Computer Security Buffer Overflow lab Eu-Jin Goh.

Slides:



Advertisements
Similar presentations
Libsafe for Windows Shuo Chen Mentor: Timothy K. Tsai Avaya Labs Aug. 16, 2001.
Advertisements

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Parameter passing mechanism: pass-by-reference. The Pass-by-reference mechanism - the agreement Recall: Parameter passing mechanism = agreement between.
Functions, Varargs, and Stack Smashing Using the Stack for Good And Evil Before You Sit Down Please Get The Handout at the Entrance This file is called.
Smashing the Stack for Fun and Profit
The University of Adelaide, School of Computer Science
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Review: Software Security David Brumley Carnegie Mellon University.
Foundations of Network and Computer Security J J ohn Black Lecture #30 Nov 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.
Stack buffer overflow.
Stack buffer overflow
Programming Project # 1 cs155 Due: Thursday, April 21 st, 11:59pm Shayan Guha Elizabeth Stinson.
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
Buffer Overflows Ian Kayne For School of Computer Science, University of Birmingham 16 th February 2009.
Format String Protection David Brumley Sam Wu June 12 th, 2002.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Control hijacking attacks Attacker’s goal: – Take over target machine (e.g. web server) Execute arbitrary code on target by hijacking application control.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation and buffer overflow CSCE 531 Presentation by Miao XU
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Buffer Overflow Computer Organization II 1 © McQuain Buffer Overflows Many of the following slides are based on those from Complete Powerpoint.
CrackChat #2 Stack Overflows and Format Strings Part 2: Baking the Egg
Mitigation of Buffer Overflow Attacks
Buffer Overflow CS461/ECE422 Spring Reading Material Based on Chapter 11 of the text.
Smashing the Stack Overview The Stack Region Buffer Overflow
Buffer Overflows Many of the following slides are based on those from
Overflows & Exploits. In the beginning 11/02/1988 Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating,
Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Stack-based buffer overflows Yves Younan DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
JMU GenCyber Boot Camp Summer, Introduction to Penetration Testing Elevating privileges – Getting code run in a privileged context Exploiting misconfigurations.
CS 155 Section 1 PP1 Eu-Jin Goh. Setting up Environment Demo.
Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
About Exploits Writing ABOUT EXPLOITS WRITING Gerardo Richarte 
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
CS 3214 Computer Systems Godmar Back Lecture 7. Announcements Stay tuned for Project 2 & Exercise 4 Project 1 due Sep 16 Auto-fail rule 1: –Need at least.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
“Success consists of going from failure to failure without loss of enthusiasm.” Winston Churchill.
Heap Overflows. What is a Heap? malloc(), free(), realloc() Stores global variables Automatic memory allocation/deallocation Allocated at runtime Implemented.
CSC 482/582: Computer Security
Refs: rootshell, antionline, your favorite hacker site…
Buffer Overflows ...or How I Learned to Never Trust the User
Mitigation against Buffer Overflow Attacks
Exploiting & Defense Day 2 Recap
Calling Conventions Hakim Weatherspoon CS 3410, Spring 2013
Recitation: Attack Lab
SEED Workshop Buffer Overflow Lab
Advanced Buffer Overflow: Pointer subterfuge
Stack buffer overflow.
Understanding Program Address Space
Foundations of Network and Computer Security
Calling Conventions Hakim Weatherspoon CS 3410, Spring 2013
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
FIGURE Illustration of Stack Buffer Overflow
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
Presentation transcript:

Computer Security Buffer Overflow lab Eu-Jin Goh

Setting up Environment Demo

target2.c int foo( char *arg, char *out ) { strcpy( out, arg ); return 0; } int main( int argc, char *argv[] ) { char buf[64]; if ( argc != 2 ) { … } foo( argv[1], buf ); return 0; }

Stack in target2 – layout argv[1] == argv[0] == “/tmp/target2” argc $ra – to which main() will return $fp – for main’s stack frame buf[64] ptr to buf == “out”// args to foo() ptr to argv[1] == “arg”// args to foo() foo’s $ra

sploit2 Need: 1.Exploit string length –Need exploit str to write from buf[0] to main $ra –Find main $ra and &(buf[0]) and subtract –Why not foo’s $ra? 2.Address of the buffer (“buf” in target2) address we want program to jump to Caveat: buf adr depends exploit string size Why? because exploit str above buf on stack But once exploit str len fixed, adr of buf won’t change.

Details 1.Size of overflow buffer Buf addr = 0x9ffffdb0 reg ebp = 0x9ffffdf8 Difference is 0x48 = 72 Buffer size = = 81 2.Find &buf again when str len is 81 Buf = 0x9ffffe60

Crafting the exploit string Want target to jump to start of buf, place shellcode (size 45 bytes) at the start of the string $ra exists at offset 76 need exploit string[76] to contain the addr target2 buf (0x9ffffe60)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.