Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Smashing the stack for fun and profit

603 views

Published on

Presentation on Stack overflow and how it works with example based on the paper referenced "Smashing the stack for fun and profit"

Published in: Education
  • Login to see the comments

  • Be the first to like this

Smashing the stack for fun and profit

  1. 1. SMASHING THE STACK FOR FUN AND PROFIT PRESENTED BY MD. MASUDUR RAHMAN MSSE 0404 IIT, DU
  2. 2. Outline 1. Problem specification of stack overflow 2. Memory structure 3. Stack overflow with examples 4. Code Injection 5. Discussion 2
  3. 3. Research Problem How could a stack be smashed?  What Buffer Overflows are  How Buffer Overflow exploit works 3
  4. 4. Process Memory Organization (1/3) 4
  5. 5. Process Memory Organization (2/3) 5
  6. 6. Process Memory Organization (3/3) 6
  7. 7. Structure of a Stack Manage Control flow 7
  8. 8. Stack Operation  Push  Procedure prolog/enter/link  Pop  Procedure epilog/leave/unlink 8
  9. 9. Stack Operation with Example 9
  10. 10. Stack Overflow 10
  11. 11. Stack Overflow Example 11
  12. 12. Injecting Shell Code Shell Code in C 12
  13. 13. Injecting Shell Code 13
  14. 14. Injecting Shell Code 14
  15. 15. Another Example of Exploit 15
  16. 16. NOP Padding 16
  17. 17. Problem with Small Buffer  Can’t hold Shell Code  Return address points to another instead of shell code Solution  Use Environment variable 17
  18. 18. Vulnerable Code  No built-in bound checking  Functions: strcat(); strcpy(); gets(); etc 18
  19. 19. Discussion How to prevent stack overflow attack using bound checking?  Bound Checking when taking input from outside/untrusted source  Avoid vulnerable functions 19
  20. 20. 20
  21. 21. Question Set 1. Explain stack overflow with proper example. 2. What is NOP? Why attackers use NOP instruction? 3. Explain the problem with small buffer size an attacker faces to exploit the buffer? Provide a solution for it? 21

×