The Stack-based Buffer Overflow Hands-on
Tutorials
-
A stack-based buffer overflow tutorial
#1 - Contains a step-by-step process on creating the vulnerable C code and the
exploit. The OS used is Fedora Core 3 (kernel 2.6.xx) with demonstration on
escalating the user to root. All the process has been nicely documented. You
will found there is not many protection and/or detection mechanisms implemented
at the various stage of computer system compared to the second tutorial.
-
A stack-based buffer overflow revisited
- This is the 2008 version demonstrated on the Fedora 9 as a guest OS on Win
XP Pro SP2 using VMware virtual OS. In the demonstration, the related detection
and protection mechanisms implemented by Fedora 9 (kernel 2.6.xx) have been
explored. One of the important info related to the Intel's processor execution
environment also included in this report which normally found missing in most
buffer overflow tutorial, reference or guide. This info is very important because
the compiler flow of processes are based tightly on this mechanism. In addition,
a few 'loop holes' found originated from the processor execution environment.
In the literature review, the current and previous detection and protection
schemes also were discussed. It is a wide coverage but with compact presentation.
The analysis ends with some practical recommendations and future research on
buffer overflow.