0
Mari Men'smash' Stack!
Posted by Ennosuke Ajibana
on
Thursday, September 07, 2006
Aku rasa benda ni yang mulakan semua...
http://insecure.org/stf/smashstack.html (The Everpopular 'Smashing The Stack For Fun & Profit by Aleph One) <-- yg ni dah di'mirror' kat insecure.org. paper sebenarnya ada dlm phrack.org.
By Vangelis (aku rasa dia ni org Korea) :
http://neworder.box.sk/newsread.php?newsid=13007
http://neworder.box.sk/newsread.php?newsid=12476
http://neworder.box.sk/newsread.php?newsid=11535
Ader satu paper lagi oleh Zarul Shahrin tapi link ke site dia tu dah down.
Ni pulak dari Debian-Administration (http://www.debian-administration.org/articles/408)
--->8--cut here----
Note:
Starting sometime in the life of the Linux 2.6.x kernel series a new security measure was introduced, to randomise heap addresses. If you're running such a kernel all of these examples will fail.
To disable this protection run:
root@desktop:~# sysctl -w kernel.randomize_va_space=0
This will allow you to experiment with buffer overflows, whilst avoiding the need to use advanced exploitation techniques. (Which can be a lot of fun if you're bored :)
---8<--cut here----
ntah sebab apa aku minat sangat kat benda ni walaupun tak berapa faham sangat. yang aku faham mcm ni jer...
stack ni tempat simpan memori (memory buffer) yg ader prinsip LIFO (Last-In-First-Out). bila stack tu dah penuh, dia akan overflow (org sengaja buat dia penuh). time ni la dia akan jadi gila & org ambil kesempatan inject satu code (biasanya shellcode) utk membolehkan dorg run sesuatu program (biasanya shell) dgn root privilige. best...!
http://insecure.org/stf/smashstack.html (The Everpopular 'Smashing The Stack For Fun & Profit by Aleph One) <-- yg ni dah di'mirror' kat insecure.org. paper sebenarnya ada dlm phrack.org.
By Vangelis (aku rasa dia ni org Korea) :
http://neworder.box.sk/newsread.php?newsid=13007
http://neworder.box.sk/newsread.php?newsid=12476
http://neworder.box.sk/newsread.php?newsid=11535
Ader satu paper lagi oleh Zarul Shahrin tapi link ke site dia tu dah down.
Ni pulak dari Debian-Administration (http://www.debian-administration.org/articles/408)
--->8--cut here----
Note:
Starting sometime in the life of the Linux 2.6.x kernel series a new security measure was introduced, to randomise heap addresses. If you're running such a kernel all of these examples will fail.
To disable this protection run:
root@desktop:~# sysctl -w kernel.randomize_va_space=0
This will allow you to experiment with buffer overflows, whilst avoiding the need to use advanced exploitation techniques. (Which can be a lot of fun if you're bored :)
---8<--cut here----
ntah sebab apa aku minat sangat kat benda ni walaupun tak berapa faham sangat. yang aku faham mcm ni jer...
stack ni tempat simpan memori (memory buffer) yg ader prinsip LIFO (Last-In-First-Out). bila stack tu dah penuh, dia akan overflow (org sengaja buat dia penuh). time ni la dia akan jadi gila & org ambil kesempatan inject satu code (biasanya shellcode) utk membolehkan dorg run sesuatu program (biasanya shell) dgn root privilige. best...!