http://update.proggen.org/ 2026-04-19T15:24:08+0200 http://update.proggen.org/ http://update.proggen.org/lib/tpl/proggenY/images/favicon.ico text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:exploitation:basic&rev=1663868367 Basic Concepts of Buffer Overflows Interacting with memory is part of every non-trivial program. In order to guarantee successful data processing, it is of utmost importance to correctly manage data buffer sizes. Writing more data than the buffer is able to contain, results in a so-called buffer overflow. The memory region following directly afterwards is overwritten in this case. This chapter tries to explain this behavior and its effect in a detailed and practical way. text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:exploitation:external-buffers&rev=1663868367 Environment Variable and Command Line Argument Buffers Considering a NOP sled and the shellcode, the memory region available for the overall payload might become too small pretty soon. Instead of using only buffers of the application to store the payload, it is also possible to use buffers implicitly included in the application by the operating system. Specifically, parts of the payload can be stored in environment variables or command line arguments text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:exploitation:nop-sled&rev=1663868367 NOP Sled To directly transfer control flow to our shellcode, we need to specify its address as the return address of the current function. However, guessing the exact address can be very hard, especially on remote machines without the possibility to use a debugger. Already minor system differences can lead to a different stack layout. text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:exploitation:rop&rev=1663868367 Return-oriented Programming (ROP) In the previous chapters the usage of existing functions as well as custom shellcode as execution target were discussed. As using existing functions is rather inflexible and there are several protection mechanisms avoiding the injection of custom executable code, an advanced exploitation approach is required. This chapter focuses on exploitation by returning to existing code which is generally called Return-oriented Programming (ROP). Due to the fact that ROP u…