address of an object) and passing by value(passing the value stored in that object)... etc.

I don't have TeamViewer, not sure I can help you much further unless I do some of it myself anyway...
Hope this helps...

Jim,
Author

RE: How to execute buffer overflows?

techb
Member



Posts: 384
Location:
Joined: 15.02.09
Rank:
Moderate
Posted on 19-12-10 14:03
For more on buffer overflows check out www.cultdeadcow.c. . .s/cDc-351/.


www.userbars.com/74460/665255/337-7865-ubda3219.gif
kbcarte.wordpress.com
Author

RE: How to execute buffer overflows?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-12-10 18:50
Thanks for the replys guys! Thanks for the site also, I downloaded the list of tools, so far you guys have been a huge help. And for any other help ful members that come along this post, Id really love to see you do a buffer over flow, I'm still fairly lost as of how to execute the shell code. I mean, I get how its made, but executing it on another server.. thats totally beyond me. Thanks guys Smile