10: Buffer Overflow

0.0(0)
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/20

flashcard set

Earn XP

Description and Tags

Computer Science

University/Undergrad

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

21 Terms

1
New cards
x86 Architecture
Text, Data, Free Memory, Stack (and Registers)
2
New cards
Text Content
Program code
3
New cards
Data Content
Static variables, strings, etc.
4
New cards
Free Memory Content
Nothing?
5
New cards
Stack Content
Command line arguments, variables, etc.
6
New cards
EAX
Accumulator
7
New cards
EIP
Instruction Point
8
New cards
ESP
“Start” of the stack
9
New cards
EBP
“Bottom” of the frame
10
New cards
Stack order
Older entries in the stack belong further down.
11
New cards
Old EIP
Points to the address before a function call was made so that when the function terminates, the program runs from that point again.
12
New cards
Old EBP
Old bottom of the stack before calling a function - the new one points to the bottom of the function working space.
13
New cards
Function Working Space
Where all local variables relative to the function are stored.
14
New cards
Instruction Pointer Purpose
The instruction pointer controls which code executes.
15
New cards
Buffer Overflow
Where an input in C has a set number of bytes allocated to it, but the user goes over that byte count, and overflows into the EIP, either corrupting it or telling it to pick off from another point in the code.
16
New cards
Shell Code Injection

1. Push 0x00000000 onto the stack by XOR’ing the accumulator (EAX) with itself
2. Push //bin/sh in reverse
3. Make EBX point to //bin/sh on the stack using ESP (mov ebx, esp)
4. Push 0x00000000 using EAX and point EDX to it using ESP (push eax and mov edx, esp)
5. Push the address of //bin/sh on the stack an make ECX point to it using ESP.
6. Since EAX is 0, move 11 into the AL.
7. Int 0x80, and you got your shell!
17
New cards
NX-Bit
Provides a hardware distinction between the text and stack. Protects against code injected in the stack.
18
New cards
Reusing Code
Instead of injecting your own code, you jump to other functions or jump to a function in the standard C library.
19
New cards
Address Space Layout Randomisation
Adds a random offset to the stack and codebase each time the program runs - makes it harder for an attacker to guess the address of the function where they inject code.
20
New cards
NOP Slide
Using the byte 0x90 (NOP) repeatedly before shellcode and picking a random return address so that it is somewhere in the NOP bytes, before it slides down into the shellcode.
21
New cards
Metasploit
A framework for testing and executing known buffer overflow exploits.