Week 10: Buffer Overflow

0.0(0)
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/11

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

12 Terms

1
New cards

EIP

Extended Instruction pointer - tells the computer where to go next to execute the next command and controls the flow of a program

2
New cards

ESP

Points to the TOP of the stack. When you push or pop data onto the stack, it goes here and ESP is then adjusted to reflect the new stack head.

3
New cards

EBP

Points to the BASE of the stack FRAME. When you call a function, this is saved on the stack and EBP now points to the base of the new stack FRAME. All local variables can be found relative to this pointer.

4
New cards

the instruction pointer controls

which code executes

5
New cards

the instruction pointer is stored

on the stack

6
New cards

Buffer Overflow

If input is longer than intended then the items in the stack will be overread

<p>If input is longer than intended then the items in the stack will be overread</p>
7
New cards

Buffer overflow inputting string with malice

knowt flashcard image
8
New cards

Defense: The NX-bit

knowt flashcard image
9
New cards

what is the standard attack against the NX-bit

Reuse Code from the executable part of memory

• Jump to another function in the program.
• Jump to a function from the standard C library (Return to libc)
• String together little pieces of existing code (Return-oriented programming).

10
New cards

Libc

the C standard library

  • It is often packaged with executables to provide a runtime environment.

  • It includes lots of useful calls like “system” which runs any command.

  • It links to executable memory, therefore bypasses NX- bit protections.

11
New cards

ASLR

Address space layout randomization

  • ASLR adds a random offset to the stack and code base each time the program runs.

  • Jumps in the program are altered to point to the right line.

  • The idea is that its now hard for an attacker to guess the address of where they inject code or the address of particular functions

12
New cards

Metasploit

  • Metasploit is a framework for testing and executing known buffer overflow attacks.

  • If a vulnerability in an application is well known their will be a patch for it, but also a Metasploit module for it.

  • If an application is unpatched it can probably be taken over with Metasploit.

  • Metasploit also includes a library of shell code which can be injected.

  • Without wishing to get into another debate, using it against machines you don’t own is illegal. Do not do this.