Description: Welcome to Part 4 of the Buffer Overflow Primer. If you have not already done so, please start this series by viewing Part 1. The Buffer Overflow Primer requires that you know at least some basic Assembly Language. I have created a series of Assembly Language video tutorials for Hackers here, for those not familiar with the language.
In this video we will look at how to create shellcode for the Execve() syscall. We will first create a C program to spawn a shell using Execve(), then we will disassemble the program to understand how the syscall works and the kind of inputs it expects. We will cover this part in-depth and trace through individual instructions and recreate the program stack before execve() is called. Once the disassembled code has been understood, we will create our own program in assembly to spawn a shell using Execve(). This video is very important for those who want to learn how to convert a complex syscall() into its working assembly language equivalent.
Tags: programming ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Thank for this video Vivek.
But I have a different assembling code for the function main (see below). I've understood why we allocate 20 bytes rather than 8 bytes, but I don't know why : a different compilation method ??? I've compile the program with this instruction : gcc shell.c -o shell -mpreferred-stack-boundary=2 -ggdb
Thank you in advance for your help.
01- push %ebp
02- mov %esp,%ebp
03- sub $0x14,%esp
04- movl $0x80484c0,-0x8(%ebp)
05- movl $0x0,-0x4(%ebp)
06- mov -0x8(%ebp),%edx
07- movl $0x0,0x8(%esp)
08- lea -0x8(%ebp),%eax
09- mov %eax,0x4(%esp)
10- mov %edx,(%esp)
11- call 0x80482f8 <execve@plt>
12- mov $0x0,%eax
13- leave
14- ret
Excellent visual representation..Thanks
Again, this is a great video. Thank you for your time and effort.
Is there anyway you could release your slides for us to review? I would really like to have the slides for review when studying.
Thanks.
@AHMZAO I have noticed the same problem. This is caused by using the newer version of BackTrack instead of BT3.
@JCasper I have been wondering the same thing.
Having the slide decks would be a wonderful resource!
Awesome video. Starting to get a grasp of this now. Thanks
Video is awesome, my only request is that you put a link to the next video in the description. This way I dont have to keep going back to the list of videos to get to the next one. Cheers
Hello Vivek, it is another great video, I am also half way finishing your wireless Sec. tutorials. Hey Guys Wireless security tutorials are also awesome created by Vivek, check that out. Thank you
Hello Vivek, it is another great video, I am also half way finishing your wireless Sec. tutorials. Hey Guys Wireless security tutorials are also awesome created by Vivek, check that out. Thank you
hi vivek you are awsome as usual.
i have a question can we get dump for this program in hex using objdump - d .when i tried this it is giving a continuous string
I need someone who is capable of hacking* websites & accessing their email database
I don't need scraping,web crawling or extractors
I need this sites HACKED so I gain access to their email DB
I will need to test the result u give me,if it checks out,I am willing to pay up to 3000$
per website and 10-20 websites monthly,which will increase upon delivery of faster & quality
service
Pls note,CONTINUITY is what I am after...I NEED A GOOD PARTNER I CAN WORK WITH FOR A VERY
LONG TIME!. I HAVE AT LEAST 500 WEBSITES ON MY LIST AND IM WILLING TO PAY 3000$ PER WEBSITE
PLEASE SEND ME A MAIL IF U CAN DO THIS ASAP ; omorye007 (at) yahoo (dot) com
Cheers
Awesome, thanks.
Thanks so much for these videos, i was getting lost at the assembly part of things in a lot of other tutorials, but your explanation about the movement on the stack and how to manipulate this / set up relative addressing etc. is really helping me a lot to understand the underlying structure of programs and what happens on a low level in the computer.
Thanks again, you're a very good teacher!