1 / 14

E x ploit writing FOR Beginners

Sabari Selvan, E Hacking News. E x ploit writing FOR Beginners. What is exactly Exploit writing?. Writing a piece of code which is capable of exploit the vulnerability in the target software. What is the impact of Exploits?.

mala
Download Presentation

E x ploit writing FOR Beginners

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Sabari Selvan, E Hacking News Exploit writing FOR Beginners

  2. What is exactly Exploit writing? • Writing a piece of code which is capable of exploit the vulnerability in the target software.

  3. What is the impact of Exploits? • Remote code execution : leads to running malicious application in victim’s system • Denial of Service attacks • …

  4. STACK

  5. What I am going to explain today… • Intro to Stack • Stack Buffer Overflow attack • Demo

  6. Intro to Stack • A piece of the Process memory • Used for storing variables, function call,return address,… • Allocated by the OS, for each thread (when the thread is created). When the thread ends, the stack is cleared as well. • The size of the stack is defined when it gets created and doesn’t change • Increase to lower address( 0041008 0041004 0041002…)

  7. void vulnfun(char *in) { char buf[10]; } int main(intargc,char *argv[]) { vulnfun(argv[1]); return 0; }

  8. 0x00000000 Top of the Stack Stack Pointer (ESP) • Local Variable of VulnFun( buf) Stack Pointer (ESP) • Save previous Base Pointer Stack Frame for Vulnfun Stack Pointer (ESP) Return Address Stack Pointer (ESP) Arguments for VulnFun function ( argv[1] ) Base Pointer (EBP) of VulnFun Stack Pointer (ESP) Local variables of Main Stack Pointer (ESP) Save previous Base Pointer Stack Frame for Main Stack Pointer (ESP) Return Address Stack Pointer (ESP) Base Pointer (EBP) of main Arguments for Main Function Stack Pointer (ESP) . . . . 0xFFFFFFFF

  9. Stack Buffer Overflow

  10. Stack Buffer Overflow • Result of giving Input that is longer than the memory allocated for the variable • For instance, “Char a[10]” can store 10 characters. If you try to enter more than 10 characters that results in overflow

  11. OverFlow Top of the Stack Stack Pointer (ESP) AAAAAAA • AAAAAAA Local variable “buf” Saved Base pointer overwritten • AAAAAAA Return Address Arguments for VulnFun function ( argv[1] ) Base Pointer (EBP) of VulnFun Local variables of Main Save previous Base Pointer Return Address Base Pointer (EBP) of main Arguments for Main Function . . . .

  12. Exploiting OverFlow Top of the Stack Stack Pointer (ESP) AAAAAAA • AAAAAAA Local variable “buf” Saved Base pointer overwritten • AAAAAAA • 0x004012C9 Return Address modified by exploiting the overflow Arguments for VulnFun function ( argv[1] ) Base Pointer (EBP) of VulnFun Local variables of Main Save previous Base Pointer Return Address Base Pointer (EBP) of Main Arguments for Main Function . . . .

  13. Thank You

More Related