Skip to main content
Welcome guest. | Register | Login | Post

Exploits VS Buffer Overflows

What does Exploit means ?
Exploit is a very small program that when utilized causes a software vulnerability to be triggered and leveraged by the attacker.

What does Buffer Overflows means ?
Buffer Overflow occurs when a buffer that has been allocated a specific storage space has more data copied to it than it can handle.

So...
Have you checked your server's log files lately ???
Did you notice something like... this !!!

"..//..//..//..//..//..//..//..//"

This is NOT a good sign !

Check out the following 7 lines of code...

7 lines of code...

It is simple to understand what is going on...
Line 3: Creates a directory
Line 4: Changes to the new directory
Line 5: Then changes the root directory of the current shell to the directory ..//..//..//..//

Nice... Hmmm !!!
This is the traditional way to break out of chroot jails in a Linux Operating System !!!
Recently, I had such an expirience...
You will tell me... So what ?
OK ! Let us add now a little Shellcode.
Shellcode is the code executed when a vulnerability has been exploited.
Something like this...
Shellcode
Then try to execute that code.
As you see, it is getting "better" and "better" !
Of course, with the latest releases of the Linux Kernel, chroot jails has been fixed, BUT there will always be something that programmers have missed. After all, they are just human.

Conclusion: We need to write more secure code !

P.S
For security reasons, as you may have already notice, the two blocks of code are in .jpg style !!!

Comments

the JPEGs

There's not much point to them, the determined can still copy it fairly easily.

About the JPEGs

I know that everybody can copy the text inside the JPEG !

I just didn't want to get a...

 

YOU DON'T HAVE PERMISSION TO POST IN THIS FORUM !!!

 

Because a lot of admins (well doing their jobs !) they don't let that kind of code to be inserted...

That's all

Innocent

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.