Archive for April, 2012

Udacity Certificates

Posted: April 25, 2012 in Fun Stuff
Tags: ,

Received my first two certificates from Udacity online course.

Join Udacity today and enjoy the revolution in online learning.

Advertisements

It is amazing that after so maany years linux being actively developed, the buffer overflow exploit remains one of the top security vulnerabilities in 2011. Buffer overflow was first detailed in Smashing The Stack For Fun and Profit by Alphe One. Nevertheless, here is my first successful attempt in creating a buffer flow in my code.

The code is a simple one. Yet it forms the basis of a stack-based buffer overflow. Mystically, the program below prints a result of zero. The instruction ‘x = 1’ is skipped due to the buffer overflow exploit.

void function(int a, int b, int c) {
    int *ret;
    ret = (int*) &a - 1;
    (*ret) += 8;
}

void main() {
    int x;
    x = 0;
    function(1,2,3);
    x = 1;
    printf("%d\n",x);
}