Download as PDF, PPTX
CC
Uploaded byCysinfo Cyber Security Community
PDF, PPTX401 views
Buffer overflow Attacks
This document provides an introduction to buffer overflow attacks. It discusses buffer overflows, stack smashing, and controlling the execution flow by manipulating the EIP. It demonstrates how user input can make its way onto the stack and be used to control the call and return instructions. The document shows an example of writing exit shellcode and using it in a proof of concept attack. It notes that real attacks are illegal and this presentation is for demonstration purposes only.
More Related Content
![[OWASP Poland Day] Application security - daily questions & answers](https://cdn.slidesharecdn.com/ss_thumbnails/owasp-applicationsecurity-171003211500-thumbnail.jpg?width=640&height=640&fit=bounds)
Viewers also liked
Similar to Buffer overflow Attacks
![[ENG] Hacktivity 2013 - Alice in eXploitland](https://cdn.slidesharecdn.com/ss_thumbnails/exploitland-131019060054-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
More from Cysinfo Cyber Security Community
Buffer overflow Attacks
- 1. Buffer Overflow Attacks A humbleintroduction
- 2. $whoami • Security Enthusiastwith an interest in knowing things inside out.
- 3. DISCLAIMER Without rwx-r-x-r • Breakingsoftware is ILLEGAL • Hacking into networks is ILLEGAL • Launching worms/virus attacks is ILLEGAL • Governed by Indian Law - Information Technology Act, 2000. • Section 65/66/66A…F/67 etc. • This ppt is only for demo purposes and I am in no way responsible for any damage done through this knowledge to self or otherwise.
- 4. What is itabout? • Buffer overflow • Stack smashing
- 5. Don’t Expect • Toolinternals • Tool tutorials • Tool specifications • Social engineering techniques • Exploit/Payload writing
- 6. Live Attack Demo •Real life attacks are actually REAL ! • Vulnerable Unzip Utility • Impact • What do you loose if you are “NAIVE”
- 8. Some useful basics? •ESP, EIP • Return address • EBP • Environment - 32bit Ubuntu 15 - ASLR disabled and gcc - stack smashing protection - disabled.
- 9. Function call andstack arrangement ? • ESP, EIP • Return address • EBP • funcall.c • funCall gdb analysis
- 10. GOAL • Control executionflow • How ? • Control EIP • Where ? • Control it in the stack (for stack smashing) • Why ? • User input makes it’s way to the buffers in the stack • CALL and RET instruction auto-handle what goes in the EIP
- 11. writing exit shellcode • justQuit.c • disassemble justQuit and figure out _exit • exitInAsm.s • objdump exitInAsm to get the shell code
- 12. using the exitshell code • exitShellCode.c • exitShellCode gdb analysis
- 13. attacker-vicim demo • actualshell code - spawning a shell • check in exitShellCode.c • attack crafting concept • default address to anything • gdb analysis - address change and exploit
- 14. The $M ?“Who & Why” • Several flaws in VLC • GHOST in glibc • getaddrinfo in glibc • Several flaws in Apache/IIS/nginx • All of this for FUN and PROFIT.
- 15. HUGE Thanks • SecurityTube • Numerous blogs • StackOverflow • Null.co.in • SecurityXploded • Sans.org • LinuxFoundation.org