SECURITY BEYOND
COMPARE
Buffer Overflow
 Technique to force execution of malicious code

with unauthorized privileges
– launch a command shell
– ...
Layout Of Stack
 Grows from high-end address to low-end address

(buffer grows from low-end address to high-end
address);...
Layout of the Virtual Space of a Process

The
layout of
the
virtual
space of
a
process
in Linux
Example
low-end
address

esp
int cal(int a, int b)
{
int c;
c = a + b;
return c;
}
int main ()
{
int d;
d = cal(1, 2);
pri...
Shell code
 Shellcode is defined as a set of instructions which is

injected and then is executed by an exploited program...
How to prevent stack buffer
overflow?
 Stack Guard
 In a stack , a canary word is placed after return address

whenever ...
Cont.
 Non-Executable stack;
 Return-to-libc exploitation might occur
 Randomization.
 Buffer Overflow by SecArmour
 Buffer Overflow by SecArmour
 Buffer Overflow by SecArmour
 Buffer Overflow by SecArmour
 Buffer Overflow by SecArmour
 Buffer Overflow by SecArmour
 Buffer Overflow by SecArmour
 Buffer Overflow by SecArmour
Upcoming SlideShare
Loading in …5
×

Buffer Overflow by SecArmour

677 views

Published on

A buffer overflow occurs when a program or process tries to store more data than it was intended for. Buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
677
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Buffer Overflow by SecArmour

  1. 1. SECURITY BEYOND COMPARE
  2. 2. Buffer Overflow  Technique to force execution of malicious code with unauthorized privileges – launch a command shell – search local disk or network for sensitive data – register with command and control network as a zombie  Can be applied both locally and remotely  Attack technique is independent of machine  architecture and operating system  Can be tricky to execute, but extremely effective
  3. 3. Layout Of Stack  Grows from high-end address to low-end address (buffer grows from low-end address to high-end address);  Return Address- When a function returns, the instructions pointed by it will be executed;  Stack Frame pointer(esp)- is used to reference to local variables and function parameters.
  4. 4. Layout of the Virtual Space of a Process The layout of the virtual space of a process in Linux
  5. 5. Example low-end address esp int cal(int a, int b) { int c; c = a + b; return c; } int main () { int d; d = cal(1, 2); printf("%dn", d); return; } c ebp previous ebp retaddr(0x0804822) a(1) b(2) Stack high-end address
  6. 6. Shell code  Shellcode is defined as a set of instructions which is injected and then is executed by an exploited program;  Shellcode is used to directly manipulate registers and the function of a program;  Most of shellcodes use system call to do malicious behaviors;  System calls is a set of functions which allow you to access operating system-specific functions such as getting input, producing output, exiting a process;
  7. 7. How to prevent stack buffer overflow?  Stack Guard  In a stack , a canary word is placed after return address whenever a function is called;  The canary will be checked before the function returns. If value of canary is changed , then it indicates an malicious behavior. Local Variables Lower address Old Base Pointer Canary Value ReturnAddres Arguments Higher address Unix Stack Frame
  8. 8. Cont.  Non-Executable stack;  Return-to-libc exploitation might occur  Randomization.

×