A Buffer Overflow Example João Paulo Magalhães 2009.

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Calling sequence ESP.
Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
Operating Systems Paulo Marques Departamento de Eng. Informática Universidade de Coimbra 2006/ Threads.
28/06/2015CMPUT Functions (2)  Function calling convention  Various conventions available  One is specified by CMPUT229  Recursive functions.
Run-time Environment and Program Organization
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
September 22, 2014 Pengju (Jimmy) Jin Section E
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 7 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.
Computer Security and Penetration Testing
More Network Security Threats Worm = a stand-alone program that can replicate itself and spread Worms can also contain manipulation routines to perform.
Computer Organization CS345 David Monismith Based upon notes by Dr. Bill Siever and notes from the Patterson and Hennessy Text.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
ITEC 352 Lecture 18 Functions in Assembly. Functions + Assembly Review Questions? Project due on Friday Exam –Average 76 Methods for functions in assembly.
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Memory: Relocation.
Buffer Overflows Many of the following slides are based on those from
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
Part I The Basic Idea software sequence of instructions in memory logically divided in functions that call each other – function ‘IE’ calls function.
JMU GenCyber Boot Camp Summer, Introduction to Penetration Testing Elevating privileges – Getting code run in a privileged context Exploiting misconfigurations.
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Department of Electronic & Electrical Engineering IO reading and writing variables scanf printf format strings "%d %c %f"
Assembly Language Co-Routines
CNIT 127: Exploit Development Ch 8: Windows Overflows Part 1.
ROP Exploit. ROP Return Oriented Programming (ROP): is a hacking exploit technique where you exploit buffer overflow to inject a chain of gadgets. Each.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Variables Bryce Boe 2012/09/05 CS32, Summer 2012 B.
Language-Based Security: Overview of Types Deepak Garg Foundations of Security and Privacy October 27, 2009.
Buffer Overflows ...or How I Learned to Never Trust the User
Instructions for test_function
Storage Classes There are three places in memory where data may be placed: In Data section declared with .data in assembly language in C - Static) On the.
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
System Programming and administration
Introduction to Information Security
143A: Principles of Operating Systems Lecture 4: Calling conventions
CSC 495/583 Topics of Software Security Stack Overflows (2)
CMSC 414 Computer and Network Security Lecture 21
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Application Binary Interface (ABI)
Use proper case (ie Caps for the beginnings of words)
Fundamentals of Programming
Format String.
Address Space Layout Randomization (ASLR) Dirk Gordon
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
Buffer Overflows.
When a function is called...
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CSC 497/583 Advanced Topics in Computer Security
Understanding and Preventing Buffer Overflow Attacks in Unix
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
FIGURE Illustration of Stack Buffer Overflow
Format String Vulnerability
Return-to-libc Attacks
Presentation transcript:

A Buffer Overflow Example João Paulo Magalhães 2009

Buffer Overflow 2

Buffer Overflow – A simple program 3

4 Our goal is to execute the hack() function Could be worst!

Buffer Overflow – Internal aspects of the program 5 Stack before the scanf call Stack after the scanf call print_it() and hack() functions addresses

Buffer Overflow – Running the program 6 The code of ‘A’ is 0x41!

Buffer Overflow – The x86 stack 7 Call parameters Return Address %EBP register Preserve original register values Make space for local variables in subroutines %ESP Stack Pointer (32 bits) Ends of the stack Stack Frame (currently) Stack Frame (Of who calls the subroutine)

Buffer Overflow – The attack 8 Call parameters Return Address %EBP register Preserve original register values Make space for local variables in subroutines Buffer s stays here Ends of the stack Stack Frame (currently) Stack Frame (Of who calls the subroutine) Write chars until change the return address

Buffer Overflow – Running once more 9 We want to put this address here

Buffer Overflow – The attack 10

Buffer Overflow – The attack 11 It’s used a String larger than s buffer is expecting and that stays over the return value The return address was changed Mallicious code

Buffer Overflow – But where came from the hack() function?? 12 Usually buffers don’t have enought space to store all the code that is going to be executed (i.e. s[] buffer does not have enought space to the binary code of hack()), so we only need to make the program to read data from someplace, and store it in a way that is possible to locate it later. In this case is just necessary to make the returning address point to the right location (e.g., a image!)

Buffer Overflow – But Hackers could not have access to the source code to discover the buffer sizes... It’s very easy to incrementally enlarge the input data until a crash occur. This way, the buffer size is discovered.

Buffer Overflow – The correct code 14 Don’t use “insecure functions”, or when it’s absolutely necessary to use them special cares are needed. E.g., gets()/fgets() scanf()/fscanf() strcat()/strcpy()...

Bibliography 15

Credits Paulo Marques Departamento de Eng. Informática Universidade de Coimbra The original (and Portuguese) version of these presentation belongs to Professor Paulo Marques

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.