Buffer Overflow

to escalate privileges or, (in linux words)

to gain root access.

But WHY?

\x7a \x6f \x6e \x65 \x5f \x68 \x68 \x6d
\x5f \x72 \x65 \x6c \x61 \x74 \x69 \x76
compiled shellcode wannabe
low mem address
high mem address
buffer
return

How buffer overflow is exploited (stack version)

other stuff
pointing where it should
buffer
return

other stuff
pointing somewhere into our no operation slope
\x90 \x90 \x90 \x90
no operation
buffer overridden
memory  layout (simplified)
pointing where it should

Testing strategies

Boundary testing, by filling the buffer + return space with invalid addresses

Catch segmentation faults!

... we suggest prevention. Scan the code for vulnerable libc functions (e.g. strcpy)

A brief buffer overflow

By Daniel Morandini

Made with Slides.com

A brief buffer overflow

Little explanation/overview of why/how buffer overflows are exploited

  • 672

More from Daniel Morandini