1 / 11

Lab2:Buffer Overflow Attack

Lab2:Buffer Overflow Attack . Wenhao Li liwenhaosuper@gmail.com. Introduction. Purpose develop a detailed understanding of the stack discipline on IA32 processors avoid this weakness when you write system code What to do alter the behavior of a buffer bomb Our binary

weylin
Download Presentation

Lab2:Buffer Overflow Attack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lab2:Buffer Overflow Attack Wenhao Li liwenhaosuper@gmail.com

  2. Introduction • Purpose • develop a detailed understanding of the stack discipline on IA32 processors • avoid this weakness when you write system code • What to do • alter the behavior of a buffer bomb • Our binary • specially modified to defeat the stack randomization techniques

  3. intgetbuf(){ char buf[12]; Gets(buf); return 1; }

  4. How to do this attack? • Like Lab1, disassembling and reverse engineering first • $ gdbbufbomb • $ break getbuf • $disas • $info frame • …

  5. How to do this attack? The string length would be: 0x28+4. the last four bytes is: ba90 04 08

  6. Four Levels • Candle • Change the return address • Sparkler • Change the return address and passing a parameter • Firecracker • Execute your exploit code • Dynamite • Execute your exploit code and undo the corruptions made to stack state

  7. Our Lab • Binary files provided • MAKECOOKIE: Generates a “cookie” based on your team name. • BUFBOMB: The code you will attack. • Hex2Raw: convert string byte to hex • Test your code $cat exploit.txt | ./Hex2Raw | ./bufbomb-u 5100379000

  8. Our Lab • Get your bomb • gitclone osgit@202.120.40.188:bufbomb2013 • All binary files are identical, except the cookie • Grading: based on your attack result and doc • Implicit Hand-in • The bufbombwill notify us automatically after being successfully attacked • Explicit Hand-in • Your document about how you do your attack, what do you learn… • ftp://public.sjtu.edu.cn user: liwenhaosuperpassword:public • Due Date • Tuesday, March 19 23:59

  9. Questions • Besides the three approaches described in class to avoid overflow vulnerability, please find out at least two more approaches and describe their strengths as well as weaknesses.

  10. Any Questions? If you have any questions, don’t hesitate to email TA or post them on our course discussion group.

More Related