Binary Exploit Development - SEH Based Overflow
7 هزار بار بازدید -
2 سال پیش
-
Part 2 of our Binary
Part 2 of our Binary Exploit Development Tutorial Series. We'll be showing you how to exploit a SEH based overflow. SEH is a Structed Exception Handler. A SEH based overflow is a buffer overflow that results in the hijacking of execution via a SEH chain.
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: Patreon: guidedhacking
Support us on YT: @guidedhacking
This video was made by nop
SEH Based Overflow Article
https://guidedhacking.com/threads/bin...
Learn about the Windows Structured Exception Handler, as well as space restrictions and how to exploit and overcome them in the second part of the binary exploitation course. SEH based overflows are an alternative to direct return address overwrites and are considered to be more reliable but also require slightly more knowledge about exploit development and Windows internals.
Welcome to the 2nd part of my binary exploitation series. Next to a direct return address overwrite (which we exploited in part 1) the SEH chain can also be used to obtain control over the execution flow of a program and execute arbitrary code.
What is a Structured Exception Handler?
What happens when your program does something it should definitely not do? Should the program just exit, should a message appear or should your computer turn off? An exception is an additional method to divert code flow when an exception occurs, that don't fall under normal error checking logic.
Structured Exception Handling is Microsoft's specific method of handling both software & hardware exceptions
Are these types of exceptions vulnerable? Not in themselves, no. But can you use a buffer overflow to overwrite part of SEH? Indeed you can, as you will find out in the video below. An SEH chain (linked list) exists on the stack for each thread, with pointers to each exception handler ( it's just a function pointer, not complicated). Overwriting one of these function pointers? Or the function itself? That's what we're doing in a SEH buffer overflow.
Stay tuned for more new videos in our Binary Exploit Development series.
Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu
SoundFX and Music provided by:
Epidemic Sound https://epidemicsound.com
Zapsplat https://www.zapsplat.com
Audio Blocks https://www.audioblocks.com
tags:
SEH Based Overflow
exploit development tutorial
binary exploitation tutorial
SEH buffer overflow
exploit development
buffer overflow
binary exploitation
What is a buffer overflow?
What is a Structured Exception Handler?
What is a SEH based buffer overflow?
How does a Structured Exception Handler work?
#exploitdevelopment #reverseengineering #bufferoverflow
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: Patreon: guidedhacking
Support us on YT: @guidedhacking
This video was made by nop
SEH Based Overflow Article
https://guidedhacking.com/threads/bin...
Learn about the Windows Structured Exception Handler, as well as space restrictions and how to exploit and overcome them in the second part of the binary exploitation course. SEH based overflows are an alternative to direct return address overwrites and are considered to be more reliable but also require slightly more knowledge about exploit development and Windows internals.
Welcome to the 2nd part of my binary exploitation series. Next to a direct return address overwrite (which we exploited in part 1) the SEH chain can also be used to obtain control over the execution flow of a program and execute arbitrary code.
What is a Structured Exception Handler?
What happens when your program does something it should definitely not do? Should the program just exit, should a message appear or should your computer turn off? An exception is an additional method to divert code flow when an exception occurs, that don't fall under normal error checking logic.
Structured Exception Handling is Microsoft's specific method of handling both software & hardware exceptions
Are these types of exceptions vulnerable? Not in themselves, no. But can you use a buffer overflow to overwrite part of SEH? Indeed you can, as you will find out in the video below. An SEH chain (linked list) exists on the stack for each thread, with pointers to each exception handler ( it's just a function pointer, not complicated). Overwriting one of these function pointers? Or the function itself? That's what we're doing in a SEH buffer overflow.
Stay tuned for more new videos in our Binary Exploit Development series.
Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu
SoundFX and Music provided by:
Epidemic Sound https://epidemicsound.com
Zapsplat https://www.zapsplat.com
Audio Blocks https://www.audioblocks.com
tags:
SEH Based Overflow
exploit development tutorial
binary exploitation tutorial
SEH buffer overflow
exploit development
buffer overflow
binary exploitation
What is a buffer overflow?
What is a Structured Exception Handler?
What is a SEH based buffer overflow?
How does a Structured Exception Handler work?
#exploitdevelopment #reverseengineering #bufferoverflow
2 سال پیش
در تاریخ 1401/06/30 منتشر شده
است.
7,080
بـار بازدید شده