5

I'm looking for a very simple application that has an intentional Buffer Overflow embedded in it. I'm assuming this possible in systems where DEP and ASLR are not being used

Ideally (and if possible) I'd like to demonstrate this in unmanaged and managed runtimes. Since managed run times like .NET or Java aren't intended to ever overflow, I suppose it would be OK for the .NET to use unsafe code (and the equivalent in Java)

makerofthings7
  • 50,488
  • 54
  • 253
  • 542
  • I attended a cool webinar last month called "Exploit Development For Mere Mortals" by Joe McCray, but I can't seem to find it. He promised uploading recordings, so they might be out there. Featured a buffer overflow web server application. – Henning Klevjer Oct 23 '12 at 07:06

1 Answers1

6

No such things exists on a modern system. 10 years ago I would have said one of the samples used in Smashing the Stack for fun and profit (probably example2.c). But today buffer overflows are very complex and no two exploits are the same. Buffer overflows are no longer the tool of choice for criminals.

rook
  • 47,004
  • 10
  • 94
  • 182
  • I was inspired by your answer today on DEP and ASLR. If those technologies aren't being used, or implemented incorrectly, is a buffer overflow still possible? – makerofthings7 Oct 23 '12 at 04:06
  • @makerofthings7 Well, thank you. Actually these technologies are imperfect and thats why buffer overflows and other memory corruption vulnerabilities are still useful... although not nearly as useful as they once where. – rook Oct 23 '12 at 05:13
  • 1
    @makerofthings7 Buffer overflows work great for systems with DEP and ASLR switched off. If you've got DEP but no ASLR, a ROP chain can be used to make a buffer overflow work. If you've got ASLR and no DEP, you can use tricks like heap spraying / nopsleds to make them work. If they're both enabled, you need an information leak (known pointer on the stack) which you can then combine with the aforementioned tricks. Modern exploitation of such vulnerabilities gets complicated fast! – Polynomial Oct 23 '12 at 07:48
  • 1
    I highly recommend checking out the CoreLAN exploit writing tutorials: http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ – Polynomial Oct 23 '12 at 07:49