CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.

Slides:



Advertisements
Similar presentations
Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.
Advertisements

Smashing the Stack for Fun and Profit
Binghamton University CS-220 Spring 2015 Binghamton University CS-220 Spring 2015 Object Code.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow.
Stack buffer overflow
Buffer-overflow Lab Zutao Zhu 09/18/2009. Outline GDB and SetUID GDB tutorial Stack frame Lab.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Buffer overflows.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Memory & Storage Architecture Seoul National University GDB commands Hyeon-gyu School of Computer Science and Engineering.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Buffer Overflow Computer Organization II 1 © McQuain Buffer Overflows Many of the following slides are based on those from Complete Powerpoint.
Practical Session 4. Labels Definition - advanced label: (pseudo) instruction operands ; comment valid characters in labels are: letters, numbers, _,
CSCD 303 Essential Computer Security Spring 2013 Lecture 17 Buffer Overflow Attacks.
Buffer Overflow CS461/ECE422 Spring Reading Material Based on Chapter 11 of the text.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.
Buffer Overflows Many of the following slides are based on those from
Buffer Overflow. Introduction On many C implementations, it is possible to corrupt the execution stack by writing past the end of an array. Known as smash.
Overflows & Exploits. In the beginning 11/02/1988 Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating,
Section 3.4: Buffer Overflow Attack: Attack Techniques 1.
Stack-based buffer overflows Yves Younan DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow I: Attack Introduction Cliff Zou Spring 2015.
JMU GenCyber Boot Camp Summer, Introduction to Penetration Testing Elevating privileges – Getting code run in a privileged context Exploiting misconfigurations.
CS 155 Section 1 PP1 Eu-Jin Goh. Setting up Environment Demo.
Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
EXPLOITATION CRASH COURSE – FALL 2013 UTD Computer Security Group – Andrew Folloder csg.utdallas.edu (credit: Scott Hand)
CS 3214 Computer Systems Godmar Back Lecture 7. Announcements Stay tuned for Project 2 & Exercise 4 Project 1 due Sep 16 Auto-fail rule 1: –Need at least.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 4, 2010 CSCE 212Honors Computer Organization.
Heap Overflows. What is a Heap? malloc(), free(), realloc() Stores global variables Automatic memory allocation/deallocation Allocated at runtime Implemented.
Refs: rootshell, antionline, your favorite hacker site…
Buffer Overflow By Collin Donaldson.
Buffer Overflow Attacks
Instructions for test_function
Computer Architecture and Assembly Language
Protection of System Resources
CSCE 212Honors Computer Organization
Introduction to Information Security
Homework Reading Machine Projects Labs PAL, pp ,
Computer Architecture and Assembly Language
CSC 495/583 Topics of Software Security Stack Overflows (2)
Introduction to Computer Systems
Recitation: Attack Lab
CNT4704: Computer Networking Special Topic: Buffer Overflow I: Attack Introduction Cliff Zou Fall 2009.
CMSC 414 Computer and Network Security Lecture 21
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Objective Explain basic fuzzing with concrete coding example
SEED Workshop Buffer Overflow Lab
Assembly Language Programming I: Introduction
Stack buffer overflow.
Assembly Language Programming II: C Compiler Calling Sequences
Command Line Parameters
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
Malware and Software Vulnerability Analysis Buffer Overflow I: Attack Introduction Cliff Zou University of Central Florida.
CNT4704: Analysis of Computer Communication Network Special Topic: Buffer Overflow I: Attack Introduction Cliff Zou Fall 2011.
Software vulnerabilities
Malware and Software Vulnerability Analysis Fuzzing Test Example Cliff Zou University of Central Florida.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CSCE 212Honors Computer Organization
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
Several Tips on Project 1
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
Computer Architecture and System Programming Laboratory
Format String Vulnerability
Presentation transcript:

CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011

A Stack Frame Parameters Return Address Calling Stack Pointer Local Variables BP SP+offset SP Addresses 00000000 SP: stack pointer BP: base/frame pointer Calling stack pointer: previous function’s SP

Using GDB to Check Stack GDB tutorial: http://gemma.apple.com/mac/library/documentation/DeveloperTools/gdb/gdb/gdb_7.html http://www.yolinux.com/TUTORIALS/GDB-Commands.html#GDB_COMMAND_LINE_ARGS When compile the c code, use “gcc –g …..” so that Gdb can match source code line number with code Some knowledge: http://en.wikipedia.org/wiki/X86_assembly_language Register eip: instruction pointer, the current position of next executable instruction Register ebp: stack pointer, the top of the current stack, used for addressing local variable

Related Gdb Commands: List: list the source code and each execution’s corresponding line number Break linenumber: set breakpoint at the linenumber Run argv: run the execution code with the parameter argv Next: execute the next line of code Backtrace: show trace of all function calls in stack Info frame: List address, language, address of arguments/local variables and which registers were saved in frame. This will show where the return address is saved Return address is in Register EIP Calling stack pointer is in Register EBP x &variable: show the address and value of a local variable (in hex format) x address: print binary representation of 4 bytes of memory pointed to by address.

Example of Using GDB #include <stdio.h> void foo(char * input){ int a1=11; int a2=22; char buf[7]; strcpy(buf, input); } void main(int argc, char **argv){ foo(argv[1]); Question: What does the stack look like before strcpy()?

Used to disable address randomization used by Unix czou@eustis:~/buffer-code$ setarch i686 –R gdb ./gdb-example (gdb) list 1 #include <stdio.h> 2 void foo(char * input){ 3 int a1=11; 4 int a2=22; 5 char buf[7]; 6 strcpy(buf, input); 7 } 8 void main(int argc, char **argv){ 9 foo(argv[1]); 10 } (gdb) break 6 Breakpoint 1 at 0x80483e9: file gdb-example.c, line 6. (gdb) run Starting program: /home/czou/buffer-code/gdb-example Breakpoint 1, foo (input=0x0) at gdb-example.c:6 (gdb) Used to disable address randomization used by Unix

(gdb) info frame Stack level 0, frame at 0xbffff7d0: eip = 0x80483e9 in foo (gdb-example.c:6); saved eip 0x804842f called by frame at 0xbffff7e0 source language c. Arglist at 0xbffff7c8, args: input=0x0 Locals at 0xbffff7c8, Previous frame's sp is 0xbffff7d0 Saved registers: ebp at 0xbffff7c8, eip at 0xbffff7cc (gdb) x &a1 0xbffff7b8: 0x0000000b (gdb) x &a2 0xbffff7b4: 0x00000016 (gdb) x buf 0xbffff7bc: 0x080482ec (gdb) x 0xbffff7b4

Two Techniques for Generating Stack Overflow Codes

NOPs Most CPUs have a No-Operation instruction – it does nothing but advance the instruction pointer. Usually we can put a bunch of these ahead of our program (in the string). As long as the new return-address points to a NOP we are OK.

(exec /bin/ls or whatever) Using NOPs new return address Real program (exec /bin/ls or whatever) Can point anywhere in here nop instructions

Estimating the stack size We can also guess at the location of the return address relative to the overflowed buffer. Put in a bunch of new return addresses!

Estimating the Location new return address new return address new return address new return address new return address new return address Real program nop instructions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.