Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Slides:



Advertisements
Similar presentations
Practical Malware Analysis
Advertisements

Smashing the Stack for Fun and Profit
Review of the MIPS Instruction Set Architecture. RISC Instruction Set Basics All operations on data apply to data in registers and typically change the.
Run-time Environment for a Program different logical parts of a program during execution stack – automatically allocated variables (local variables, subdivided.
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Intro to Exploitation Stack Overflows James McFadyen UTD Computer Security Group 10/20/2011.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
1 Lecture 5: Procedures Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.
Assembly Language for Intel-Based Computers Chapter 2: IA-32 Processor Architecture Kip Irvine.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola
Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.
Dr. José M. Reyes Álamo 1.  The 80x86 memory addressing modes provide flexible access to memory, allowing you to easily access ◦ Variables ◦ Arrays ◦
Instruction Set Architecture
L/O/G/O The Instruction Set Chapter 9 CS.216 Computer Architecture and Organization.
Buffer Overflows : An In-depth Analysis. Introduction Buffer overflows were understood as early as 1972 The legendary Morris Worm made use of a Buffer.
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
CIS 450 – Network Security Chapter 7 – Buffer Overflow Attacks.
Fall 2012 Chapter 2: x86 Processor Architecture. Irvine, Kip R. Assembly Language for x86 Processors 6/e, Chapter Overview General Concepts IA-32.
Buffer Overflow CS461/ECE422 Spring Reading Material Based on Chapter 11 of the text.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Smashing the Stack Overview The Stack Region Buffer Overflow
CNIT 127: Exploit Development Ch 3: Shellcode. Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object.
Overflows & Exploits. In the beginning 11/02/1988 Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating,
CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows
CNIT 127: Exploit Development Ch 1: Before you begin.
ECEG-3202 Computer Architecture and Organization Chapter 6 Instruction Sets: Addressing Modes and Formats.
Instruction Sets: Addressing modes and Formats Group #4  Eloy Reyes  Rafael Arevalo  Julio Hernandez  Humood Aljassar Computer Design EEL 4709c Prof:
1 The Instruction Set Architecture September 27 th, 2007 By: Corbin Johnson CS 146.
Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-
CS642: Computer Security X86 Review Process Layout, ISA, etc. Drew Davidson
Copyright 2006 by Timothy J. McGuire, Ph.D. 1 MIPS Programming Model CS 333 Sam Houston State University Dr. Tim McGuire.
LECTURE 3 Translation. PROCESS MEMORY There are four general areas of memory in a process. The text area contains the instructions for the application.
1 Contents: 3.1 Instruction format and Addressing Modes 3.2 Instruction Introduction Chapter 3 Instruction system.
EEL 4709C Prof. Watson Herman Group 4 Ali Alshamma, Derek Montgomery, David Ortiz 11/11/2008.
Chapter Overview General Concepts IA-32 Processor Architecture
Lecture 3 Translation.
Exploiting & Defense Day 1 Recap
Shellcode COSC 480 Presentation Alison Buben.
CS 177 Computer Security Lecture 9
Instruction Set Architecture
Displacement (Indexed) Stack
Protecting Memory What is there to protect in memory?
Assembly language.
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
William Stallings Computer Organization and Architecture 8th Edition
Von Neumann model - Memory
Computer Organization and Assembly Language (COAL)
Introduction to Assembly Language
Summary by - Bo Zhang and Shuang Guo [Date: 03/31/2014]
Lecture 4: MIPS Instruction Set
Computer Organization & Compilation Process
Assembly Language Programming I: Introduction
Fundamentals of Computer Organisation & Architecture
ECEG-3202 Computer Architecture and Organization
Smashing the Stack for Fun and Profit
Von Neumann model - Memory
Week 2: Buffer Overflow Part 1.
CSC 497/583 Advanced Topics in Computer Security
William Stallings Computer Organization and Architecture 8 th Edition Chapter 11 Instruction Sets: Addressing Modes and Formats.
Computer Organization and Assembly Language
Understanding and Preventing Buffer Overflow Attacks in Unix
Computer Architecture and System Programming Laboratory
Presentation transcript:

Introduction: Exploiting Linux

Basic Concepts

Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as – Denial of service (loss of availability) – Elevating privileges (e.g. user to Administrator) – Remote Code Execution (typically a remote shell)

Exploit Exploit (v.) – To take advantage of a vulnerability and cause a result the designer did not intend Exploit (n.) – The code that is used to take advantage of a vulnerability – Also called a Proof of Concept (PoC)

Fuzzer – A tool that sends a large range of unexpected input values to a system – The purpose is to find bugs which could later be exploited

Memory Management Specifically for Intel 32-bit architecture Most exploits we'll use involve overwriting or overflowing one portion of memory into another Understanding memory management is therefore crucial

Instructions and Data There is no intrinsic difference between data and executable instructions – Although there are some defenses like Data Execution Prevention They are both just a series of bytes This ambiguity makes system exploitation possible

Program Address Space Three types of segments –.text contains program instructions (read-only) –.data contains static initialized global variables (writable) –.bss contains uninitialized global variables (writable)

Stack Last In First Out (LIFO) Most recently pushed data is the first popped Ideal for storing transitory information – Local variables – Information relating to function calls – Other information used to clean up the stack after a function is called Grows down – As more data is added, it uses lower address values

Heap Holds dynamic variables Roughly First In First Out (FIFO) Grows up in address space

Program Layout in RAM From link Ch 1a (.bss = Block Started by Symbols)

Assembly

Assembly Language Different versions for each type of processor x86 – 32-bit Intel (most common) x64 – 64-bit Intel SPARC, PowerPC, MIPS, ARM – others Windows runs on x86 or x64 x64 machines can run x86 programs Most malware is designed for x86

Instructions Mnemonic followed by operands mov ecx 0x42 – Move into Extended C register the value 42 (hex) mov ecx is 0xB9 in hexadecimal The value 42 is 0x In binary this instruction is 0xB

Operands Immediate – Fixed values like –x42 Register – eax, ebx, ecx, and so on Memory address – Denoted with brackets, like [eax]

Registers

EIP (Extended Instruction Pointer) Contains the memory address of the next instruction to be executed If EIP contains wrong data, the CPU will fetch non-legitimate instructions and crash Buffer overflows target EIP

Simple Instructions

mov source, destination – Moves data from one location to another AT&T format is favored by Linux developers, with source first Remember indirect addressing – [ebx] means the memory location pointed to by EBX

Intel v. AT&T Format gdb uses AT&T format by default, which is popular with Linux users – mov source, destination Windows users more commonly use Intel format – MOV DESTINATION, SOURCE

Jasmin Assembly Language Simulator

Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996) – Link Ch 2a Buffer – A limited, contiguously allocated set of memory – In C, usually an array

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.