Buffer OverFlow Exploit
-
Upload
suresh-krishna -
Category
Engineering
-
view
94 -
download
2
Transcript of Buffer OverFlow Exploit
12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 1/8
Buffer Overflow ExploitSuresh Krishna
12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 2/8
Table of Contents1. What is Buffer Overflow?
2. Simple Program.
3. Worm of 1988.
4. Safer side.
12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 3/8
What is Buffer Overflow?Buffer Overflow is a situation where a program overruns the buffer’sboundary and overwrites adjacent memory locations.
By sending in data designed to cause a buffer overflow, it is possible towrite into areas known to hold executable code, and replace it withmalicious code.
Can be caused by using "gets".
12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 4/8
Pictoral View
12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 5/8
Simple Program
#include <stdio.h>#include <string.h>
void secretfunction(void) puts("You have been Hacked!!");
void pass(void) char pass[10] = "zilogic"; char buff[20]; int flag = 0;
gets(buff);
if (!strcmp(buff, pass)) flag = 1; if (flag) puts("Password Correct\nAuthorization Granted!!"); else puts("Password Wrong");
int main(void) printf("Enter Password\n"); pass();
return 0;
12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 6/8
Worm of 1988The Worm is named after its creator and releaser, Robert TappanMorris.
The worm made use of the buffer overflow vulnerability in the fingerprogram.
It took down nearly 10% of the Internet of that time.
12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 7/8
Alternatives1. fgets()
2. getline();
12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 8/8
Thank You!