____   ___  ____ _____  _    ____ _  ______  _   _ _____ _____ _____ ____
|  _ \ / _ \/ ___|_   _|/ \  / ___| |/ / __ )| | | |  ___|  ___| ____|  _ \
| | | | | | \___ \ | | / _ \| |   | ' /|  _ \| | | | |_  | |_  |  _| | |_) |
| |_| | |_| |___) || |/ ___ \ |___| . \| |_) | |_| |  _| |  _| | |___|  _ <
|____/ \___/|____/ |_/_/   \_\____|_|\_\____/ \___/|_|   |_|   |_____|_| \_\
  _____     _______ ____  _____ _     _____        ______  ___   ___  ____
 / _ \ \   / / ____|  _ \|  ___| |   / _ \ \      / / ___|/ _ \ / _ \|  _ \
| | | \ \ / /|  _| | |_) | |_  | |  | | | \ \ /\ / / |  _| | | | | | | | | |
| |_| |\ V / | |___|  _ <|  _| | |__| |_| |\ V  V /| |_| | |_| | |_| | |_| |
 \___/  \_/  |_____|_| \_\_|   |_____\___/  \_/\_/  \____|\___/ \___/|____/

Created for CrikeyCon 3, 20 February 2016

tl; dr

If you're in a hurry, you're almost certainly looking for the following resources:

A brief history

The resources in this repo were created for a talk at Crikeycon in 2016. A recording of that talk is available at https://www.youtube.com/watch?v=renR0Aj2YzI.

How you can support me

Please share these resources with your friends. They are freely licensed, so you are even welcome to present them at your local hacker meetup or in your company. All I ask is that you credit me as the original author.

You can Follow me on Twitter and let me know that you popped calc.

If you want to see more of my content, please subscribe to my Youtube channel and follow me on Twitch

Finally, if these resources brought you joy or helped you on your journey to OSCP and you would feel awesome about supporting me financially, you can buy me a coffee. If it wouldn't make you feel awesome, please don't feel obliged. This content will always be 100% free for you to enjoy, modify and distribute ❤️

Buy Me a Coffee at ko-fi.com

Abstract

Did you miss out on stack-smashing for enjoyment and financial gain? Have you always meant to get in to "all that debugger stuff" but don't know your EIP from your ESP? Let's take it back to the 90s for an overview of Win32 stack buffer overflow exploitation.

We'll cover assembly, registers, the stack, function call and return mechanics, triggering stack buffer overflows, taking advantage of saved return pointer overwrites, generating shellcode, and some other weird tricks.

This is not new stuff, and modern mitigations (ASLR, DEP and stack canaries) totally harsh its mellow. If you're a stack savant who has a handle on the heap and ROPs relentlessly then this content isn't for you. For everyone else, may you learn to pop calc not alert(1)

Contents of this repo

License

The code for dostackbufferoverflowgood.exe is licensed under Apache License Version 2.0

The slides and tutorial are licensed under a Creative Commons Attribution 4.0 International License.

You are welcome to modify and redistribute this material, provided you credit me as the original author.