From the course: Penetration Testing Essential Training
Join today to access over 24,900 courses taught by industry experts.
Understand buffer overflows - Linux Tutorial
From the course: Penetration Testing Essential Training
Understand buffer overflows
- [Person] There are a number of ways to achieve remote code execution on a server, and one of the ways is to trigger what's known as a buffer overflow. We can do this by sending a malicious exploit packet to an open service that has a buffer overflow vulnerability. This then results in the target executing code from our packet. We can see how this works by running a vulnerable program through a debugger. Let's do this with MASM so that we can see the instructions clearly. I've written a small MASM program, which uses the Windows GUI, called "buffalo.asm." This simulates just a fragment of an application. Take a look at the lines just below the ".data" declaration. There's a data field called "Packet." This is simulating a packet that we've received from an input request for the user's name. I've put my name there. Let's just ignore the commented-out fields for the moment. Further down, we can see the hello message, which expects to have a name inserted. Let's look at the lines just…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.