Post on 07-Dec-2014
description
ART OF EXPLOIT WRITING
Ashfaq Ansari
Security Researcher & Penetration Tester
Founder Of: HackSys Team http://hacksys.vfreaks.com/
null Meet @Bangalore – 19th Jan 2013
Buffer Overflow • Writing more data into a buffer than the
allocated size.
• Two types:
– Stack Overflow corrupt the execution stack by writing past the end of an array (aka. smashing the stack/ stack overflow)
–Heap Overflow corrupt the heap
Process Memory Organization
Text
Data
Heap
Stack
Text • Fixed by the program
• Read-only
Data • Initialized & Uninitialized Data
• Static variables are stored here
Stack • Local variables for functions
• Return address and local stack pointer
The Stack - We Must Know Him
c
b
a
RET
SFP
Buffer 1
Buffer 2
• Stack is LIFO – Last In First Out
• PUSH & POP operation LIFO
• Dynamically allocate local variables used in functions
• Pass parameters to functions, etc.
Used
• Stack Pointer (SP) points to the top of the stack
• Contains return address and local stack pointer
Info
x86 General Purpose Register
Fuzzing
• Black Box software testing technique, which helps in finding implementation bugs using malformed /semi-malformed data injection in an automated fashion
1
• Lazy mans tool 2
Overview
The Stack - Overflow
AAAA
AAAA
AAAA
DDDD
CCCC
BBBB
BBBB
AAAA
AAAA
AAAA
• Overwritten by A’s & B’s
Buffer 1 & 2
• Overwritten by C’s SFP
• Return Overwritten by D’s RET
Bad Characters
NULL \x00
\n \x0a
\r \x0d
DEMO
Time Spent
Exp
loit
s W
ork
ed O
n
Get Familiar
Achieve Mastery
Work Hard Toward Mastery
Get Experienced