SQL injection and buffer overflows are two common application attacks discussed in the chapter. SQL injection occurs when user input is not sanitized before being used to construct SQL queries, allowing attackers to alter queries or access unauthorized data. Buffer overflows happen when more data is written to a buffer than it can hold, overwriting adjacent memory and potentially allowing execution of arbitrary code. The document outlines how these attacks work, their goals, and countermeasures like input validation, limiting error messages, and using programming languages less vulnerable to overflows.
Ethical hacking (sql injection and butter overflow)
1. BOOK
CEH Certified Ethical Hacker Study Guide
By
Graves, Kimberly
Chapter: 9
Attacking Applications: SQL Injection and Buffer Overflows
2. What is SQL injection?
● SQL injection is a hacking method used to attack SQL databases.
● There are always some vulnerabilities in an application.
● SQL injection try to attack on those vulnerabilities.
● SQL injection occurs when an application processes user-provided data to create
a SQL statement without first validating the input.
● Generally, the purpose of SQL injection is to convince the application to run SQL
code that was not intended.
● During a web application SQL injection attack, malicious code is inserted into a
web form field or the website’s code to make a system execute a command shell
or other arbitrary commands
3. Understand the steps to conduct SQL injection
Username:
Password:
hacker
ethical123
Username:
Password:
ok or 1=1 - -
Ok or 1=1 - -
Valid SQL:
SELECT * FROM USER
WHERE username=hacker and password=ethical123
Injected SQL:
SELECT * FROM USER
WHERE username=ok or 1=1 - -
and
password=ok or 1=1 - -
Injected SQL may return all the data from the “USER” table at once and
Attacker gets valuable data like username, password, credit card number.
4. The Purpose of SQL Injection
● Identifying SQL Injection Vulnerability
● Performing Database Finger-Printing
● Determining Database Schema
● Extracting Data
● Adding or Modifying Data
● Performing Denial of Service
● Evading Detection
● Bypassing Authentication
● Executing Remote Commands
● Performing Privilege Escalation
5. Describe SQL injection countermeasures
● A countermeasure is a measure or action taken to counter or offset another
one.
● The SQL vulnerabilities occur mainly for not validating the user input.
→ Steps could be taken to defense the SQL Injection:
● Rejecting known bad input
● Sanitizing and validating the input field
● Disable verbose and explanatory messages
6. Buffer overflows
● A buffer is a sequential section of memory allocated to contain anything from a
character string to an array of integers
● A buffer overflow exploit causes a system to fail by overloading memory or
executing a command shell or arbitrary code on the target system.
● A buffer overflow vulnerability is caused by a lack of bounds checking or a lack of
input-validation sanitization in a variable field (such as on a web form).
● If the application doesn’t check or validate the size or format of a variable before
sending it to be stored in memory, an overflow vulnerability exit.
● Attacks usually targets at user input fields
7. Type of Buffer Overflow
→ There are mainly two type of buffer overflow
1. Stack based
2. Heap based
8. Overview of stack-based buffer overflows
The following are the steps a hacker uses to execute a stack-based buffer
overflow:
1. Enter a variable into the buffer to exhaust the amount of memory in the stack.
2. Enter more data than the buffer has allocated in memory for that variable, which causes
the memory to overflow or run into the memory space for the next process. Then, add
another variable, and overwrite the return pointer that tells the program where to return
to after executing the variable.
3. A program executes this malicious code variable and then uses the return pointer to get
back to the next line of executable code. If the hacker successfully overwrites the
pointer, the program executes the hacker’s code instead of the program code
9.
10. Buffer Overflow Countermeasures
● A hacker must know the exact memory address and the size of the stack in
order to make the return pointer execute their code.
● A hacker can send NOP (No Operation) instruction.
● Intrusion detection system (IDS) can be used to detect malicious code.
● Attacker tries to send a series of NOP instruction.
● Programmers should not use the built-in strcpy(), strcat(), and streadd()
C/C++ functions because they are susceptible to buffer overflows
● Java can be used as the programming language since Java is not susceptible
to buffer overflows