Exploit a stack overflow vulnerability.
Loading...
Link to this comment:
Uploader Comments (youhakim)
Top Comments
-
invisiblehero keep your negative comments to yourself. This dude has done a good job in posting some nice vids on assembly and others don't ruin that.
2 years ago 4
All Comments (20)
-
Nicer job! So if program 1 was an OS or other essential component like IE, you could serve this to computer inside a commonly installed app, or commonly visited website. The error would occur, and you could change the system. This is a fun video, thanks for the tutorial! Seeing this done in assembly would have been nice too! Yay op codes!
-
nice video!
-
good
-
I was on cnn . com and a box popped up that said "Stack overflow at line: 0". What the hell is this?
-
i dont get it all, becuz of the acent, but great dude! thanks for sharing :D
-
@ProDiago Have a look at how an operating system behaves in a buffer overflow situation. Typically you would introduce code into memory then, through the use of buffer overflow, cause the processor to execute the code beginning at that particular adress in memory.
In most cases, this is code that elevates your access priviliges on the system to that of an administrator. After that, it's christmas.
Disclaimer: It is (probably) illegal to do it the way you are thinking of it right now.
-
You code in notepad?!
-
Hi
In instances where you can cause similar overflows, how could you use this as an injection vector to insert commands to change the program?
In your example, the ASCII for "C" appears, but how could this be adapted to exploit a system vulnerability with overflows?
Thanks. Great videos too.
- 12:48Buffer Overflow Tutorialby luxancap1,210 views
- 11:49Buffer Overflow Exploit - 1by c2ypt1c1,978 views
- 9:32Implementation of Caesar cipher in javascript (2)by youhakim2,105 views
- 7:26Implementation of Caesar cipher in javascript (1)by youhakim2,063 views
- 1:10:01RavenOverflow - building a StackOverflow clone ...by HibernatingRhinos5,323 views
- 7:35Exploits - Part 2 - 1.movby DHAtEnclaveForensics4,531 views
- 8:37Simple Stack-Based Buffer Overflow Exploitation...by Spirotot12,648 views
- 5:15Batch file 1: Substitute spaces in filenamesby youhakim1,252 views
- 2:02Shellcode example for Win XP SP2by memo17013,592 views
- 0:14Don't ever allow to stack overflow on AVR Atmeg...by Manekinen59,300 views
- 9:54Windows Stack Overflow Tutorial Part I - Theoryby skilltutos2,184 views
- 2:44C BUFFER-OVERFLOWby Animatixxking2,875 views
- 9:49Matching game in javascript, part2by youhakim1,571 views
- 9:55Programming md5 hash generatorby youhakim6,773 views
- 3:33Microsoft Live Labs Pivot and Stack Overflow Da...by jbristowe1,654 views
- 11:58Buffer Overflow Attack Video Tutorialby Hackveda817 views
- 8:12Tutorial Stack Overflow no Windows pt-br [co1ote]by co1ote1,177 views
- 3:41Uli Drepper, Part 1: Buffer Overflowsby shadowmanfilms3,161 views
- 2:39Stack Overflow Careersby StackCareers546 views
This comment has received too many negative votes show
first of all, everyone who codes PROPERLY and EFFICIENTLY knows that strcpy() is horrible for overflows. How about if one is to write a program, make proper bounds checking..
invisibleheero 2 years ago
My mistake! I was thinking that people who watch this video are intelligent enough to understand that this is a simple demonstration of a buffer overflows and how it works!
youhakim 2 years ago 8
What kind of harm overflows can make! I do not see that overflows can benefit the hacker to control over my algorithm, etc.
unknown84 3 years ago
Well, the hacker can own your computer if he succeeded in exectuing code that expoits a buffer oveflow vulnerability in a particular software. Let's suppose you use Internet explorer to visit a web site, the website happens to host malicious code that exploits one of -a known or not- buffer overflows in IE, ... if this happens and it does a lot then you can imagine the harm!
The video simplfy things because I used the exploit to execute internal code!
youhakim 3 years ago
Hakim, your name is familiar to me, its been a long time u did not post something else, is any thing new coming up ?
meaculpa1 3 years ago
Yeah, it's true that I didn't post anything since a long time, and I am sorry for that because I am busy all the time these days and I have no PC at home to record videos, ... I have only a laptop to do my work, you know ... the work that pays the bills :)
Thanks meaculpa1 for your comment.
youhakim 3 years ago