Presentation is loading. Please wait.

Presentation is loading. Please wait.

Several Tips on Project 1

Published byΒίων Δαγκλής Modified over 5 years ago

Similar presentations

Presentation on theme: "Several Tips on Project 1"— Presentation transcript:

1 Several Tips on Project 1
Be sure to use the Makefile to generate executable of both exploit program and target program Be sure to use “setarch i686 -R” in front of every execution, including both Gdb and ./exploit You can use “x/b address” under gdb to know the byte content saved on the specified address. This is helpful to determine big-edian or little-edian of memory (how to overwrite return address). You can use “break foo” to set breakpoint upon entering foo() function. Fill the shell executable code (in the string array shellcode[ ]) byte-by-byte into the buffer for your modified return address to execute. The deadline will not be changed, but penalty for one week late submission is now 10% off.

2 NOPs Most CPUs have a No-Operation instruction – it does nothing but advance the instruction pointer. Usually we can put a bunch of these ahead of our program (in the string). As long as the new return-address points to a NOP we are OK.

3 (exec /bin/ls or whatever)
Using NOPs new return address Real program (exec /bin/ls or whatever) Can point anywhere in here nop instructions

4 Estimating the stack size
We can also guess at the location of the return address relative to the overflowed buffer. Put in a bunch of new return addresses!

5 Estimating the Location
new return address new return address new return address new return address new return address new return address Real program nop instructions

Download ppt "Several Tips on Project 1"

Similar presentations

Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
Introduction to Information Security ROP – Recitation 5 nirkrako at post.tau.ac.il itamarg at post.tau.ac.il.

Introduction to Information Security ROP – Recitation 5 nirkrako at post.tau.ac.il itamarg at post.tau.ac.il.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
CSC321 8051 Timers Since this is a microcontroller it mainly finds itself in embedded devices Quite often embedded devices need to synchronize events The.

CSC Timers Since this is a microcontroller it mainly finds itself in embedded devices Quite often embedded devices need to synchronize events The.
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.

Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
OllyDbg Debuger.

OllyDbg Debuger.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.

Buffer overflows.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Buffer Overflow Computer Organization II 1 ©2005-2013 McQuain Buffer Overflows Many of the following slides are based on those from Complete Powerpoint.

Buffer Overflow Computer Organization II 1 © McQuain Buffer Overflows Many of the following slides are based on those from Complete Powerpoint.
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.

Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.

CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
CSCD 303 Essential Computer Security Spring 2013 Lecture 17 Buffer Overflow Attacks.

CSCD 303 Essential Computer Security Spring 2013 Lecture 17 Buffer Overflow Attacks.
Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Similar presentations

Ads by Google