cmsc 426 final chapter 9
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/15
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
16 Terms
What is binary exploitation?
It's the process of using reverse engineering and memory manipulation to exploit vulnerabilities in a program, often for remote code execution (RCE).
What is memory corruption?
Any unintended modification of a program’s memory space, such as writing past a buffer’s end or using freed memory.
What are examples of undefined behavior?
Writing past array bounds, adding integers past their max value, double free, using uninitialized or freed memory.
What makes EIP the most exploitable part of the stack?
(return address) dictates where the program returns. If overwritten, execution can be redirected to malicious code.
Name unsafe functions and their safe alternatives.
gets() → fgets(), strcpy() → strncpy(), strcat() → strncat(), sprintf() → snprintf().
How can programmers prevent buffer overflows?
Enforce input limits, avoid unsafe functions, use memory-safe languages or safer standard libraries.
What is a buffer overflow?
Writing more data to a buffer than it can hold, which can overwrite adjacent memory like return addresses.
What happens when using gets() on small buffers?
Input can overflow the buffer and overwrite other memory, potentially crashing the program or hijacking execution.
Why does a segfault happen in buffer overflow cases?
An overwritten return address points to invalid memory, causing a crash when the function tries to return.
How can an attacker control return addresses using buffer overflow?
By carefully overflowing data to overwrite the saved return address with one that points to malicious code.
Why are SUID programs a target for exploitation?
They run with the file owner’s permissions (e.g., root), so exploiting them can give attackers elevated privileges.
What is a NOP sled?
A sequence of NOP instructions leading up to shellcode. It increases the chances of hitting the shellcode during a jump.
What is shellcode?
Malicious code (usually to open a shell) injected by an attacker. It must avoid NULL bytes and often must be compact.
What is the structure of a typical buffer overflow exploit payload?
[NOP sled][Shellcode][Overwritten Return Address].
How can the correct return address be found?
Trial and error, calculating buffer layout, or using unique character patterns to detect offsets.
What happens when the buffer overflow exploit works?
The return address jumps to the NOP sled, flows into the shellcode, and a root shell is opened.