com/confs/hitb03/slides/HITB-AED.pdf
Writing Exploits www.syngress.com/book_catalog/327_SSPC/sample.pdf
Gray Hat Hacking: The Ethical Hacker??™s Handbook
168
CHAPTER 8 Advanced Linux Exploits
It was good to get the basics under our belt, but working with the advanced subjects
is likely how most gray hat ethical hackers will spend their time.
??? Format string exploits
??? The problem with format strings
??? Reading from arbitrary memory locations
??? Writing to arbitrary memory locations
??? Taking .dtors to root
??? Heap overflow exploits
??? Memory protection schemes
??? Compiler improvements/protections
??? Kernel level protections
??? Return into libc exploits
??? Used in non-executable stack/heap situations
??? Return into glibc functions directly
The field is advancing constantly, and there are always new techniques discovered by the
hackers and new countermeasures implemented by developers. No matter which side
you approach the problem from, you need to move beyond the basics. That said, we can
only go so far in this book; your journey is only beginning. See the ???References??? sections
for more destinations.
Format String Exploits
Format string errors became public in late 2000. Unlike buffer overflows, format string
errors are relatively easy to spot in source code and binary analysis.
Pages:
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343