hacking: 3.Buffer overflow attacks

Hi, Today We will to talk about buffer overflow attacks.That attacks consists at to used bugs not users but software developers. We will to find out can use hacker and how to can warn as administrator and we will make some practise examples, to work!

That understand this subject, it necessary knows some conceptions, that we could understand depther subject. Main subject this article is memory, it is on segments, thanks to the fact is tidiness and software developer knows which fragments he can use. Knowledge about memory is useful for asembler, C and C++ developers do full optimizing and secure program.

Memory is split on five segments

  1. Segement text here is places instructions wrote by software developer which are changed to machine language so asembler, can’t save nothing in this segment and his size can’t change after load program to memory.
  2. Segment data contains variables globals and declared consts example strings
  3. Segment bss contains variables globals and statics, which doesn’t have to assign value.
  4. Segment heap have got changing and it is uses with dynamic variables, which are overtly assigns and send away for software developer.
  5. Segment stack is uses automatic for local variables calling functions, to hold one example call argument. Similar like as segment heap, have got a changing size.

Designation buffer overflow to deal with exactly stack so we will tell about that segment. Stack you can to visualize as a bricks tower which it has a const, variables are by turns pushing on the zenith. After crossed max value, tower can to fall and stack to overfill memory. If we will want to take variable from stack, we will take that which is on the top.

To operate on stack are need two basic commands:

PUSH– To lay on stack

POP– To remove from stack

System must knows actual address stack top that knows from whose place to operate on variables. Processor uses to that record ESP keeps index top stack.

Action stack I will represent simple program:

This program only has the task of writing out the arguments which took from the user. To use stack, action program we put in simple function func, which is calling from level function main.

Look in image below(yes, I know that I don’t artist)

Program action begin from function main. firstly will be put fragments wrote by user, then is execute function main, which is represent by records EIP and EBP. Record EIP, indicator instructions are to indicate current place executing program. That way program knows in which place have to return after finish executes function. Next record EBP, so-called base indicator, it remembers current stack top . Next step is calls function func, previous put on stack was argument, which took function, now number of arguments which user gave. Then again they are put off on stack registers EIP and EBP, but pertain on return from function func.

If function will end executting, thanks to keeps values on stack, program knows where he have to come back. In turn is stripps storeys to moment return to function main.

But that is not the end of the theory, bufor has remains, the buffer is just a piece of memory for a certain amount of data.

If the programmer does not take care of the amount of data stored in the buffer, it can easily overflow and if the buffer overflows, the remaining data is copied to a completely different memory area and thus leaves gate vulnerable on attack.

To see what really happens is to analyze the operation of another simple program.

text in first printf functions: Before copying data to bufor 

text in second printf functions: After copying data to bufor 

Program are receiving value from user. The begining variable value initial is 0. We also declare a buffer whose size is equal to ten characters, its size depends from the architecture of your computer. The printf function displays the amount of memory that the char type occupies.

Using the strcpy function, we can copy the value entered by the user into the buffer, you might notice that we control that and copy everything as it goes.
At the end, program letters the value variable of int, after the copy process to the buffer.

After theoretical knowledge of the program, let’s check its operation in practice.

text on image: Before copying data to bufor 

 After copying data to bufor 

In the first case, the value of int is equal to zero, which is a good result because in the buffer on my computer can be up to 13 characters, ie up to 12 bytes, because one character is 1 byte and function strcpy overwrites the whole string except for its end sign. some more or less.

In the second run of the program, the value int a still equals zero, which is still the correct result.

In the third run of the program, the int value was overwritten with the C values in hexadecimal form, because the rest of the characters didn’t fit, and the except Segmentation fault was displayed, meaning that the program tried to reference the memory area which wasn’t allocated to it.

I hope you know what action the stack and buffer are all about, and now we are going to implement a buffer overflow attack, of course it’s a simple example, because you only have to understand what it’s all about. Look at the code below:

Text in first printf: Enter your login!

Text in second printf: Enter your password!

Text in third printf: You’ve been successfully logged in!

This code will execute if the ok variable will true, a will be true if will be equal 1
In this code, the most important thing is that the scanf function doesn’t have a fixed maximum string size, so any login or password of any length can be entered if you will enter too many characters (the number of characters depends on the system) will go out of the buffer, overwriting the stack variable setted before, in other words variable ok. We will use this error. We will first enter the wrong data then the correct data, then try to enter eg 30 no matter what characters, we will see what the effects will be.

text on image: Enter your login:

text on image: Enter your password:

text on image: Wrong login or password!

It worked. Variable int ok was overwritten and we logged in to the system, as you can see how the system is booting the system shell, you can turn it off with the command “exit”. To eliminate this error is enough to change:

You already know what a stack is and a buffer and you know how to use it in practice, of course, I just explained the basics, memory, overflow, stack and buffers, one can to write about it a dozen books.

This content also you can find on steemit: https://steemit.com/hacking/@slawas/hacking-3-buffer-overflow-attacks

And on medium: https://medium.com/@sawomirkowalski/hacking-3-buffer-overflow-attacks-6c64ea6b1fb4

I hope I explained everything transparently, if you do not understand something, let me know in the comment, take care!!!

 
If that post was useful for you share it with your friends :)

Post a comment

Be first!

avatar
  Subscribe  
Notify about