[rschmukler]

"Smashing the stack for fun and profit" is absolutely a great introduction to the classic buffer overflow attack. It is also the foundation on which tons of exploits are built on: http://insecure.org/stf/smashstack.html

Once you've read that, I highly recommend going through Stanford's CS 155 practice assignment on the subject. Unfortunately I really can't find the assignment anymore but perhaps a more thorough search of their archives would reveal it.

However, here is a blog which details the answers to all of the problems and includes the problem themselves. It explains why they work, and how to get to them. Very helpful if you are interested in looking at more advanced techniques: http://blogs.hulmahan.com.ph/archives/category/hack-101

That takes care of the basic C sploits. Beyond that, it really depends which level you want to attack at. You can attack at the stack level for almost all programs.

For web applications, you can go at a much higher level with stuff like SQL Injection, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Session Hijacking.

Lastly, I highly recommend "Grey Hat Hacking, The Ethical Hacker's Handbook." This book does a fantastic job of giving you a taste of hacking at all levels. It covers OS attack possibilities, network level attacks, exploit generation and more. It also does a great job of introducing you to a lot of tools that help get the job done. From there, you'll at least be able to think of what you want to learn about next.

[TwoBit]

I thought modern OSs make stack memory non-executable, so this attack fail on modern systems.

[arjunnarayan]

Right. This is the biggest problem with learning attacks --- the historical attacks no longer work, but they are absolutely essential to

1) get in the mindset of how to find and exploit vulnerabilities, and to learn from the masters. RTM, for example, wrote the first internet worm and one of the attack vectors was a stack smash. Learn from the masters, and how they thought.

2) Since today's systems are built with an understanding of all these exploits, you have to learn these exploits to understand today's systems. So finding an old linux kernel and writing a stack-smasher is one way to experiment.

[adestefan]

You don't need an ancient version. For Linux, "echo 0 > /proc/sys/kernel/randomize_va_space" and compile with -fno-stack-protector.

[rpsw]

Generally speaking it is much more complicated to exploit these bugs than they used to be, but often attackers find ways such return to libc, return-oriented programming (which ASLR and other technology is designed to combat) or things like heap spraying.