John Pierce

. CISSP, SLAE, Security+

Buffer overflow demonstration

This is a short video I did for my students in a first year undergraduate network security course.  It demonstrates an example BOF with a little of what can be done after exploiting the system.  The attacker is on Backtrack, attackee is SL Mail 5.5.0.4433 running within Windows SP3.  Attack code was written by me in Python using Metasploit to generate shellcode.  The intended audience is someone who just wants to see what a buffer overflow is and a bit of what it can do. 

If you're looking for a development demonstration, take a look at my other video here that is listed under related content above and to the right.  In that video, I take the students through fuzzing, isolating the variables I can control and developing the final exploit.  It relates to the same overflow demonstrated here.

 

If you can't view flash video on your device, the original, you can get the mp4 version here.

Most Recent Articles

First bit::

This is a writeup of the format string vulnerability in level 4 of the 64bitprimer VM from vulnhu

First bit::

Installation of the software to make a yubikey 4 work in FIDO U2F mode on Debian Jessie i386

First bit::

Lesson(s) learned

First bit::

This one stumped me. Overall, it was a great competition for me as I got to learn a whole lot of new things. I had never worked on a Mac, other than as a user, had never used Hopper, lldb or any of the other tools for reversing on a Mac, and haven't got any experience in the Objective C/Swift framework.

First bit::

4 rounds, lots of debugging

Videos

Categories: Network security, Videos
First bit::

Explains the workings of a DMZ, walks through setting up and testing of a DMZ in a virtual machine lab environment

Categories: Network security, Videos
First bit::

In this video I go through the process of setting up an SSH tunnel to hide an IP and also setting

Categories: Exploits, Videos
First bit::

Useful for someone who is interested in what a buffer overflow is. Does not go into the details of development, just explains generally and demonstrates the use of one.

Categories: Exploits, Videos
First bit::

a demonstration of a vulnerability discovered and published by Muts in 2004, exploited on a Windows XP SP3 machine using Python, Immunity Debugger, and Metasploit.

Categories: Network security, Videos
First bit::

In this video I demo some simple iptables rules and show them how to perform network traffic analysis to test them out.