Scribd
Upload
45 views

Buffer Overflows: ( Dissecting The Exploit)

The document discusses buffer overflows and how attackers exploit them. It explains what a buffer is, how overflow occurs when too much data is placed in a buffer, and how the overflow can be used to inject attack code and hijack the instruction pointer to alter the program flow. The attacker's methodology is also outlined, covering reconnaissance, gaining access, privilege escalation, and covering tracks. Hands-on practice of buffer overflows is recommended on the Over The Wire security training network.

Uploaded by

Axel Luciano
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
45 views

Buffer Overflows: ( Dissecting The Exploit)

The document discusses buffer overflows and how attackers exploit them. It explains what a buffer is, how overflow occurs when too much data is placed in a buffer, and how the overflow can be used to inject attack code and hijack the instruction pointer to alter the program flow. The attacker's methodology is also outlined, covering reconnaissance, gaining access, privilege escalation, and covering tracks. Hands-on practice of buffer overflows is recommended on the Over The Wire security training network.

Uploaded by

Axel Luciano
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

Buffer Overflows

(…dissecting the exploit)

http://www.JasonDion.com
Attacker’s Methodology

Covering
Scanning Escalation Tracks
Performing Gaining Maintaining
and of and
Reconnaissance Access Access
Enumeration Privilege Placing
Backdoors

Pre-Attack Steps
Risk Level

http://www.JasonDion.com Buffer Overflows


What is a Buffer?
• A temporary storage
area the program uses
to store data

http://www.JasonDion.com Buffer Overflows


Buffer Usage

Phone: 555-1234
http://www.JasonDion.com Buffer Overflows
Buffer Usage
Example of an 8-bit Buffer (A)

A
0 1 2 3 4 5 6 7

Phone: 555-1234
http://www.JasonDion.com Buffer Overflows
Buffer Usage
Example of an 8-bit Buffer (A)

A 5 5 5 - 1 2 3 4
0 1 2 3 4 5 6 7

Phone: 555-1234
http://www.JasonDion.com Buffer Overflows
What is a Buffer Overflow?
• When a program puts
more data into a
buffer than the buffer
can hold

http://www.JasonDion.com Buffer Overflows


Buffer Usage
Example of an 8-bit Buffer (A)

A 5 5 5 - 1 2 3 4
0 1 2 3 4 5 6 7
B
0 1 2 3 4 5 6 7

Phone: 555-1234
http://www.JasonDion.com Buffer Overflows
Buffer Overflow
Example of an 8-bit Buffer (A)

A
0 1 2 3 4 5 6 7
B
0 1 2 3 4 5 6 7

Phone: 555-1234
210-555-1234
http://www.JasonDion.com Buffer Overflows
Buffer Overflow
Example of an 8-bit Buffer (A)

A 2 1 0 - 5 5 5 -
0 1 2 3 4 5 6 7
B 1 2 3 4
0 1 2 3 4 5 6 7

Phone: 555-1234
210-555-1234
http://www.JasonDion.com Buffer Overflows
How does the exploit work?
• Stack is a reserved area of
memory where the program
saves the return address
when a call instruction is
received

http://www.JasonDion.com Buffer Overflows


How does the exploit work?
• Stack is organized in FILO
structure

• First thing placed in the


stack is the last thing
removed

http://www.JasonDion.com Buffer Overflows


How does the exploit work?
• Attacker can place too
much information on the
stack or change the value
of the return pointer to carry
out the attack

http://www.JasonDion.com Buffer Overflows


How does the exploit work?
• Attacker’s code is placed in
the buffer

• Code could be used to run


commands or execute a
series of instructions

http://www.JasonDion.com Buffer Overflows


Attacker’s Methodology

Covering
Scanning Escalation Tracks
Performing Gaining Maintaining
and of and
Reconnaissance Access Access
Enumeration Privilege Placing
Backdoors

Pre-Attack Steps
Risk Level

http://www.JasonDion.com Buffer Overflows


Practice: Over the Wire
• http://overthewire.org/wargames/narnia/

• A live environment you can


connect to via SSH to attempt
various binary exploitation
challenges, including
Buffer Overflows

http://www.JasonDion.com Buffer Overflows


http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
http://www.JasonDion.com Buffer Overflows
Recommended Reading
• The Shellcoder’s Handbook

• Hacking: The Art of Exploitation

• The Hacker Playbook 2

http://www.JasonDion.com Buffer Overflows


Buffer Overflows
(…dissecting the exploit)

http://www.JasonDion.com

You might also like