securityxploded, profile picture
Uploaded bysecurityxploded
PDF, PPTX666 views

Buffer Overflow Attacks

The document is an introduction to buffer overflow attacks, emphasizing the risks and legal implications of hacking. It covers technical aspects such as stack smashing, function call arrangements, and includes practical examples and demonstrations without promoting illegal activities. The presentation also acknowledges various security resources and platforms for further learning.

Embed presentation

Download as PDF, PPTX
Buffer Overflow Attacks A humble introduction
$whoami • Security Enthusiast with an interest in knowing things inside out.
DISCLAIMER Without rwx-r-x-r • Breaking software is ILLEGAL • Hacking into networks is ILLEGAL • Launching worms/virus attacks is ILLEGAL • Governed by Indian Law - Information Technology Act, 2000. • Section 65/66/66A…F/67 etc. • This ppt is only for demo purposes and I am in no way responsible for any damage done through this knowledge to self or otherwise.
What is it about? • Buffer overflow • Stack smashing
Don’t Expect • Tool internals • Tool tutorials • Tool specifications • Social engineering techniques • Exploit/Payload writing
Live Attack Demo • Real life attacks are actually REAL ! • Vulnerable Unzip Utility • Impact • What do you loose if you are “NAIVE”
Some useful basics? • ESP, EIP • Return address • EBP • Environment - 32bit Ubuntu 15 - ASLR disabled and gcc - stack smashing protection - disabled.
Function call and stack arrangement ? • ESP, EIP • Return address • EBP • funcall.c • funCall gdb analysis
GOAL • Control execution flow • How ? • Control EIP • Where ? • Control it in the stack (for stack smashing) • Why ? • User input makes it’s way to the buffers in the stack • CALL and RET instruction auto-handle what goes in the EIP
writing exit shell code • justQuit.c • disassemble justQuit and figure out _exit • exitInAsm.s • objdump exitInAsm to get the shell code
using the exit shell code • exitShellCode.c • exitShellCode gdb analysis
attacker-vicim demo • actual shell code - spawning a shell • check in exitShellCode.c • attack crafting concept • default address to anything • gdb analysis - address change and exploit
The $M ? “Who & Why” • Several flaws in VLC • GHOST in glibc • getaddrinfo in glibc • Several flaws in Apache/IIS/nginx • All of this for FUN and PROFIT.
HUGE Thanks • Security Tube • Numerous blogs • StackOverflow • Null.co.in • SecurityXploded • Sans.org • LinuxFoundation.org

More Related Content

PDF
Hacking the Gateways
byOnur Alanbel
 
PDF
The Postmodern Binary Analysis
byOnur Alanbel
 
PDF
Fuzzing underestimated method of finding hidden bugs
byPawel Rzepa
 
PDF
Troubleshooting Node.js
byIgor Soarez
 
PPTX
Hacking routers as Web Hacker
byHeadLightSecurity
 
PDF
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
byDefcon Moscow
 
PPTX
American Fuzzy Lop
byMichael Overmeyer
 
PPTX
DefCamp 2013 - MSF Into The Worm Hole
byDefCamp
 
Hacking the Gateways
byOnur Alanbel
 
The Postmodern Binary Analysis
byOnur Alanbel
 
Fuzzing underestimated method of finding hidden bugs
byPawel Rzepa
 
Troubleshooting Node.js
byIgor Soarez
 
Hacking routers as Web Hacker
byHeadLightSecurity
 
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
byDefcon Moscow
 
American Fuzzy Lop
byMichael Overmeyer
 
DefCamp 2013 - MSF Into The Worm Hole
byDefCamp
 

What's hot

PPTX
Burp better - Finding Struts and XXE Vulns with Burp Extensions
byChris Elgee
 
PDF
Node.js Anti-Patterns and bad practices
byIgor Soarez
 
PDF
Phpstormを使いこなす
byYutaka Tachibana
 
PDF
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
byJ On The Beach
 
PPTX
Олег Купреев «Уязвимости программного обеспечения телекоммуникационного обору...
byMail.ru Group
 
PDF
Zero_to_Hero_in_Cyber_Security
bySanthosh Baswa
 
PPTX
The internet of $h1t
byAmit Serper
 
PPTX
Un) fucking forensics
byShane Macaulay
 
PDF
DIFFDroid_Anto_Joseph_HIP_2016
byAnthony Jose
 
PPTX
Hacking AMD MIOpen to run anywhere
byMartin Chang
 
PDF
Kasza smashing the_jars
byPacSecJP
 
Burp better - Finding Struts and XXE Vulns with Burp Extensions
byChris Elgee
 
Node.js Anti-Patterns and bad practices
byIgor Soarez
 
Phpstormを使いこなす
byYutaka Tachibana
 
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
byJ On The Beach
 
Олег Купреев «Уязвимости программного обеспечения телекоммуникационного обору...
byMail.ru Group
 
Zero_to_Hero_in_Cyber_Security
bySanthosh Baswa
 
The internet of $h1t
byAmit Serper
 
Un) fucking forensics
byShane Macaulay
 
DIFFDroid_Anto_Joseph_HIP_2016
byAnthony Jose
 
Hacking AMD MIOpen to run anywhere
byMartin Chang
 
Kasza smashing the_jars
byPacSecJP
 

Viewers also liked

PPT
Introduction to SMPC
bysecurityxploded
 
PPTX
Reverse Engineering Malware
bysecurityxploded
 
PPTX
DLL Preloading Attack
bysecurityxploded
 
PPTX
Reversing and Decrypting the Communications of APT Malware (Etumbot)
bysecurityxploded
 
PPTX
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
bysecurityxploded
 
PPTX
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
bysecurityxploded
 
PPTX
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
bysecurityxploded
 
PDF
Hollow Process Injection - Reversing and Investigating Malware Evasive Tactics
bysecurityxploded
 
PPTX
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
bysecurityxploded
 
PPTX
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
bysecurityxploded
 
PPTX
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basics
bysecurityxploded
 
PPTX
Advanced Malware Analysis Training Session 5 - Reversing Automation
bysecurityxploded
 
PPTX
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
bysecurityxploded
 
PPTX
Reversing & malware analysis training part 3 windows pe file format basics
bysecurityxploded
 
PPTX
Reversing & Malware Analysis Training Part 13 - Future Roadmap
bysecurityxploded
 
PPTX
Advanced Malware Analysis Training Session 8 - Introduction to Android
bysecurityxploded
 
PPTX
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
bysecurityxploded
 
PPTX
Fingerprinting healthcare institutions
bysecurityxploded
 
PPTX
Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
bysecurityxploded
 
PPTX
Primer on password security
bysecurityxploded
 
Introduction to SMPC
bysecurityxploded
 
Reverse Engineering Malware
bysecurityxploded
 
DLL Preloading Attack
bysecurityxploded
 
Reversing and Decrypting the Communications of APT Malware (Etumbot)
bysecurityxploded
 
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
bysecurityxploded
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
bysecurityxploded
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
bysecurityxploded
 
Hollow Process Injection - Reversing and Investigating Malware Evasive Tactics
bysecurityxploded
 
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
bysecurityxploded
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
bysecurityxploded
 
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basics
bysecurityxploded
 
Advanced Malware Analysis Training Session 5 - Reversing Automation
bysecurityxploded
 
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
bysecurityxploded
 
Reversing & malware analysis training part 3 windows pe file format basics
bysecurityxploded
 
Reversing & Malware Analysis Training Part 13 - Future Roadmap
bysecurityxploded
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
bysecurityxploded
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
bysecurityxploded
 
Fingerprinting healthcare institutions
bysecurityxploded
 
Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
bysecurityxploded
 
Primer on password security
bysecurityxploded
 

Similar to Buffer Overflow Attacks

PDF
Null bufferoverflow
byAbhinav Chourasia, GMOB
 
PDF
fg.workshop: Software vulnerability
byfg.informatik Universität Basel
 
PDF
Buffer Overflows in cybersecurity notes .pdf
byavinashspider018
 
PPTX
Anatomy of a Buffer Overflow Attack
byRob Gillen
 
PPTX
Buffer overflow – Smashing The Stack
byTomer Zait
 
PDF
Dive into exploit development
byPayampardaz
 
PPT
Writing Metasploit Plugins
byamiable_indian
 
PPTX
ETCSS: Into the Mind of a Hacker
byRob Gillen
 
PDF
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
byElvin Gentiles
 
PDF
Buffer Overflow - Smashing the Stack
byironSource
 
PDF
Basic buffer overflow part1
byPayampardaz
 
PPTX
Stack-Based Buffer Overflows
byDaniel Tumser
 
ODP
null Pune meet - Application Security: Code injection
byn|u - The Open Security Community
 
PPTX
Software to the slaughter
byQuinn Wilton
 
PDF
[ENG] Hacktivity 2013 - Alice in eXploitland
byZoltan Balazs
 
PPT
Dau Hoang - Buffer Overflows 8980 for Stu
byQueenNicki1
 
PPTX
Reversing malware analysis training part10 exploit development basics
byCysinfo Cyber Security Community
 
PPTX
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
bylior mazor
 
PPTX
Vulnerability, exploit to metasploit
byTiago Henriques
 
PDF
Exploitation Crash Course
byUTD Computer Security Group
 
Null bufferoverflow
byAbhinav Chourasia, GMOB
 
fg.workshop: Software vulnerability
byfg.informatik Universität Basel
 
Buffer Overflows in cybersecurity notes .pdf
byavinashspider018
 
Anatomy of a Buffer Overflow Attack
byRob Gillen
 
Buffer overflow – Smashing The Stack
byTomer Zait
 
Dive into exploit development
byPayampardaz
 
Writing Metasploit Plugins
byamiable_indian
 
ETCSS: Into the Mind of a Hacker
byRob Gillen
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
byElvin Gentiles
 
Buffer Overflow - Smashing the Stack
byironSource
 
Basic buffer overflow part1
byPayampardaz
 
Stack-Based Buffer Overflows
byDaniel Tumser
 
null Pune meet - Application Security: Code injection
byn|u - The Open Security Community
 
Software to the slaughter
byQuinn Wilton
 
[ENG] Hacktivity 2013 - Alice in eXploitland
byZoltan Balazs
 
Dau Hoang - Buffer Overflows 8980 for Stu
byQueenNicki1
 
Reversing malware analysis training part10 exploit development basics
byCysinfo Cyber Security Community
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
bylior mazor
 
Vulnerability, exploit to metasploit
byTiago Henriques
 
Exploitation Crash Course
byUTD Computer Security Group
 

More from securityxploded

PPTX
Malicious Client Detection Using Machine Learning
bysecurityxploded
 
PDF
Understanding CryptoLocker (Ransomware) with a Case Study
bysecurityxploded
 
PDF
Linux Malware Analysis using Limon Sandbox
bysecurityxploded
 
PPTX
Breaking into hospitals
bysecurityxploded
 
PPTX
Bluetooth [in]security
bysecurityxploded
 
PPTX
Basic malware analysis
bysecurityxploded
 
PPTX
Automating Malware Analysis
bysecurityxploded
 
PPTX
Partial Homomorphic Encryption
bysecurityxploded
 
PPTX
Hunting Rootkit From the Dark Corners Of Memory
bysecurityxploded
 
PPTX
Return Address – The Silver Bullet
bysecurityxploded
 
PPTX
Defeating public exploit protections (EMET v5.2 and more)
bysecurityxploded
 
PPTX
Hunting Ghost RAT Using Memory Forensics
bysecurityxploded
 
PPTX
Malicious Url Detection Using Machine Learning
bysecurityxploded
 
PPTX
Anatomy of Exploit Kits
bysecurityxploded
 
PPTX
MalwareNet Project
bysecurityxploded
 
PPTX
Dissecting BetaBot
bysecurityxploded
 
PPTX
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
bysecurityxploded
 
Malicious Client Detection Using Machine Learning
bysecurityxploded
 
Understanding CryptoLocker (Ransomware) with a Case Study
bysecurityxploded
 
Linux Malware Analysis using Limon Sandbox
bysecurityxploded
 
Breaking into hospitals
bysecurityxploded
 
Bluetooth [in]security
bysecurityxploded
 
Basic malware analysis
bysecurityxploded
 
Automating Malware Analysis
bysecurityxploded
 
Partial Homomorphic Encryption
bysecurityxploded
 
Hunting Rootkit From the Dark Corners Of Memory
bysecurityxploded
 
Return Address – The Silver Bullet
bysecurityxploded
 
Defeating public exploit protections (EMET v5.2 and more)
bysecurityxploded
 
Hunting Ghost RAT Using Memory Forensics
bysecurityxploded
 
Malicious Url Detection Using Machine Learning
bysecurityxploded
 
Anatomy of Exploit Kits
bysecurityxploded
 
MalwareNet Project
bysecurityxploded
 
Dissecting BetaBot
bysecurityxploded
 
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
bysecurityxploded
 

Buffer Overflow Attacks

  • 1.
  • 2.
    $whoami • Security Enthusiastwith an interest in knowing things inside out.
  • 3.
    DISCLAIMER Without rwx-r-x-r • Breakingsoftware is ILLEGAL • Hacking into networks is ILLEGAL • Launching worms/virus attacks is ILLEGAL • Governed by Indian Law - Information Technology Act, 2000. • Section 65/66/66A…F/67 etc. • This ppt is only for demo purposes and I am in no way responsible for any damage done through this knowledge to self or otherwise.
  • 4.
    What is itabout? • Buffer overflow • Stack smashing
  • 5.
    Don’t Expect • Toolinternals • Tool tutorials • Tool specifications • Social engineering techniques • Exploit/Payload writing
  • 6.
    Live Attack Demo •Real life attacks are actually REAL ! • Vulnerable Unzip Utility • Impact • What do you loose if you are “NAIVE”
  • 8.
    Some useful basics? •ESP, EIP • Return address • EBP • Environment - 32bit Ubuntu 15 - ASLR disabled and gcc - stack smashing protection - disabled.
  • 9.
    Function call andstack arrangement ? • ESP, EIP • Return address • EBP • funcall.c • funCall gdb analysis
  • 10.
    GOAL • Control executionflow • How ? • Control EIP • Where ? • Control it in the stack (for stack smashing) • Why ? • User input makes it’s way to the buffers in the stack • CALL and RET instruction auto-handle what goes in the EIP
  • 11.
    writing exit shellcode • justQuit.c • disassemble justQuit and figure out _exit • exitInAsm.s • objdump exitInAsm to get the shell code
  • 12.
    using the exitshell code • exitShellCode.c • exitShellCode gdb analysis
  • 13.
    attacker-vicim demo • actualshell code - spawning a shell • check in exitShellCode.c • attack crafting concept • default address to anything • gdb analysis - address change and exploit
  • 14.
    The $M ?“Who & Why” • Several flaws in VLC • GHOST in glibc • getaddrinfo in glibc • Several flaws in Apache/IIS/nginx • All of this for FUN and PROFIT.
  • 15.
    HUGE Thanks • SecurityTube • Numerous blogs • StackOverflow • Null.co.in • SecurityXploded • Sans.org • LinuxFoundation.org