Libervis Network - For a Free WorldLibervis Projects | *** New Libervis.com announced! ***
Welcome guest. Need help? Register here and ask away! | Show what's new
Home

Exploits VS Buffer Overflows

Site revision and improvements in progress. Comments and suggestions welcome! Thank you for your understanding.

Submitted by kanenas.net on Sun, 2006-05-21 17:29.

What does Exploit means ?
Exploit is a very small program that when utilized causes a software vulnerability to be triggered and leveraged by the attacker.

What does Buffer Overflows means ?
Buffer Overflow occurs when a buffer that has been allocated a specific storage space has more data copied to it than it can handle.

So...
Have you checked your server's log files lately ???
Did you notice something like... this !!!

"..//..//..//..//..//..//..//..//"

This is NOT a good sign !

Check out the following 7 lines of code...

7 lines of code...

It is simple to understand what is going on...
Line 3: Creates a directory
Line 4: Changes to the new directory
Line 5: Then changes the root directory of the current shell to the directory ..//..//..//..//

Nice... Hmmm !!!
This is the traditional way to break out of chroot jails in a Linux Operating System !!!
Recently, I had such an expirience...
You will tell me... So what ?
OK ! Let us add now a little Shellcode.
Shellcode is the code executed when a vulnerability has been exploited.
Something like this...
Shellcode
Then try to execute that code.
As you see, it is getting "better" and "better" !
Of course, with the latest releases of the Linux Kernel, chroot jails has been fixed, BUT there will always be something that programmers have missed. After all, they are just human.

Conclusion: We need to write more secure code !

P.S
For security reasons, as you may have already notice, the two blocks of code are in .jpg style !!!

»
     Login or register to post comments  Delicious  Digg  Reddit  Magnoliacom  Newsvine  Furl  Google  Yahoo  Technorati  Icerocket  6 points
a thing's picture

the JPEGs

Submitted by a thing on Mon, 2006-05-22 22:02.

There's not much point to them, the determined can still copy it fairly easily.

»
kanenas.net's picture

About the JPEGs

Submitted by kanenas.net on Wed, 2006-05-24 00:08.

I know that everybody can copy the text inside the JPEG !

I just didn't want to get a...

 

YOU DON'T HAVE PERMISSION TO POST IN THIS FORUM !!!

 

Because a lot of admins (well doing their jobs !) they don't let that kind of code to be inserted...

That's all

Innocent

»

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

We have 1751 members who wrote 2012 articles and 11730 comments. Welcome to our newest member, tUARfHAYW!

Who's online

There are currently 2 users and 12 guests online.

Online users
Nuxified RSS feed