BUFFER OVERFLOW - PowerPoint PPT Presentation

1 / 11

About This Presentation

Title:

BUFFER OVERFLOW

Description:

Fill with the tailor-made code. Overflow the buffer (usually by passing as argument) ... StackGuard. Patch to make stack non-executable. Wrapper libraries ... – PowerPoint PPT presentation

Number of Views:67

Avg rating:3.0/5.0

Slides: 12

Provided by: esw1

Category:

Tags: buffer | overflow | tailormake

Transcript and Presenter's Notes

Title: BUFFER OVERFLOW

1

BUFFER OVERFLOW
-Eswar Balasubramanian
ECE578

2
Precursor

How serious is this BO?
Number of Vulnerabilities in the past week 11
First Six vulnerabilities of 2002

3
Agenda

BO what is it?
About the stack
Exploit
Prevention

4
Buffer Overflow

Copying more data into a buffer than it could
hold
char variable10
char safe8 AAAAAAAA
char unsafe30 AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
strcpy(variable, safe)
strcpy(variable, insafe)

5
Stack

Used by Functions
Variables are allocated dynamically
esp and ebp adjusted accordingly
/ vulnerable.c /
int main()
char buffer500
gets(buffer)
return 0
Ret from gets ? points to return 0

sfp
ret from gets
esp
buffer 500
ebp
sfp 4
ret 4
6
What Next?

To alter the return address to our liking
To place a tailor made code to do what we like
buffer sfp ret
xxxxxxxxxx xxxx xxxx
? 500 ? 4 4
Algorithm
Copy the big string into the buffer area to
overflow the sfp and ret
Overflow the ret such that the return address
points to the beginning of the buffer
Upon completion the program will return to the
place pointed by ret, which is altered to point
to the beginning of the buffer.
This buffer will contain the code to do something
we like

7
To Do

Calculate return address
Construct large string
Return address calculated by finding the stack
pointer of gets()
Subtract a guessed value from esp

8

String initially filled entirely with the ret
address
Beginning of the string with NOPs (1/3)
Fill with the tailor-made code
Overflow the buffer
(usually by passing as argument)

9

char bufferSIZE
ret esp - offset
// fill buffer with ret addr's
ptr buffer
addr_ptr (long )ptr
for(i0 iltSIZE i4)
(addr_ptr) ret
// fill first half of buffer with NOPs
for(i0 iltSIZE/2 i)
bufferi '\x90'
// insert shellcode in the middle
ptr buffer ((SIZE/2) - (strlen(listDir)/2))
for(i0 iltstrlen(listDir) i)
(ptr) listDiri

10

EXECUTION

11
PREVENTION

Use strncat(), strncpy(), fgets()
StackGuard
Patch to make stack non-executable
Wrapper libraries

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

World's Best PowerPoint Templates PowerPoint PPT Presentation

World's Best PowerPoint Templates - CrystalGraphics offers more PowerPoint templates than anyone else in the world, with over 4 million to choose from. Winner of the Standing Ovation Award for “Best PowerPoint Templates” from Presentations Magazine. They'll give your presentations a professional, memorable appearance - the kind of sophisticated look that today's audiences expect. Boasting an impressive range of designs, they will support your presentations with inspiring background photos or videos that support your themes, set the right mood, enhance your credibility and inspire your audiences.

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

BUFFER OVERFLOW PowerPoint PPT Presentation

BUFFER OVERFLOW - 'Computer vulnerability of the ... Microsoft Manhunt. November 5, 2003, Microsoft: announces $250,000 reward in a worldwide manhunt for the creator of Blaster. ... | PowerPoint PPT presentation | free to view

Bride of Buffer Overflow PowerPoint PPT Presentation

Bride of Buffer Overflow - Chapter 7 Bride of Buffer Overflow Chapter Synopsis Integers Wrap around errors Truncation and sign extension Conversions between unsigned and signed Methods to ... | PowerPoint PPT presentation | free to view

Buffer overflow PowerPoint PPT Presentation

Buffer overflow - Canary. Place a 'canary' word next to the return address on the stack. ... Canary. 0 (null), CR, LF, -1 (EOF) When the program reach the termination canary , ... | PowerPoint PPT presentation | free to view

Bride of Buffer Overflow PowerPoint PPT Presentation

Bride of Buffer Overflow - Truncation and sign extension. Conversions between unsigned and signed ... Less precision is usually upcast to higher precision but ... | PowerPoint PPT presentation | free to view

Buffer Overflow 2 PowerPoint PPT Presentation

Buffer Overflow 2 - ... smashing attacks,' http://www.trl.ibm.com/projects/security/ssp/ , June 2000 ... However, a bug exists in vulnerable versions of IE where files can be passed to ... | PowerPoint PPT presentation | free to view

Exploiting Buffer Overflows on PowerPoint PPT Presentation

Exploiting Buffer Overflows on - Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC Buffer Overflow Buffer overflow is a famous/infamous hacking technique in computer security. | PowerPoint PPT presentation | free to view

Buffer Overflow PowerPoint PPT Presentation

Buffer Overflow - Buffer Overflow. Prabhaker Mateti. Wright State University. example3.c ... memory 89ABCDEF0123456789AB CDEF 0123 4567 89AB CDEF memory. buffer sfp ret a b c ... | PowerPoint PPT presentation | free to view

A Practical Dynamic Buffer Overflow Detector (CRED) PowerPoint PPT Presentation

A Practical Dynamic Buffer Overflow Detector (CRED) - A Practical Dynamic Buffer Overflow Detector (CRED) Olatunji Ruwase Monica S. Lam Transmeta Corp. Stanford University Network and Distributed Security Symposium. | PowerPoint PPT presentation | free to view

Malicious Logic - Viruses - Buffer overflow PowerPoint PPT Presentation

Malicious Logic - Viruses - Buffer overflow - Because the entire system cannot be redesigned, there's a limit to how much a ... Antivirus mechanisms. Buffer overflow, format string vulnerabilities. 11/13/09 ... | PowerPoint PPT presentation | free to view

Buffer Overflow Attacks PowerPoint PPT Presentation

Buffer Overflow Attacks - Buffer Overflow Attacks | PowerPoint PPT presentation | free to view

Buffer Overflow Danger PowerPoint PPT Presentation

Buffer Overflow Danger - 40% of compromised accounts/hosts are due to bad passwords. ... Typically, the small program stuffed in to the buffer does an exec ... | PowerPoint PPT presentation | free to view

Buffer Overflow Exploits PowerPoint PPT Presentation

Buffer Overflow Exploits - Buffer Overflow Exploits | PowerPoint PPT presentation | free to view

Buffer Overflow Exploits PowerPoint PPT Presentation

Buffer Overflow Exploits - A buffer overflow is a condition in a program whereby a function attempts to ... The data immediately following the buffer gets corrupted. ... | PowerPoint PPT presentation | free to view

Buffer Overflow Attacks: Are you safe? PowerPoint PPT Presentation

Buffer Overflow Attacks: Are you safe? - Buffer is a temporary storage location for data, instructions of the CPU ... Aleph One (a.k.a. Elias Levy); Smashing the stack for fun and Profit. ... | PowerPoint PPT presentation | free to view

Buffer Overflow Attacks PowerPoint PPT Presentation

Buffer Overflow Attacks - Buffer Overflow Attacks 'Execution of Arbitrary Code' Aparna Bajaj. Amul Shah ... rwxr-xr-x 1 root root 466944 Mar 11 1994 /usr/local/etc/ftpd. SetUID ... | PowerPoint PPT presentation | free to view

Buffer overflows PowerPoint PPT Presentation

Buffer overflows - Demo -- Spock. http://nsfsecurity.pr.erau.edu/bom/Spock.htmlDemonstrates what is commonly called a | PowerPoint PPT presentation | free to view

Scalable Network-based Buffer Overflow Attack Detection PowerPoint PPT Presentation

Scalable Network-based Buffer Overflow Attack Detection - Scalable Network-based Buffer Overflow Attack Detection Tzi-cker Chiueh Computer Science Department Stony Brook University Stony Brook, NY, U.S.A. chiueh@cs.sunysb.edu | PowerPoint PPT presentation | free to view

Polymorphic Buffer Overflow PowerPoint PPT Presentation

Polymorphic Buffer Overflow - If the data size is not checked, return pointer can be overwritten by user data ... is overwritten. IDS use signature matching techniques to detect. A sequence ... | PowerPoint PPT presentation | free to view

Stencil Routed A-Buffer PowerPoint PPT Presentation

Stencil Routed A-Buffer - Stencil Routed A-Buffer. Kevin Myers and Louis Bavoil. NVIDIA. Our Cool Thing. What is it? ... Simply a list of fragments per-pixel ' ... | PowerPoint PPT presentation | free to view

Buffer Overflow Hacking Technique PowerPoint PPT Presentation

Buffer Overflow Hacking Technique - Source: CVE http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=buffer overflow. 4 ... CA-2001-19 'Code Red' Worm Exploiting Buffer Overflow In IIS Indexing Service DLL ... | PowerPoint PPT presentation | free to view

Buffer Overflow PowerPoint PPT Presentation

Buffer Overflow - ( after they made a big deal that there were no buffer overflow problems in their code) ... idea is to overflow a buffer so that it overwrites the return ... | PowerPoint PPT presentation | free to view

Advanced Buffer Overflow Technique PowerPoint PPT Presentation

Advanced Buffer Overflow Technique - Separate the Deployment from the Payload. Payloads can be chosen for desired effect ... impersonation. In other words, need better testing. Entry -vs- Effect ... | PowerPoint PPT presentation | free to view

Buffer%20Overflow PowerPoint PPT Presentation

Buffer%20Overflow - Buffer Overflow By: John Quach and Napoleon N. Valdez What is a buffer? A memory space allocated for used during execution. Frame of function void function(int a, int ... | PowerPoint PPT presentation | free to view

Buffer Overflows: Attack and Defense PowerPoint PPT Presentation

Buffer Overflows: Attack and Defense - Buffer overflow vulnerabilities are the most common way to gain control of a remote host Most common security vulnerability | PowerPoint PPT presentation | free to view

Section 3.4: Buffer Overflow Attack: Attack Techniques PowerPoint PPT Presentation

Section 3.4: Buffer Overflow Attack: Attack Techniques - Estimating the Location Real program new return address nop ... unsigned or an implicit casting bug Very nasty hard to spot C compiler doesn t warn ... | PowerPoint PPT presentation | free to view

Buffer Overflows PowerPoint PPT Presentation

Buffer Overflows - Dump of assembler code for function main: 0x0040107f main 0 : push ëp ... Dump all the bytes to the screen as hex: (gdb) x/61bx main 3 ... | PowerPoint PPT presentation | free to view

Preventing Buffer Overflow Attacks PowerPoint PPT Presentation

Preventing Buffer Overflow Attacks - Preventing Buffer Overflow Attacks Some unsafe C lib functions strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s) scanf ( const ... | PowerPoint PPT presentation | free to view