Vulnerability Development mailing list archives

Re: sample buffer overflow exploit problem

From: "sohlow" <sohlow () hushmail com>
Date: Mon, 29 Sep 2003 12:19:10 -0700

Is there anyway I can generate shellcodes in FreeBSD?


a good tute to check out [for bsd/unix asm development] is at
http://www.int80h.org/bsdasm/

next thing you'd need to do is find a list of the syscalls you
wanna use. use the src as a last resort.

sohlow

From: Ganbold <ganbold () micom mng net>
To: vuln-dev () securityfocus com
Subject: sample buffer overflow exploit problem
Date: Sat, 27 Sep 2003 16:54:59 +0900

Hi,

I'm very new to buffer overflow exploit technics and my boss wants me

to

thoroughly understand
how it works. I'm trying to exploit sample network server in FreeBSD

5.1

for this purpose.
When I try to exploit using execve /bin/sh (shellcode1), it works and

launches the shell in the remote machine.
However when I try to use port binding shell code, it binds shell to

the

port, but when I try to connect to
it, it just closes the connection. Also I can't connect to bind port

after

sending buffer using following code snippets:
..............
      printf("[-] Connecting to bindshell...\n");
      remote.sin_family = AF_INET;
      remote.sin_addr = *((struct in_addr *)host->h_addr);
      remote.sin_port = htons(12345);
      if (connect(s, (struct sockaddr *)&remote, sizeof(remote))==-1)
      {
              close(s);
              fprintf(stderr, "Error: connect\n");
              return -1;
      }
      exec_sh(s);
...............

I appreciate if somebody give me some help to solve this test problem.
Is there anywhere I can find detailed explanation about buffer overflows

and working sample network exploits?
Is there anyway I can generate shellcodes in FreeBSD?

I attached my sample server code and exploit code.

thanks in advance,

Ganbold Ts,

senior programmer,
Micom Co., Ltd
Ulaanbaatar,
Mongolia




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Current thread:

sample buffer overflow exploit problem Ganbold (Sep 27)
- Message not available
  - Re: sample buffer overflow exploit problem Ganbold (Sep 29)
- Re: sample buffer overflow exploit problem upb (Sep 29)
- <Possible follow-ups>
- Re: sample buffer overflow exploit problem deepcode . (Sep 29)
  - Re: sample buffer overflow exploit problem Ganbold (Sep 29)
  - Re: sample buffer overflow exploit problem Ganbold (Sep 29)
  - Re: sample buffer overflow exploit problem Ganbold (Sep 29)
- Re: sample buffer overflow exploit problem sohlow (Sep 29)
- Re: sample buffer overflow exploit problem Vade 79 (Sep 30)
- RE: sample buffer overflow exploit problem Ganbold (Sep 30)
- Re: sample buffer overflow exploit problem Ganbold (Sep 30)
  - Re: sample buffer overflow exploit problem Gerardo Richarte (Sep 30)