HACKED! How a Buffer Overflow Exploit works, plus Code Red!

I'll never forget the first time I saw Code Red in our lab. I had a FreeBSD server that I used for various things which was running apache. I came into the lab one morning and saw there were these strange errors in the system logs. I called the IT department and advised them of what I was seeing and I was basically told to get lost - I was a contractor at the time. I escalated this to my boss who escalated it to his boss then all shit hit the fan. Fun times. BTW, this was in a giant healthcare organisation with a presence across the globe.

As an admin, during this time, I remember people freaking out when this happened. Within the government space almost nothing was properly patched, so it is a small miracle that Code Red wasn't worse. As for patching, Microsoft's buggy patches were as much to blame as the worm itself. When a new critical patch came out, the game of chicken started. From Tuesday through the Weekend you would watch newsgroups and forums to see if this patch would take down your servers. If you were lucky you had a bare metal server clone you could test the patch on and see if it broke your company software. This was the era where being an admin meant you not only managed the servers, but you wrote the business software and managed the database.... full stack started at bare metal back then.

Good video, clear explanation. As a mainframe assembler programmer from the 80s I was surprised by the C functions that made assumptions around 'looking for' e.g. a 'string terminating character' and not insisting on somewhat more control over what you were doing. Later when using C myself I discovered how easy it could be to get in a mess. Definitely a good and well-presented video, thank you. While I was already very familiar with the exploit (I've been in cyber security >15 years) this was a smooth and clear description. The more people aware of these elementary exploits the better.

The code red worm was filling my Linux web log drive partitions for months and years afterwards! Thanks, Dave for the great explainer piece to camera!

I love the sinister intro followed by that cheerful and glorious smile and salute with "Hey I'm Dave"

These are terrific accounts, please keep them coming! The addition of bloopers is a nice touch.

Mountain Dew Code Red also fueled most of my late night studying sessions in college. Stuff was great.

I really like your videos like this where you tell a story and explain how something happened. I especially like the ones where you track down inside information of what was actually said or done by the people that said or did it. It's a extra bonus when examples, such as the buffer overflow demonstration, are presented like this video.

I have been really enjoying your channel. The last 96 seconds of this video are gold, I like that you don't take yourself so serious and are able to show the outtakes. Keep up the good work. Story 10/10 would recommend.

You editing has really improved, it is very entertaining. And the content is even better. Keep up the good work!

Well this certainly brings back some memories! I've worked in the field since 1995 (currently at MS as a digital forensics investigator.) I recently found your channel and really enjoy it. I run a security-focused channel and I can certainly appreciate the amount of time you put into making this content, especially with the high production value.

Great content! I learned a lot from this. You show examples without going overboard and do a great job with the explanations. Please, keep it up!

It really is interesting to see a programmer's perspective on vulnerabilities rather than just hearing people reporting on it.

This is one of my favorite videos on this site so far. A little over my head initially. Please do more of these with similar explanations as to the buffer overrun explanation. I tried to get into similar stuff like this a long ago using the SoftIce debugger however couldn't find a replacement (with the same ease and power) for this after windows xp.

Love the direction you're headed with these types of videos, Dave! Might be a fun time to pivot to ROP-based exploits if you have any examples you think would be worthy enough to cover. :)

I love this channel man, I’ve been super interested lately about low level programming along with just interesting software engineering concepts such as your quake video. I have never heard of you before yesterday but as a cs student your skill set is something I strive to achieve. Thanks for the videos

Thanks mate for this, as a hobbyist programmer it's always interesting to see the full power of the debugger in an interesting and engaging way.

Your code was a concise and perfect example of what can happen with a buffer overflow. It brought back early-90s memories of unintentional buffer overflows, when my code would cause my DOS machine to beep (ASCII 07, I believe) and display blinking characters. Ah, the good old days. :)

The bloopers are great lol, keep up the good work mate!

This is by far the best explanation of how buffer overruns work. When I first encountered such things, I felt it was a bit of "black magic", until I saw the updated source that fixes such things. It took me a great while to understand the details because the patch was only explained in terms of the fix: to perform bounds checking on a buffer. Obviously the reason for such vagueness is to prevent exploits from spewing everywhere. Thanks for the deep-dive into how all this works....and, hopefully as you said, people will "not use their powers for evil" ;).