Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shellcode COSC 480 Presentation Alison Buben.

Published byCody King Modified over 7 years ago

Similar presentations

Presentation on theme: "Shellcode COSC 480 Presentation Alison Buben."— Presentation transcript:

1 Shellcode COSC 480 Presentation Alison Buben

2 What is it? Definitions vary, but most include executed code that can be used to often attack a system. “Frequently (though not always), attackers deliver a payload that simply launches a command shell.” Will be discussed mainly in respects to buffer overflows

3 Roadmap Importance and Relevance Definitions Introduction and History
The Main Reason This Is Possible Five Explanation Steps Problems and Solutions Sources and Discussion

4 Importance and Relevance
Why should one care about this problem? Way of infecting computers Often helps get more malware into the host When you have vulnerabilities, attackers can take control of your system. Buffer Overflows are a common problem still today

5 Definitions Buffer: “contiguous block of computer memory that holds multiple instances of the same data type” Static Variables: “[variables] allocated at load time on the data segment” *Dynamic Variables: “[variables] allocated at run time on the stack.” NOP: “Non-operation” Sled: NOP bytes that lead to Shellcode

6 History Stems from C language which often does not have buffer checkers Most used in buffer overflows: This happens when: Boundary of a buffer is unchecked Code injected to buffer by Attackers

7 Introduction To Perform a buffer overflow:
Make a string larger then the buffer's size This should cause a overflow Objective is to overwrite other memory address Want to overwrite the stack pointer or return address If successful, then you can execute other code

8 Main Reason This Is Possible
Several C string Functions do not check boundaries strcat() strcpy() sprintf() vsprintf() Using these functions can allow a buffer to have extra characters.

9 How to Achieve This: Part 1
Need knowledge of several concepts: How memory is organized Push and Pop A type of Assembly (some C too) Goal: to overwrite memory and gain control Most often the return address executes other code Usually spawn a shell, hence, “Shellcode”

10 Part 2: Overview Main Idea: Making a string larger then the buffer
Some good tools are: GCC NASM Objdump “The typical end goal of the shellcode is to give the attacker full control of the victim system.”

11 Part 3: Main Structure Brief Outline: Write C code
Compile to get Assembly Object dump to see disassembly Find bytes needed and make them into a string “char shellcode[] = “\btye\btye\byte”; Use that string in your C code

12 Part 4: Prevention Focusing on security, prevention is key
Need to try and detect Shellcode However, obfuscation and polymorphism make this job difficult Few obfuscation techniques are: Indirect jumps self-modification

13 Part 5: Wrap Up Buffer overflows is not the only code injection method
Other methods include: Heap Spraying Format Strings Heap Overflows Sleds or Jumps can also be used Obfuscation is used to prevent detection of Shellcode

14 Problems and Solutions
Constraint: “Character sets restricted or forbidden by applications” Ways to get around this are: Take regular Shellcode and encode it Metasploit.com offers encoding engines

15 Problems and Solutions
More Solutions to a Shellcode constraints Payloads transformed into letters and numbers This gives even more options such as: Storing Shellcode as a password Characters are smaller then Unicode encodings

16 What We Have Learned Buffer Overflows and Shellcode are dangerous and a definite security concern There are many different ways to implement Shellcode Often once you get the string of code, you can listed it in your initial C program as: In C code: char shellcode[]= “line(s)\of \shellcode;”

17 Sources http://www.phrack.org/issues.html?id=14&issue=49
article

18 Onto Discussion

Download ppt "Shellcode COSC 480 Presentation Alison Buben."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.

Buffer Overflows By Tim Peterson Joel Miller Dan Block.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
English Shellcode J. Mason, S. Small, F. Monrose, G. MacManus CCS ’09 Presented by: Eugenie Lee EE515/IS523: Security101: Think Like an Adversary.

English Shellcode J. Mason, S. Small, F. Monrose, G. MacManus CCS ’09 Presented by: Eugenie Lee EE515/IS523: Security101: Think Like an Adversary.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last words on buffer overflows Overview.

SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last words on buffer overflows Overview.
1 Memory Model of A Program, Methods Overview l Memory Model of JVM »Method Area »Heap »Stack.

1 Memory Model of A Program, Methods Overview l Memory Model of JVM »Method Area »Heap »Stack.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Application Security Tom Chothia Computer Security, Lecture 14.

Application Security Tom Chothia Computer Security, Lecture 14.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.

Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Similar presentations

Ads by Google