c
??? Ramifications of buffer overflows
??? Local buffer overflow exploits
??? Components of the ???exploit sandwich???
??? Exploiting stack overflows by command line and generic code
??? Exploitation of meet.c
??? Exploiting small buffers by using the environment segment of memory
??? Exploit development process
??? Control eip
??? Determine the offset(s)
??? Determine the attack vector
??? Build the exploit sandwich
??? Test the exploit
Why study exploits? Ethical hackers should study exploits to understand if a vulnerability
is exploitable. Sometimes security professionals will mistakenly believe and publish the
statement: ???The vulnerability is not exploitable.??? The black hat hackers know otherwise.
They knowthat just because one person could not find an exploit to the vulnerability, that
doesn??™t mean someone elsewon??™t find it. It is all a matter of time and skill level. Therefore,
gray hat ethical hackers must understand how to exploit vulnerabilities and check for
themselves. In the process, they may need to produce proof of concept code to demonstrate
to the vendor that the vulnerability is exploitable and needs to be fixed.
147
Stack Operations
The stack is one of the most interesting capabilities of an operating system.
Pages:
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312