Quick Access

User login

Who's online

There are currently 0 users and 0 guests online.

Visitors Map

Site Counter

  • Site Counter: 502774
  • Registered Users: 57238
  • Published Nodes: 330
  • Your IP:
  • Since: 2008-09-09

Link Exchange

BlogCatalog Blog Directory
Technology Business Directory - BTS LocalTop stories
Click here

Live Traffic Info

Writing Windows Buffer Overflows Exploit- A step by step tutorial


Writing a buffer overflow attack against a Windows program present several challenges that make it a bit more difficult than writing exploits on a Linux platform. In addition to not having popular tools such as gdb (the GNU Debugger) an attacker is faced with a closed box. Not only are most Windows applications closed source, but the operating system itself doesn't provide much transparency. When taken together this makes an attackers job fairly daunting.

Windows buffer overflow attacks are quite possible, however, and I'm writing this tutorial to walk you through developing one such attack. This article assumes some prior knowledge of assembly, x86 architecture, C and Perl programming. I hate to raise the bar like that, but if you're not familiar with these concepts then writing buffer overflows will be next to impossible as their inner workings hinge on all of these topics. While there are many tools you can use to assist in the process of finding and exploiting buffer overflow vulnerabilities, without a thorough understanding of how they work you're going to have a very hard time actually creating new exploits.

I'm going to skip over the obligatory explanation of what a buffer overflow or shellcode actually is because others have done a much better job in other places on the web. Poke around and you're sure to find some excellent articles explaining exactly how this sort of attack works. For the purposes of this tutorial we're going to attack an explicit (known) vulnerability in a certain piece of software. You can use this process to develop exploits for other programs as soon as vulnerability announcements are released.

Read Full Article here :Mad Irish

Your rating: None Average: 3.3 (9 votes)

Some other tutorials about

Some other tutorials about exploit writing can be found here :

* Stack based overflows (direct RET overwrite) :
Tutorial Part 1

* Jumping to shellcode :
Tutorial Part 2

* Stack based overflows - SEH
Tutorial Part 3

* Stack based overflows - SEH part 2
Tutorial Part 3b

* Writing Metasploit exploits
Tutorial Part 4

* Using debuggers to speed up exploit development
Tutorial Part 5

* Bypassing Stack Cookies, Safeseh, NX/DEP and ASLR
Tutorial Part 6

* Writing stack based unicode exploits
Tutorials Part 7



Sponsered links

Bookmark Us!


Page Rank


Time is our most precious asset, we should invest it wisely.

Explore Tags

Follow Us