stack/Heap Overflow question

General technological topics without their own forum go here

stack/Heap Overflow question

Post by waelkd on Fri Aug 10, 2012 4:37 pm
([msg=68698]see stack/Heap Overflow question[/msg])

Good day,

So sbof and hs has been on the counter for quite sometime, jamming all the info. into a little space to crash the server/pc software,program you name it.


but heres my question , when implementing the above on netcap and checking core files it "compiles" but the only reason it does so because am already in the server or i already am connected to whatever i am connected to, so how to execute the said above when your working on a rogue ,alien server where you have nothing except a ip/port/whois scanner .

to make my question clearer,lets say i want to break into "ip address" i scan their ports and voila am partially in "if telnet/ftp port is open", but still i have to input a username and password, if I DONT HAVE a usrn and pwd how is possible for the baddies to access the servers and execute ill code?

Thanks
waelkd
New User
New User
 
Posts: 10
Joined: Sun May 10, 2009 8:28 am
Blog: View Blog (0)


Re: stack/Heap Overflow question

Post by cyberdrain on Sat Aug 11, 2012 7:14 am
([msg=68702]see Re: stack/Heap Overflow question[/msg])

So, how to know a password and username? Wouldn't you like to know... Seriously though: that's the point. You can't just connect through telnet if it is active if you don't know the password. You'd need to compromise the computer behind it to get in or get the username and password by other means (phishing, guessing, bruteforce etc.).

Now, if you run a webserver, that executes something on the server behind a firewall or whatever. So if you can punch through the wall that is the web application (so to speak), you get access to the computer behind it. This, apart from some other stuff, is one of the main points behind hacking: finding a way to get in by making a computer behave that wasn't intended by a programmer.

Also I have no idea what you mean by "So sbof and hs has been on the counter for quite sometime, jamming all the info. into a little space to crash the server/pc software,program you name it.", could you elaborate (at the risk of sounding stupid)? You're not making a whole lot of sense to me: I find your lack of writing skills disturbing. :P
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1392
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: stack/Heap Overflow question

Post by waelkd on Sun Aug 12, 2012 4:21 am
([msg=68717]see Re: stack/Heap Overflow question[/msg])

cyberdrain wrote:Also I have no idea what you mean by "So sbof and hs has been on the counter for quite sometime, jamming all the info. into a little space to crash the server/pc software,program you name it.", could you elaborate (at the risk of sounding stupid)? You're not making a whole lot of sense to me: I find your lack of writing skills disturbing. :P




sbof=stack buffer overflow / hs= heap spraying

You'd need to compromise the computer behind it to get in or get the username and password by other means (phishing, guessing, bruteforce etc.).


compromising any pc,server with the said above takes too much time and have a very slim chance of working

So if you can punch through the wall that is the web application (so to speak), you get access to the computer behind it. This, apart from some other stuff,


this proly have a better chance in working then what you said above
waelkd
New User
New User
 
Posts: 10
Joined: Sun May 10, 2009 8:28 am
Blog: View Blog (0)


Re: stack/Heap Overflow question

Post by cyberdrain on Tue Aug 14, 2012 4:08 pm
([msg=68747]see Re: stack/Heap Overflow question[/msg])

Ok, sorry, I underestimated what you know.

This post:
waelkd wrote:"to make my question clearer,lets say i want to break into "ip address" i scan their ports and voila am partially in "if telnet/ftp port is open"
and your lack of using proper punctuation marks etc. lead me to believe you were just another <I need to hax0r IP, plox help me> person. And yes, I know those methods I described would not usually get the results you (or anyone) are looking for.

I find it strange you ask a question like this:
waelkd wrote:"if I DONT HAVE a usrn and pwd how is possible for the baddies to access the servers and execute ill code"

which does contrast quite a bit with running a programmed buffer overflow attack on a local server to test it against such an attack (which is what you are trying to do, right?). I'll leave this to someone who does understand you.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1392
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests