SlideShare a Scribd company logo

Buffer Overflows Shesh Jun 3 09

D
dhanya.sumeru

This document discusses buffer overflow vulnerabilities and exploitation. It defines buffer overflows and outlines steps for detecting vulnerabilities through code review, reverse engineering, and fuzzing applications. It then describes creating a simple fuzzer to test for overflows and analyzing crashes. The document discusses creating a "smart buffer" and calculating the payload size, controlling EIP to jump to shellcode using jmp esp. It mentions using encoders to obfuscate shellcode and using a NOP sled to increase reliability of the exploit. The overall document provides an introduction and overview of developing a buffer overflow exploit.

Technology
1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Buffer Overflows : An Introduction
On the Agenda  Definition  Vulnerability Detection  Skeleton Exploit  Controlling EIP  Relative jump  Shell-code (Importing from Metasploit ) (! Development)  An Owned territory!
Buffer Overflow
Vulnerability Detection  Code Review Applied in open –source application analysis where the entire code is checked for unchecked buffer at the language definition level.  Reverse Engineering Applied in both open and closed source applications .. Where an exe is analyzed on the basis of memory interaction and the source code is presented at machine level interaction  Fuzz-ing the application The applications’ communication standards are analyzed using protocol reader and test data confirming standards are prepared and send to the application – the crash is analysed.
Protocol Analysis
A simple protocol Fuzzer Usage : fuz <ipadress> <portnumber> <username> <password> <command> <number of bytes to start with>  while((sizeof(super_buffer)- buff_size)>25) { char *rec_buf_1; rec_buf_1 = (char*)malloc(buff_size); memcpy(buff,super_buffer,buff_size); sprintf(buff1,"%s %srn",command,buff); printf("Sending buffer of %d length n",buff_size); send(shesh_in, buff1,strlen(buff1),0); recv(shesh_in,rec_buf_1,buff_size,0); buff_size = buff_size +300; sleep(1);} free(buff); //close(shesh_in);
* Bang >> Crrrrrrrrrash !!!
Crash Analysis
Creating Smart Buffer
Calculating Size of Payload
jmp esp >The Golden Jump Location
jmp> esp in user32.dll
Where not to jump ;) bt ftp # grep badchar*
Automated shellcode development  Lets do it live : http://www.metasploit.com/shellcode/ Why encoder ??
Doing nothing is so so important   Use of nop-sledge to increase reliability
Elementary ,My dear Watson!!!
Buffer Overflows Shesh Jun 3 09

More Related Content

PDF
Presentation buffer overflow attacks and theircountermeasures
tharindunew
 
PPTX
Buffer overflow attacks
Japneet Singh
 
PPT
Buffer Overflows
Sumit Kumar
 
PPT
Cell processor lab
coolmirza143
 
PPTX
Buffer Overflow Demo by Saurabh Sharma
n|u - The Open Security Community
 
PDF
Buffer overflow null
nullowaspmumbai
 
PPTX
Control hijacking
Prachi Gulihar
 
PPT
Buffer Overflow Attacks
harshal kshatriya
 
Presentation buffer overflow attacks and theircountermeasures
tharindunew
 
Buffer overflow attacks
Japneet Singh
 
Buffer Overflows
Sumit Kumar
 
Cell processor lab
coolmirza143
 
Buffer Overflow Demo by Saurabh Sharma
n|u - The Open Security Community
 
Buffer overflow null
nullowaspmumbai
 
Control hijacking
Prachi Gulihar
 
Buffer Overflow Attacks
harshal kshatriya
 

What's hot (20)

PDF
smash the stack , Menna Essa
CATReloaded
 
PDF
Cppcheck
PVS-Studio
 
PDF
Reverse engineering - Shellcodes techniques
Eran Goldstein
 
PPTX
08 - Return Oriented Programming, the chosen one
Alexandre Moneger
 
PDF
The Popper Experimentation Protocol and CLI tool
Ivo Jimenez
 
PPTX
Anatomy of a Buffer Overflow Attack
Rob Gillen
 
PDF
2.Format Strings
phanleson
 
PDF
Let's write a Debugger!
Levente Kurusa
 
PDF
How to Perform Memory Leak Test Using Valgrind
RapidValue
 
PDF
SEH based buffer overflow vulnerability exploitation
Payampardaz
 
PPTX
Breakpoints
Satabdi Das
 
PDF
Dive into exploit development
Payampardaz
 
PDF
OTP application (with gen server child) - simple example
YangJerng Hwa
 
PDF
TestR: generating unit tests for R internals
Roman Tsegelskyi
 
PDF
Valgrind tutorial
Satabdi Das
 
PDF
Proces
samof76
 
PPTX
Gambit for Geiser
MathieuPerron4
 
PDF
Program errors occurring while porting C++ code from 32-bit platforms on 64-b...
Andrey Karpov
 
PPT
Exploiting stack overflow 101
n|u - The Open Security Community
 
PPTX
Shell Script Tutorial
Quang Minh Đoàn
 
smash the stack , Menna Essa
CATReloaded
 
Cppcheck
PVS-Studio
 
Reverse engineering - Shellcodes techniques
Eran Goldstein
 
08 - Return Oriented Programming, the chosen one
Alexandre Moneger
 
The Popper Experimentation Protocol and CLI tool
Ivo Jimenez
 
Anatomy of a Buffer Overflow Attack
Rob Gillen
 
2.Format Strings
phanleson
 
Let's write a Debugger!
Levente Kurusa
 
How to Perform Memory Leak Test Using Valgrind
RapidValue
 
SEH based buffer overflow vulnerability exploitation
Payampardaz
 
Breakpoints
Satabdi Das
 
Dive into exploit development
Payampardaz
 
OTP application (with gen server child) - simple example
YangJerng Hwa
 
TestR: generating unit tests for R internals
Roman Tsegelskyi
 
Valgrind tutorial
Satabdi Das
 
Proces
samof76
 
Gambit for Geiser
MathieuPerron4
 
Program errors occurring while porting C++ code from 32-bit platforms on 64-b...
Andrey Karpov
 
Exploiting stack overflow 101
n|u - The Open Security Community
 
Shell Script Tutorial
Quang Minh Đoàn
 
Ad

Viewers also liked (8)

PPS
Back injury prevention
Anbr Cama
 
PPTX
Lockout tagout standard
Anbr Cama
 
PPS
Asbestos awareness
Anbr Cama
 
PPT
Preventing slips and trips
Anbr Cama
 
PDF
Lockout/Tagout Training (OEM Version)
Panduit Safety
 
PPT
8 steps-to-ensure-proper-lockout-tagout
Creative Safety Supply
 
PPT
Lockout tagout
Mary Helen
 
PDF
Lockout/Tagout Training (Contractor Version)
Panduit Safety
 
Back injury prevention
Anbr Cama
 
Lockout tagout standard
Anbr Cama
 
Asbestos awareness
Anbr Cama
 
Preventing slips and trips
Anbr Cama
 
Lockout/Tagout Training (OEM Version)
Panduit Safety
 
8 steps-to-ensure-proper-lockout-tagout
Creative Safety Supply
 
Lockout tagout
Mary Helen
 
Lockout/Tagout Training (Contractor Version)
Panduit Safety
 
Ad

Similar to Buffer Overflows Shesh Jun 3 09 (20)

PPTX
Buffer overflow attacks
Kapil Nagrale
 
PDF
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
sanghwan ahn
 
PDF
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
PDF
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
NETWAYS
 
PDF
Mitigating overflows using defense in-depth. What can your compiler do for you?
Javier Tallón
 
PDF
MPI
ZongYing Lyu
 
PPTX
Buffer overflow
Evgeni Tsonev
 
PPT
Assembly language programming_fundamentals 8086
Shehrevar Davierwala
 
PDF
Buffer overflow tutorial
hughpearse
 
ODP
null Pune meet - Application Security: Code injection
n|u - The Open Security Community
 
PPT
Static Analysis: The Art of Fighting without Fighting
Rob Ragan
 
PDF
Fuzzing: Finding Your Own Bugs and 0days! 1.0
Rodolpho Concurde
 
PDF
Openframworks x Mobile
Janet Huang
 
PDF
Buffer Overflow - Smashing the Stack
ironSource
 
PPT
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
Alexey Smirnov
 
PPTX
Driver Debugging Basics
Bala Subra
 
PPTX
Buffer overflow
Abu Juha Ahmed Muid
 
DOCX
OverviewIn this assignment you will write your own shell i.docx
alfred4lewis58146
 
PPTX
Metasploit - Basic and Android Demo
Arpit Agarwal
 
PDF
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Elvin Gentiles
 
Buffer overflow attacks
Kapil Nagrale
 
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
sanghwan ahn
 
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
NETWAYS
 
Mitigating overflows using defense in-depth. What can your compiler do for you?
Javier Tallón
 
MPI
ZongYing Lyu
 
Buffer overflow
Evgeni Tsonev
 
Assembly language programming_fundamentals 8086
Shehrevar Davierwala
 
Buffer overflow tutorial
hughpearse
 
null Pune meet - Application Security: Code injection
n|u - The Open Security Community
 
Static Analysis: The Art of Fighting without Fighting
Rob Ragan
 
Fuzzing: Finding Your Own Bugs and 0days! 1.0
Rodolpho Concurde
 
Openframworks x Mobile
Janet Huang
 
Buffer Overflow - Smashing the Stack
ironSource
 
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
Alexey Smirnov
 
Driver Debugging Basics
Bala Subra
 
Buffer overflow
Abu Juha Ahmed Muid
 
OverviewIn this assignment you will write your own shell i.docx
alfred4lewis58146
 
Metasploit - Basic and Android Demo
Arpit Agarwal
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Elvin Gentiles
 

Recently uploaded (20)

PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Teaching material agriculture food technology
LiaRayya
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
KodekX | Application Modernization Development
KodekX
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Cloud computing and distributed systems.
kkkkkhan
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 

Buffer Overflows Shesh Jun 3 09

  • 1. Buffer Overflows : An Introduction
  • 2. On the Agenda  Definition  Vulnerability Detection  Skeleton Exploit  Controlling EIP  Relative jump  Shell-code (Importing from Metasploit ) (! Development)  An Owned territory!
  • 4. Vulnerability Detection  Code Review Applied in open –source application analysis where the entire code is checked for unchecked buffer at the language definition level.  Reverse Engineering Applied in both open and closed source applications .. Where an exe is analyzed on the basis of memory interaction and the source code is presented at machine level interaction  Fuzz-ing the application The applications’ communication standards are analyzed using protocol reader and test data confirming standards are prepared and send to the application – the crash is analysed.
  • 6. A simple protocol Fuzzer Usage : fuz <ipadress> <portnumber> <username> <password> <command> <number of bytes to start with>  while((sizeof(super_buffer)- buff_size)>25) { char *rec_buf_1; rec_buf_1 = (char*)malloc(buff_size); memcpy(buff,super_buffer,buff_size); sprintf(buff1,"%s %srn",command,buff); printf("Sending buffer of %d length n",buff_size); send(shesh_in, buff1,strlen(buff1),0); recv(shesh_in,rec_buf_1,buff_size,0); buff_size = buff_size +300; sleep(1);} free(buff); //close(shesh_in);
  • 7. * Bang >> Crrrrrrrrrash !!!
  • 11. jmp esp >The Golden Jump Location
  • 12. jmp> esp in user32.dll
  • 13. Where not to jump ;) bt ftp # grep badchar*
  • 14. Automated shellcode development  Lets do it live : http://www.metasploit.com/shellcode/ Why encoder ??
  • 15. Doing nothing is so so important   Use of nop-sledge to increase reliability
  • 16. Elementary ,My dear Watson!!!