OFFSEC – Writing Buffer Overflows and Reverse Engineering compiled binaries

https://www.exploit-db.com/docs/47032

This tutorial started as a simple attempt to take notes and follow my curiosity on C programming, Assembly and Buffer Overflows work.

Don’t take anything here as gospel because the content was written by a high-school drop-out without any formal computer science background. If you find something wildly wrong then let me know. From what I can tell, overall this work is directionally accurate.

The PoC and much of the content is compiled and inspired from various CTFs, Online Videos, UPENN, Renseller, Blackhat presentations,exploit researchers on exploit-db and more.This entire paper looks at technology from the perspective of someone who needs to learn from the ground up. All the tutorials and blogs on Buffer Overflows either show a basic “Input data here” C program or use well known vendor products.

There little mention on the C programming language or the memory protections within. There is little mention of the pain of taking pre-compiled binaries that you did not write and attempting of fuzz it, reverse engineer it and understand it before throwing your garbage at the program.Most tutorials dive straight into intimidating debuggers GUIs without starting in a simple GDB screen never forcing the user to think about what they need to see. All the blogs, tutorials and training tells you to disable modern memory and stack protections without explaining the critically of them and the difficulty of developing a successful exploit in the modern world. And there is little interdisciplinary mention of implementing the protective and detective technology that relates to the buffer overflow.All this leaves the technology new-comer wildly unprepared or the least blissfully ignorant, including myself. In the unlikely chance that someone starting their career stumbles upon this paper online, I hope you find that it is historically as useless as the papers and tutorials that came before it. I hope it inspires you to learn more and build upon and correct it.

There is no money involved here, no corporate sponsorship, no edu homework or anything like that. Just someone who loves learning who wrote it all down. If you’re foolish or bored enough to go any further, what will you find?

1.Basics of C Socket programming

2.C Socket program code w/ Inline comments on how to write a Socket program in C

3.Basic fuzzer development in Python

4.Basic of reverse engineering pre-compiled Binaries found online with NSA GHIDRA

5.Basics of using GBD and EDB debuggers

6.Intro material on x86 Assembly and Memory

7.Crashing the Stack (Buffer Overflow PoC)

8.Static Analysis of Insecure Functions in C

9.Basics on the Mitigations to Buffer Overflows

10.Basics on Bypassing Buffer Overflow Mitigations

11.Basics on Detecting Buffer Overflows and Post exploit activity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s