smashing the stack for fun and profit
Post on 13-Apr-2017
129 Views
Preview:
TRANSCRIPT
SMASHING THE STACK FOR FUN AND PROFIT
PRESENTED BYMD. MASUDUR RAHMAN
MSSE 0404IIT, DU
2Outline
1. Problem specification of stack overflow2. Memory structure3. Stack overflow with examples4. Code Injection5. Discussion
3Research Problem
How could a stack be smashed? What Buffer Overflows are How Buffer Overflow exploit works
4Process Memory Organization (1/3)
5Process Memory Organization (2/3)
6Process Memory Organization (3/3)
7Structure of a Stack
Manage Control flow
8Stack Operation
Push Procedure prolog/enter/link
Pop Procedure epilog/leave/unlink
9Stack Operation with Example
10Stack Overflow
11Stack Overflow Example
12Injecting Shell Code
Shell Code in C
13Injecting Shell Code
14Injecting Shell Code
15Another Example of Exploit
16NOP Padding
17Problem with Small Buffer
Can’t hold Shell Code Return address points to another instead of shell code
Solution Use Environment variable
18Vulnerable Code
No built-in bound checking Functions: strcat(); strcpy(); gets(); etc
19Discussion
How to prevent stack overflow attack using bound checking?
Bound Checking when taking input from outside/untrusted source
Avoid vulnerable functions
20
21Question Set
1. Explain stack overflow with proper example.2. What is NOP? Why attackers use NOP instruction?3. Explain the problem with small buffer size an attacker
faces to exploit the buffer? Provide a solution for it?
top related