Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1.

Published byAmy Gray Modified over 9 years ago

Similar presentations

Presentation on theme: "Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1."— Presentation transcript:

1 rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

2 RPISEC - 09/13/2013Intro to Memory Corruption2

3 The simplest definition – To change data the program uses in ways that were not intended by the programmer So what does this actually mean? And what can we do with it? Let’s take a look at exercise one RPISEC - 09/13/2013Intro to Memory Corruption3

4 RPISEC - 09/13/2013Intro to Memory Corruption4

5 You just overflowed your first buffer! But in a controlled manner A more reckless overflow would probably result in the program segfaulting segfault: An error reading/writing to memory RPISEC - 09/13/2013Intro to Memory Corruption5

6 The stack is how a program maintains variables and their data during execution This is main()’s stack --------> Omg wut have we done Is_zero == ‘U’ == 85 RPISEC - 09/13/2013Intro to Memory Corruption6

7 RPISEC - 09/13/2013Intro to Memory Corruption7

8 What if we overwrote the return address that’s stored further down the stack? The return address tells the program where to go after a completing a function call In this case, we’d segfault… but what if we set it to something more meaningful than AAAA? RPISEC - 09/13/2013Intro to Memory Corruption8

9 RPISEC - 09/13/2013Intro to Memory Corruption9

10 RPISEC - 09/13/2013Intro to Memory Corruption10

11 What we just did was take control of the program’s execution flow, and bend it the way of our will What if this program was running on a server? Or perhaps running under an admin user? Security – To ensure and maintain complete control of the execution flow of your program RPISEC - 09/13/2013Intro to Memory Corruption11

12 This time, we overwrote the return address, effectively telling the program where it should go next What if we could insert our OWN code into the program, and point the return address towards that? - ‘shellcode’ … Next time ;) RPISEC - 09/13/2013Intro to Memory Corruption12

13 To really become good at exploitation, you need to have a solid grasp on the low level stuff This means knowing x86 assembly, how the stack works, and how data is typically laid out in memory RPISEC - 09/13/2013Intro to Memory Corruption13

14 Welcome to real Hacking! Related wargames: – io.smashthestack.org – exploit-exercises.com/protostar Come to our ‘advanced’ meeting, Wednesday! We’ll be rolling our own shellcode :> RPISEC - 09/13/2013Intro to Memory Corruption14

Download ppt "Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1."

Similar presentations

C Functions. What are they? In general, functions are blocks of code that perform a number of pre-defined commands to accomplish something productive.

C Functions. What are they? In general, functions are blocks of code that perform a number of pre-defined commands to accomplish something productive.
ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.

Buffer Overflows By Tim Peterson Joel Miller Dan Block.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Security & Exploitation

Security & Exploitation
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
Run-Time Storage Organization

Run-Time Storage Organization
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.

Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Buffer Overflow sailaja yagnavajhala sailaja yagnavajhala.

Buffer Overflow sailaja yagnavajhala sailaja yagnavajhala.
CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.

CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.
A survey of Buffer overflow exploitation on HTC touch mobile phone Advanced Defense Lab CSIE NCU Chih-Wen Ou.

A survey of Buffer overflow exploitation on HTC touch mobile phone Advanced Defense Lab CSIE NCU Chih-Wen Ou.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.

Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.

Similar presentations

Ads by Google