Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1.

Slides:



Advertisements
Similar presentations
C Functions. What are they? In general, functions are blocks of code that perform a number of pre-defined commands to accomplish something productive.
Advertisements

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Smashing the Stack for Fun and Profit
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Security & Exploitation
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Buffer Overflow. Process Memory Organization.
Run-Time Storage Organization
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Buffer Overflow sailaja yagnavajhala sailaja yagnavajhala.
CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.
A survey of Buffer overflow exploitation on HTC touch mobile phone Advanced Defense Lab CSIE NCU Chih-Wen Ou.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Computer Security and Penetration Testing
Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.
Host and Application Security Lesson 10: Code Injection.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
CS 4010 Hacking Samba Server Vulnerabilities. Recon Telnet headers claim the following: –Red Hat Linux release 9 (Shrike) –Kernel smp on an i686.
Debugging in Java. Common Bugs Compilation or syntactical errors are the first that you will encounter and the easiest to debug They are usually the result.
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
Exploitation Of Windows Buffer Overflows. What is a Buffer Overflow A buffer overflow is when memory is copied to a location that is outside of its allocated.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
Operating Systems Security
Shellcode Development -Femi Oloyede -Pallavi Murudkar.
CNIT 127: Exploit Development Ch 8: Windows Overflows Part 2.
Lecture 13 Page 1 CS 236 Online Major Problem Areas for Secure Programming Certain areas of programming have proven to be particularly prone to problems.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
5.3 EVALUATION OF POSTFIX EXPRESSION For example, consider the evaluation of the following postfix expression using stacks: abc+d*f/- where, a=6, b=3,
Analyzing C/C++ Vulnerabilities -- Mike Gerschefske.
Chapter 02 (Part II) Introduction to C++ Programming.
Recursion ITFN The Stack. A data structure maintained by each program at runtime. Push Pop.
Heap Overflows. What is a Heap? malloc(), free(), realloc() Stores global variables Automatic memory allocation/deallocation Allocated at runtime Implemented.
Let’s look at an example
Buffer Overflows ...or How I Learned to Never Trust the User
Major Problem Areas for Secure Programming
Basic memory structure & binary exploitation
Exploiting and Defense
Protecting Memory What is there to protect in memory?
CSC 495/583 Topics of Software Security Stack Overflows
Protecting Memory What is there to protect in memory?
Module 30 (Unix/Linux Security Issues II)
Protecting Memory What is there to protect in memory?
Introduction to Information Security
CS 3305 System Calls Lecture 7.
CSC 495/583 Topics of Software Security Stack Overflows (2)
CMSC 414 Computer and Network Security Lecture 21
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Computer Organization & Compilation Process
Format String.
Address Space Layout Randomization (ASLR) Dirk Gordon
CSC 495/583 Topics of Software Security Format String Bug (2) & Heap
Smashing the Stack for Fun and Profit
The future of Software Security Dr. Si Chen
Week 2: Buffer Overflow Part 2.
Computer Organization & Compilation Process
Understanding and Preventing Buffer Overflow Attacks in Unix
FIGURE Illustration of Stack Buffer Overflow
Several Tips on Project 1
Outline Introduction Memory protection Buffer overflows
Format String Vulnerability
Presentation transcript:

rpisec.org/2013/ /exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

RPISEC - 09/13/2013Intro to Memory Corruption2

The simplest definition – To change data the program uses in ways that were not intended by the programmer So what does this actually mean? And what can we do with it? Let’s take a look at exercise one RPISEC - 09/13/2013Intro to Memory Corruption3

RPISEC - 09/13/2013Intro to Memory Corruption4

You just overflowed your first buffer! But in a controlled manner A more reckless overflow would probably result in the program segfaulting segfault: An error reading/writing to memory RPISEC - 09/13/2013Intro to Memory Corruption5

The stack is how a program maintains variables and their data during execution This is main()’s stack > Omg wut have we done Is_zero == ‘U’ == 85 RPISEC - 09/13/2013Intro to Memory Corruption6

RPISEC - 09/13/2013Intro to Memory Corruption7

What if we overwrote the return address that’s stored further down the stack? The return address tells the program where to go after a completing a function call In this case, we’d segfault… but what if we set it to something more meaningful than AAAA? RPISEC - 09/13/2013Intro to Memory Corruption8

RPISEC - 09/13/2013Intro to Memory Corruption9

RPISEC - 09/13/2013Intro to Memory Corruption10

What we just did was take control of the program’s execution flow, and bend it the way of our will What if this program was running on a server? Or perhaps running under an admin user? Security – To ensure and maintain complete control of the execution flow of your program RPISEC - 09/13/2013Intro to Memory Corruption11

This time, we overwrote the return address, effectively telling the program where it should go next What if we could insert our OWN code into the program, and point the return address towards that? - ‘shellcode’ … Next time ;) RPISEC - 09/13/2013Intro to Memory Corruption12

To really become good at exploitation, you need to have a solid grasp on the low level stuff This means knowing x86 assembly, how the stack works, and how data is typically laid out in memory RPISEC - 09/13/2013Intro to Memory Corruption13

Welcome to real Hacking! Related wargames: – io.smashthestack.org – exploit-exercises.com/protostar Come to our ‘advanced’ meeting, Wednesday! We’ll be rolling our own shellcode :> RPISEC - 09/13/2013Intro to Memory Corruption14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.