
My first buffer overflow exploit: pretty easy - jvns
http://jvns.ca/blog/2013/10/28/day-17-buffer-overflows/
======
jaredlwong
I highly suggest doing the labs of MIT's 6.858 (Computer System Security). I'm
taking it right now, and it's one of the most rewarding classes. The labs can
be found here:
[http://css.csail.mit.edu/6.858/2013/schedule.html](http://css.csail.mit.edu/6.858/2013/schedule.html).
In fact, the first lab is all about buffer overflows and return to libc
attacks. All labs come with autocheckers or sufficient instructions to check
your answers. The first lab can be found here:
[http://css.csail.mit.edu/6.858/2013/labs/lab1.html](http://css.csail.mit.edu/6.858/2013/labs/lab1.html).
Highly highly recommended to anyone. I wish more people knew about this class
because it's class A, absolutely awesome. Very practical and informative.

------
WestCoastJustin
If this kind of stuff interests you, then you should really check out Phrack
Magazine [1] (although not very active anymore). There was an amazing article
from '96 entitled _" Smashing The Stack For Fun And Profit"_ [2], which gives
a great overview of how this all works.

[1] [http://www.phrack.com](http://www.phrack.com)

[2]
[http://www.phrack.com/issues.html?issue=49&id=14#article](http://www.phrack.com/issues.html?issue=49&id=14#article)

~~~
vezzy-fnord
This is a legendary article that brought these vulnerabilities to the
spotlight, but it's somewhat outdated by now.

You can read it for the cult value and as a general reference to have, but for
someone really looking to get into it, I'd recommend Corelan's exploit
tutorials, Open Security Training's courses and The Legend of Random's
articles on reverse engineering.

~~~
WestCoastJustin
Thanks for the recommend reading, and for anyone else looking at this thread,
here are the links:

Corelan's exploit tutorials @
[https://www.corelan.be/index.php/2009/07/19/exploit-
writing-...](https://www.corelan.be/index.php/2009/07/19/exploit-writing-
tutorial-part-1-stack-based-overflows/)

Open Security Training @
[http://opensecuritytraining.info/](http://opensecuritytraining.info/)

The Legend of Random @
[http://www.thelegendofrandom.com/blog/](http://www.thelegendofrandom.com/blog/)

------
kriro
You might enjoy one of my favourite time wasting websites of all time (Windows
kind of required at times though but in the age of VMs that's a nonissue). The
+XXX folks were basically my reversing education, makes me wonder if the
identity of +orc was ever figured out :)

[http://3564020356.org/](http://3564020356.org/)

I really liked the hash-maze, cool idea.

------
Moral_
If you're into this type of stuff check out Smash the stack[1] It has a bunch
of memory type vulnerability wargames (specifically the IO level) for your
choosing. They start off basic, like the one you presented in the blog, then
more advanced topics like heap overflows, return 2 libc, SEH overwrites, GOT
overwrites, ROP techniques etc.

like WestCoastJustin pointed out phrack has phenomenal articles but require
you to have a fairly strong understanding of C and Operating system type
things.

[1] [http://www.smashthestack.org/](http://www.smashthestack.org/)

~~~
tardigrade
In my opinion, Smashthestack's Logic wargames are a lot more buffer overflow
focused than IO ones. The first level php problem is rather misleading in that
regard.

Smashthestack and overthewire both have a wide variety of wargames that might
be fun to look into if you're interested in pursing security related
challenges:

smashthestack - [http://www.smashthestack.org/](http://www.smashthestack.org/)
overthewire -
[http://www.overthewire.org/wargames/](http://www.overthewire.org/wargames/)

There's also an intro level CTF going on for another 9 days @
[http://zeromutarts.de/](http://zeromutarts.de/)

Registration is easy and instantaneous.

------
moloch
I have some equally simple, but networked examples here:
[https://github.com/moloch--/Exploit-
Demos](https://github.com/moloch--/Exploit-Demos)

------
yuhong
Another thing to start with would be unsupported software like Office XP or
Win2000, most of which was created before the GS cookie even existed.

------
im3w1l
Is it still possible to smash stacks with all these detections and aslr
thingies going on?

