Upload
benedict-brooks
View
226
Download
0
Tags:
Embed Size (px)
Citation preview
EXPLOIT WRITING FOR
BEGINNERS
SABARI SELVAN, E HACKING NEWS
What is exactly Exploit writing?
Writing a piece of code which is capable of exploit the vulnerability in the target software.
What is the impact of Exploits?
Remote code execution : leads to running malicious application in victim’s system
Denial of Service attacks …
STACK
What I am going to explain today…
Intro to Stack Stack Buffer Overflow attack Demo
Intro to Stack A piece of the Process memory Used for storing variables, function call,return
address,… Allocated by the OS, for each thread (when
the thread is created). When the thread ends, the stack is cleared as well.
The size of the stack is defined when it gets created and doesn’t change
Increase to lower address( 0041008 0041004 0041002…)
void vulnfun(char *in)
{
char buf[10];
}
int main(int argc,char *argv[])
{
vulnfun(argv[1]);
return 0;
}
.
.
.
.
.
.
.
.
Stack Pointer (ESP)
Top of the Stack
Arguments for Main Function
Return Address
Local variables of Main
Stack Frame for Main
Arguments for VulnFun function ( argv[1] )
Save previous Base Pointer Stack Frame for Vulnfun
Save previous Base Pointer
Return Address
Base Pointer (EBP) of main
Base Pointer (EBP) of VulnFun
0xFFFFFFFF
0x00000000
Local Variable of VulnFun( buf)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Buffer Overflow
Stack Buffer Overflow
Result of giving Input that is longer than the memory allocated for the variable
For instance, “Char a[10]” can store 10 characters. If you try to enter more than 10 characters that results in overflow
.
.
.
.
.
.
.
.
Stack Pointer (ESP)
Top of the Stack
Arguments for Main Function
Return Address
Local variables of Main
AAAAAAAAAAAAAAAAAAAAAAAAAAAA
Arguments for VulnFun function ( argv[1] )
AAAAAAA
Save previous Base Pointer
Return Address
Base Pointer (EBP) of main
Base Pointer (EBP) of VulnFun
Local variable “buf”
Saved Base pointer overwritten
OverFlow
.
.
.
.
.
.
.
.
Stack Pointer (ESP)
Top of the Stack
Arguments for Main Function
Return Address
Local variables of Main
AAAAAAAAAAAAAAAAAAAAAAAAAAAA
Arguments for VulnFun function ( argv[1] )
AAAAAAA
Save previous Base Pointer
0x004012C9
Base Pointer (EBP) of Main
Base Pointer (EBP) of VulnFun
Local variable “buf”
Saved Base pointer overwritten
EXPLOITING OVERFLOW
Return Address modified by exploiting the overflow
Thank You