Shellcode COSC 480 Presentation Alison Buben.

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Smashing the Stack for Fun and Profit
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
English Shellcode J. Mason, S. Small, F. Monrose, G. MacManus CCS ’09 Presented by: Eugenie Lee EE515/IS523: Security101: Think Like an Adversary.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Buffer Overflow. Process Memory Organization.
SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last words on buffer overflows Overview.
1 Memory Model of A Program, Methods Overview l Memory Model of JVM »Method Area »Heap »Stack.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Application Security Tom Chothia Computer Security, Lecture 14.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Computer Security and Penetration Testing
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Mitigation of Buffer Overflow Attacks
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
Smashing the Stack Overview The Stack Region Buffer Overflow
Buffer Overflow. Introduction On many C implementations, it is possible to corrupt the execution stack by writing past the end of an array. Known as smash.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Shellcode Development -Femi Oloyede -Pallavi Murudkar.
Introduction to Information Security ROP – Recitation 5.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Buffer overflow and stack smashing attacks Principles of application software security.
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Analyzing C/C++ Vulnerabilities -- Mike Gerschefske.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Lec. Waleed Bin Shahid.  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to.
Introduction to Information Security
Secure Programming Dr. X
Buffer Overflow By Collin Donaldson.
Mitigation against Buffer Overflow Attacks
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Return Oriented Programming
Protecting Memory What is there to protect in memory?
Introduction to Information Security
The Hardware/Software Interface CSE351 Winter 2013
Protecting Memory What is there to protect in memory?
Secure Programming Dr. X
Module 30 (Unix/Linux Security Issues II)
Protecting Memory What is there to protect in memory?
Introduction to Information Security
CSC 495/583 Topics of Software Security Stack Overflows (2)
Recitation: Attack Lab
CMSC 414 Computer and Network Security Lecture 21
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Software Security Lesson Introduction
Format String.
Smashing the Stack for Fun and Profit
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
Week 2: Buffer Overflow Part 2.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
Understanding and Preventing Buffer Overflow Attacks in Unix
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
Exploitation Part 1.
Week 3: Format String Vulnerability
Format String Vulnerability
Return-to-libc Attacks
Presentation transcript:

Shellcode COSC 480 Presentation Alison Buben

What is it? Definitions vary, but most include executed code that can be used to often attack a system. “Frequently (though not always), attackers deliver a payload that simply launches a command shell.” Will be discussed mainly in respects to buffer overflows

Roadmap Importance and Relevance Definitions Introduction and History The Main Reason This Is Possible Five Explanation Steps Problems and Solutions Sources and Discussion

Importance and Relevance Why should one care about this problem? Way of infecting computers Often helps get more malware into the host When you have vulnerabilities, attackers can take control of your system. Buffer Overflows are a common problem still today

Definitions Buffer: “contiguous block of computer memory that holds multiple instances of the same data type” Static Variables: “[variables] allocated at load time on the data segment” *Dynamic Variables: “[variables] allocated at run time on the stack.” NOP: “Non-operation” Sled: NOP bytes that lead to Shellcode

History Stems from C language which often does not have buffer checkers Most used in buffer overflows: This happens when: Boundary of a buffer is unchecked Code injected to buffer by Attackers

Introduction To Perform a buffer overflow: Make a string larger then the buffer's size This should cause a overflow Objective is to overwrite other memory address Want to overwrite the stack pointer or return address If successful, then you can execute other code

Main Reason This Is Possible Several C string Functions do not check boundaries strcat() strcpy() sprintf() vsprintf() Using these functions can allow a buffer to have extra characters.

How to Achieve This: Part 1 Need knowledge of several concepts: How memory is organized Push and Pop A type of Assembly (some C too) Goal: to overwrite memory and gain control Most often the return address executes other code Usually spawn a shell, hence, “Shellcode”

Part 2: Overview Main Idea: Making a string larger then the buffer Some good tools are: GCC NASM Objdump “The typical end goal of the shellcode is to give the attacker full control of the victim system.”

Part 3: Main Structure Brief Outline: Write C code Compile to get Assembly Object dump to see disassembly Find bytes needed and make them into a string “char shellcode[] = “\btye\btye\byte”; Use that string in your C code

Part 4: Prevention Focusing on security, prevention is key Need to try and detect Shellcode However, obfuscation and polymorphism make this job difficult Few obfuscation techniques are: Indirect jumps self-modification

Part 5: Wrap Up Buffer overflows is not the only code injection method Other methods include: Heap Spraying Format Strings Heap Overflows Sleds or Jumps can also be used Obfuscation is used to prevent detection of Shellcode

Problems and Solutions Constraint: “Character sets restricted or forbidden by applications” Ways to get around this are: Take regular Shellcode and encode it Metasploit.com offers encoding engines

Problems and Solutions More Solutions to a Shellcode constraints Payloads transformed into letters and numbers This gives even more options such as: Storing Shellcode as a password Characters are smaller then Unicode encodings

What We Have Learned Buffer Overflows and Shellcode are dangerous and a definite security concern There are many different ways to implement Shellcode Often once you get the string of code, you can listed it in your initial C program as: In C code: char shellcode[]= “line(s)\of \shellcode;”

Sources http://www.phrack.org/issues.html?id=14&issue=49 http://portal.acm.org/citation.cfm?id=1920305 http://portal.acm.org/citation.cfm?id=1653725 http://portal.acm.org/citation.cfm?doid=1920261.19 20310 http://www.phrack.org/issues.html?issue=56&id=8# article

Onto Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.