Understanding a toy example of heap spraying in Javascript?
There is a version of the following code on heap spilling (this link triggers a PowerPoint download) and also in this lecture video by Dan Boneh .
<SCRIPT language="text/javascript">
shellcode = unescape("%u4343%u4343%...");
oneblock = unescape("%u0C0C%u0C0C");
cause-overflow(overflow-string); //overflow buf[]
</SCRIPT>
The function cause-overflow()
is not implemented here, but I think it will just write shellcode + nop
across the whole heap.
Is it shellcode
really machine code for something like exec(/bin/sh)
, or is it shellcode
a memory location for some shell code?
Is a oneblock
NOP slide?
(In general, what does this code do? Why is it causing a heap bunch?)
PS Not homework; I'm just a noob to javascript.
source to share
(Cannot open one of these two links from this machine.)
I've never played around with heap spraying in Javascript - the thought is really terrible.
It has nothing to do with shell code (since it doesn't work in the shell), but rather transitions to machine language - the CPU's own code.
This is a rather crude and imprecise way of describing things, but it gets the basics.
A bunch of nothing special. It's just computer memory. The stack is also nothing special, it's just computer memory. The software space is also nothing special, it's just computer memory.
Usually [*] the current program is stored in the "Program space". Large things created by the program are stored in the "Heap", and temporary things that the program does are stored in the "Stack". (Simplification - handle it.)
The idea behind buffer overflows, stack splitting or heap spraying, or any other trick is to somehow fill the computer's memory with carefully processed bad data and make the computer stop working in program space, but rather your carefully processed bad data.
In includes some pretty thorough knowledge
- running program
- the system works on
- Machine language / code
[*] Yes, some efforts are being made to change this and make computers more secure
source to share