Exploiting stack overflow 101

Exploiting Stack Overflow 101 By Sebas Sujeen (_masteR)

#whoami
Student @ CEG currently in my fourth year
Interested in exploit development/systems security
Active member of g4h , an online community for hackers
Attitude: Learn what you don’t know , share what you learn
Blog @ http://phr33dom.wordpress.com

Agenda
We will be exploiting a simple stack overflow found in EasyRmtoMp3 player
Nothing new, the reason for choosing this software is that reference to exploit this software is available online @ http://corelan.be
So , nothing stops you from trying it out yourselves!

Setting up the Environment
Immunity Debugger
Windows Xp SP3
Metasploit framework

The theory... Before the fun part
A typical function call looks like this in assembly
push args
call function

A typical function prologue
push ebp ;save the sfp
mov ebp,esp; ebp points to base of current sf
sub esp,<offset>;space for local variables

A typical function epilogue looks like this
leave; mov esp,ebp / pop ebp
ret ; pop the dword @ esp and put it in eip

Visualize the stack Breno de Medeiros Florida State University Fall 2005
Function (sub-routine) calls results in an activation frame being pushed onto a memory area called the stack .
<previous stack frame> function arguments return address previous frame pointer local variables local buffer variables Direction of stack growth

Time to visualize the exploit
void get_input() {
char buf[1024];
gets(buf);
}
void main(int argc, char*argv[]){
get_input();
}
Vulnerable to Buffer overflow because , gets()
doesn’t check the size of the buffer causing it to
overflow.According to the slide before, if we give
1024 + 8 bytes we overwrite saved return address
which can be the address of our shellcode in memory
to alter the execution path of our program.

References
http://phrack.org
http://corelan.be
http://metasploit.com

Exploit Demo

Questions!!!

Exploiting stack overflow 101

by n|u - The Open Security Community on Nov 25, 2011

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 256

Statistics

Exploiting stack overflow 101 — Presentation Transcript