Hacking The Stack
Welcome back lockBoxx fans! Today, I am going to address one of the more prominent exploits, and longest rooted issues in the security industry: The buffer overflow. If you don't know assembly code, or programming languages in general, this article is NOT for you. You may have heard this term before, it refers to user input that can overwrite a variable somewhere in memory, to change program execution flow. The quintessential paper on this topic is Smashing The Stack For Fun and Profit, by Aleph One. It goes in deep on memory layouts, stack set-ups, finding buffer edges, taking control of the shell and exploits. A fantastic introductory paper to buffer overflows, that if you can understand and follow fully, should have you well on your way to assembly hacking. Although, Smashing the Stack is in a difficult to read format, especially if you are trying to follow the examples. Which is why, if you have read Smashing the Stack, enjoied it and would like more practice, I suggest picking up Hacking, The Art of Exploitation, by Jon Erickson. This is a great book, because not only does it cover the material in Smashing The Stack in much more detail, but at an easier pace too. My favorite part of 'Hacking' is the DVD it comes with to help you work through the examples. It goes into way more depth than Smashing The Stack, and is the next step up for anyone serious about assembly hacking. I think this quote best sums up the book 'Hacking', by Jon Erickson: "This book is for the security pro or would be hacker who want's to begin to see how deep the rabbit hole really does go. There is no other book like it on the market, and I've read most of them. Jon Erickson's code included in the book all works well as designed on Linux. The author also suggests some good free Linux tools for use with the code examples including most notably a hex editor, basic dissassembler, and packet injector." Theres some solid reading material for you lockBoxx fans. So step your assembler game up, and get immersed in buffer overflows. In the future I will be going into more detail on these subjects, so educate yourself now.