Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Buffer Overflow Example João Paulo Magalhães 2009.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A Buffer Overflow Example João Paulo Magalhães 2009."— Presentation transcript:

1 A Buffer Overflow Example João Paulo Magalhães (jpm@estgf.ipp.pt)April 2009

2 Buffer Overflow 2

3 Buffer Overflow – A simple program 3

4 4 Our goal is to execute the hack() function Could be worst!

5 Buffer Overflow – Internal aspects of the program 5 Stack before the scanf call Stack after the scanf call print_it() and hack() functions addresses

6 Buffer Overflow – Running the program 6 The code of ‘A’ is 0x41!

7 Buffer Overflow – The x86 stack 7 Call parameters Return Address %EBP register Preserve original register values Make space for local variables in subroutines %ESP Stack Pointer (32 bits) Ends of the stack Stack Frame (currently) Stack Frame (Of who calls the subroutine)

8 Buffer Overflow – The attack 8 Call parameters Return Address %EBP register Preserve original register values Make space for local variables in subroutines Buffer s stays here Ends of the stack Stack Frame (currently) Stack Frame (Of who calls the subroutine) Write chars until change the return address

9 Buffer Overflow – Running once more 9 We want to put this address here

10 Buffer Overflow – The attack 10

11 Buffer Overflow – The attack 11 It’s used a String larger than s buffer is expecting and that stays over the return value The return address was changed Mallicious code

12 Buffer Overflow – But where came from the hack() function?? 12 Usually buffers don’t have enought space to store all the code that is going to be executed (i.e. s[] buffer does not have enought space to the binary code of hack()), so we only need to make the program to read data from someplace, and store it in a way that is possible to locate it later. In this case is just necessary to make the returning address point to the right location (e.g., a image!)

13 Buffer Overflow – But... 13 Hackers could not have access to the source code to discover the buffer sizes... It’s very easy to incrementally enlarge the input data until a crash occur. This way, the buffer size is discovered.

14 Buffer Overflow – The correct code 14 Don’t use “insecure functions”, or when it’s absolutely necessary to use them special cares are needed. E.g., gets()/fgets() scanf()/fscanf() strcat()/strcpy()...

15 Bibliography 15

16 Credits... 16 Paulo Marques Departamento de Eng. Informática Universidade de Coimbra pmarques@dei.uc.pt The original (and Portuguese) version of these presentation belongs to Professor Paulo Marques

Download ppt "A Buffer Overflow Example João Paulo Magalhães 2009."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Calling sequence ESP.

Calling sequence ESP.
Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.

RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.

1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)

1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
Operating Systems Paulo Marques Departamento de Eng. Informática Universidade de Coimbra 2006/2007 3.Threads.

Operating Systems Paulo Marques Departamento de Eng. Informática Universidade de Coimbra 2006/ Threads.
28/06/2015CMPUT 229 1 Functions (2)  Function calling convention  Various conventions available  One is specified by CMPUT229  Recursive functions.

28/06/2015CMPUT Functions (2)  Function calling convention  Various conventions available  One is specified by CMPUT229  Recursive functions.
Run-time Environment and Program Organization

Run-time Environment and Program Organization
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.

Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
September 22, 2014 Pengju (Jimmy) Jin Section E

September 22, 2014 Pengju (Jimmy) Jin Section E
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.

Buffer overflows.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 7 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 7 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Similar presentations

Ads by Google