Art of buffer overflow
Buffer overflow is a very common and effective exploit to gain privileged access to a system.In brief,what this means is making any program to do something which it has no clue like making it execute some random instruction which has code to make it crash or exploit it to compromise privileges.
For example,lets say we want to carry out a buffer overflow where we try to fill in the array to a capacity more than what it is supposed to hold.Say,like cramming an array with 128 bytes when it is supposed to have only 20 bytes.
The following C program illustrates the example :
void buffer_overflow(char *s)
{
char buffer[20]; /* Define an array of 20 bytes size */
strcpy(buffer,*s); // Copy whatever is at memory location referenced by string pointer
}
int main()
{
char big_buffer[128]; //Define an array of size 128 bytes
int i;
for (i=0;i<128;i++)
{
big_buffer[i]='A'; // Write all A's in the array
}
buffer_overflow(big_buffer);
exit (0);
}
On executing the code :
apache@apache:~/Desktop$ gcc -o overflow overflow.c
apache@apache:~/Desktop$./overflow.c
apache@apache:~/Desktop$Segmentation fault
Once the program is executed,it will cram the 20 byte array with 128 byte value(all A's).This will result in the excess 108 bytes to erase the values of stack pointer and return value and overwrite them with As(0x41 in hexadecimal).So the code will try to jump to 0x41414141 which is something random and garbage in the program space thereby causing the program to crash.
Suppose,we make the program go to some defined value which has some code to execute that can gain privileged access to the box,this is what buffer overflow exploits do.They can spawn a root shell,make the box go crazy and other 'n' number of things.
Hope this brings some clarity on the art of buffer overflow.
0 comments: to “ Art of buffer overflow ”
Post a Comment