jaredhaight/buffer_overflow_notes.md

Last active March 26, 2016 20:07

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jaredhaight/45064431db2f5947bd6f.js"></script>
Save jaredhaight/45064431db2f5947bd6f to your computer and use it in GitHub Desktop.

Download ZIP

Some notes on Buffer Overflows. This supplements a presentation that I gave for Chaha.

Raw

buffer_overflow_notes.md

Terms

Stack: Location in RAM where the processor stores stuff (variables, functions, etc)
Registers: Locations on the CPU where data is stored/processed.

Immuity

Good walk through here
Tricks
- Sometimes the registers screen goes blank, to fix this by toggling the view (hit the "C" button)
- If you're searching for a memory address and it doesn't show up the first time, run the search again. Theres a bug in Immunity that causes this

Writing shell code

Do the work to figure out how much space you have to work with. Shellcode wont pop if it gets truncated
Make sure your bad characters are accurate. 0x0d and 0x0D are two different things
In the comments of your script, past the msfpayload command used to generate the shell code
Restart the computer any time you execute a payload. Payloads tend to mess up programs in weird ways. Better to clean everything out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment