EXPLOIT WRITING FOR BEGINNERS SABARI SELVAN, E HACKING NEWS
What is exactly Exploit writing? Writing a piece of code which is capable of exploit the vulnerability in the target software.
Jan 17, 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
EXPLOIT WRITING FOR
BEGINNERS
SABARI SELVAN, E HACKING NEWS
What is exactly Exploit writing?
Writing a piece of code which is capable of exploit the vulnerability in the target software.
What is the impact of Exploits?
Remote code execution : leads to running malicious application in victim’s system
Denial of Service attacks …
STACK
What I am going to explain today…
Intro to Stack Stack Buffer Overflow attack Demo
Intro to Stack A piece of the Process memory Used for storing variables, function call,return
address,… Allocated by the OS, for each thread (when
the thread is created). When the thread ends, the stack is cleared as well.
The size of the stack is defined when it gets created and doesn’t change
Increase to lower address( 0041008 0041004 0041002…)
void vulnfun(char *in)
{
char buf[10];
}
int main(int argc,char *argv[])
{
vulnfun(argv[1]);
return 0;
}
.
.
.
.
.
.
.
.
Stack Pointer (ESP)
Top of the Stack
Arguments for Main Function
Return Address
Local variables of Main
Stack Frame for Main
Arguments for VulnFun function ( argv[1] )
Save previous Base Pointer Stack Frame for Vulnfun
Save previous Base Pointer
Return Address
Base Pointer (EBP) of main
Base Pointer (EBP) of VulnFun
0xFFFFFFFF
0x00000000
Local Variable of VulnFun( buf)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Pointer (ESP)
Stack Buffer Overflow
Stack Buffer Overflow
Result of giving Input that is longer than the memory allocated for the variable
For instance, “Char a[10]” can store 10 characters. If you try to enter more than 10 characters that results in overflow
.
.
.
.
.
.
.
.
Stack Pointer (ESP)
Top of the Stack
Arguments for Main Function
Return Address
Local variables of Main
AAAAAAAAAAAAAAAAAAAAAAAAAAAA
Arguments for VulnFun function ( argv[1] )
AAAAAAA
Save previous Base Pointer
Return Address
Base Pointer (EBP) of main
Base Pointer (EBP) of VulnFun
Local variable “buf”
Saved Base pointer overwritten
OverFlow
.
.
.
.
.
.
.
.
Stack Pointer (ESP)
Top of the Stack
Arguments for Main Function
Return Address
Local variables of Main
AAAAAAAAAAAAAAAAAAAAAAAAAAAA
Arguments for VulnFun function ( argv[1] )
AAAAAAA
Save previous Base Pointer
0x004012C9
Base Pointer (EBP) of Main
Base Pointer (EBP) of VulnFun
Local variable “buf”
Saved Base pointer overwritten
EXPLOITING OVERFLOW
Return Address modified by exploiting the overflow
Thank You
Related Documents
![[2012 CodeEngn Conference 07] manGoo - Exploit Writing Technique의 발전과 최신 트랜드](https://static.cupdf.com/doc/110x72/557a8ff3d8b42ac8638b513a/2012-codeengn-conference-07-mangoo-exploit-writing-technique-.jpg)
