SlideShare a Scribd company logo

Buffer overflow attack

Download as PPTX, PDF
K
Krish

Buffer overflow attack is less common but major attack. enhancements of modern programming language is capable to save us from this. but this slides explains concept behind this with examples.

Software
1 of 15
Buffer Overflow Attack (Software security) Krishantha Dinesh
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ What is it • Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs. • if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, if an anomalous transaction produces more data it could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes.
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ Buffer overflow types • Stack overflow • Heap overflow • Off By One overflow • Function pointers • Integer overflow • Format string overflow • Unicode overflow
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ Example (Format String attack) If the user passes %X as value, then printf() will receive a pointer to a string with “%X” in it on the stack Printf() will see the %X and assume there is another parameter above it on the stack Whatever is above it on the stack will be printed in hexadecimal
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ Who are vulnerable • Applications written in Java, PHP, C#, ASP.NET, Ruby-on-rails, server-side javascript and JSP are managed applications, and are not lead to memory corruption vulnerabilities such as stack buffer overflows or heap buffer overflows caused by bad web-application code • Buffer overflows tend to be the preserve of C/C++ applications.
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ How it comes • Pushing data more than the capacity of a buffer • buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. • For example: • - strcpy(target_buffer, large_string) • - printf(str_ptr)
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ example
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ ./sample.out hello
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ ./sample.out AAAAAAAAAAAAAAAAA
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ Unsafe C functions • strcpy (char *dest, const char *src) • strcat (char *dest, const char *src) • gets (char *s) • scanf ( const char *format, … ) • printf (conts char *format, … )
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ How to prevent • never use printf(buffer) for any function in the printf family • Review loop bounds for off-by-one errors • Avoid unsafe C functions (e.g. strcpy(), strcat(), sprintf(), gets(), scanf()) and learn how to use alternatives (e.g. strncpy(), strncat(), snprintf()) • Insert bounds checking code • Avoid unsafe programming languages (C, C++) and use type safe languages like java
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ records • The earliest documented hostile exploitation of a buffer overflow was in 1988. It was one of several exploits used by the Morris worm to propagate itself over the Internet. The program exploited was a service on Unix called finger.The Ping of death • The Morris (Internet worm of November 2, 1988) worm spread in part by exploiting a stack buffer overflow in the Unix finger server. • The Witty worm (2004) spread by exploiting a stack buffer overflow in the Internet Security Systems BlackICE Desktop Agent. The Witty worm is a computer worm that attacks the firewall and other computer security products written by a particular company, Internet Security Systems (ISS) now IBM Internet Security Systems.
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ • The Slammer worm (January 25, 2003) spread by exploiting a stack buffer overflow in Microsoft's SQL server. • The Blaster worm spread by exploiting a stack buffer overflow in Microsoft DCOM service. The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a computer worm that spread on computers running the Microsoft operating systems Windows XP and Windows 2000, during August 2003.The earliest documented hostile exploitation of a buffer overflow was in 1988. It was one of several exploits used by the Morris worm to propagate itself over the Internet. The program exploited was a service on Unix called finger. •
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ • 1995, Thomas Lopatic independently rediscovered the buffer overflow and published his findings on the Bugtraq security mailing list. A year later, in 1996, Elias Levy (also known as Aleph One) published in Phrack magazine the paper "Smashing the Stack for Fun and Profit”, a step-by-step introduction to exploiting stack-based buffer overflow vulnerabilities. Since then, at least two major internet worms have exploited buffer overflows to compromise a large number of systems. In 2001, the Code Red worm exploited a buffer overflow in Microsoft's Internet Information Services (IIS) 5.0 and in 2003 the SQL Slammer worm compromised machines running Microsoft SQL Server 2000.
* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ • In 2003, buffer overflows present in licensed Xbox games have been exploited to allow unlicensed software, including homebrew games, to run on the console without the need for hardware modifications, known as modchips. The PS2 Independence Exploit also used a buffer overflow to achieve the same for the PlayStation 2. The Twilight hack accomplished the same with the Wii, using a buffer overflow in The Legend of Zelda: Twilight Princess.

Recommended

Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackAnatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackRob Gillen
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacksharshal kshatriya
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?Peter Hlavaty
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowEvgeni Tsonev
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow nullnullowaspmumbai
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharman|u - The Open Security Community
 
Power of linked list
Power of linked listPower of linked list
Power of linked listPeter Hlavaty
 

Recommended

Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackAnatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackRob Gillen
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacksharshal kshatriya
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?Peter Hlavaty
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowEvgeni Tsonev
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow nullnullowaspmumbai
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharman|u - The Open Security Community
 
Power of linked list
Power of linked listPower of linked list
Power of linked listPeter Hlavaty
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Andrew McNicol
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointAndrew McNicol
 
RIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRob Fuller
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksSandun Perera
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application HackingRaghav Bisht
 
Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP SinghBipin Upadhyay
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer OverflowsSumit Kumar
 
Pwnstaller
PwnstallerPwnstaller
PwnstallerWill Schroeder
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
 
Hacking in shadows By - Raghav Bisht
Hacking in shadows By - Raghav BishtHacking in shadows By - Raghav Bisht
Hacking in shadows By - Raghav BishtRaghav Bisht
 
Stack-Based Buffer Overflows
Stack-Based Buffer OverflowsStack-Based Buffer Overflows
Stack-Based Buffer OverflowsDaniel Tumser
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoPichaya Morimoto
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflowjyoti_lakhani
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 

More Related Content

What's hot

Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Andrew McNicol
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointAndrew McNicol
 
RIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRob Fuller
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksSandun Perera
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application HackingRaghav Bisht
 
Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP SinghBipin Upadhyay
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer OverflowsSumit Kumar
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
 
Hacking in shadows By - Raghav Bisht
Hacking in shadows By - Raghav BishtHacking in shadows By - Raghav Bisht
Hacking in shadows By - Raghav BishtRaghav Bisht
 
Stack-Based Buffer Overflows
Stack-Based Buffer OverflowsStack-Based Buffer Overflows
Stack-Based Buffer OverflowsDaniel Tumser
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoPichaya Morimoto
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 

What's hot (20)

Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflows
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at you
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
 
RIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRIT 2009 Intellectual Pwnership
RIT 2009 Intellectual Pwnership
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application Hacking
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer Overflows
 
Pwnstaller
PwnstallerPwnstaller
Pwnstaller
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
 
Hacking in shadows By - Raghav Bisht
Hacking in shadows By - Raghav BishtHacking in shadows By - Raghav Bisht
Hacking in shadows By - Raghav Bisht
 
Stack-Based Buffer Overflows
Stack-Based Buffer OverflowsStack-Based Buffer Overflows
Stack-Based Buffer Overflows
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 

Similar to Buffer overflow attack

Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflowjyoti_lakhani
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar GanievOWASP Russia
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisIan G
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Continuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docxContinuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docxrichardnorman90310
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Living with the threat of Determined Attackers - RANT0214
Living with the threat of Determined Attackers - RANT0214Living with the threat of Determined Attackers - RANT0214
Living with the threat of Determined Attackers - RANT0214James '​-- Mckinlay
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackTechSecIT
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zooUltraUploader
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingHeba Hamdy Farahat
 

Similar to Buffer overflow attack (20)

Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflow
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
 
Rust Hack
Rust HackRust Hack
Rust Hack
 
Computer security
Computer securityComputer security
Computer security
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Continuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docxContinuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docx
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Living with the threat of Determined Attackers - RANT0214
Living with the threat of Determined Attackers - RANT0214Living with the threat of Determined Attackers - RANT0214
Living with the threat of Determined Attackers - RANT0214
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zoo
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF Training
 

More from Krish

Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerKrish
 
Web Services
Web ServicesWeb Services
Web ServicesKrish
 
Introduction to jenkins
Introduction to jenkinsIntroduction to jenkins
Introduction to jenkinsKrish
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleKrish
 
Introduction to apache maven
Introduction to apache mavenIntroduction to apache maven
Introduction to apache mavenKrish
 
Java Fundamentals to Advance
Java Fundamentals to AdvanceJava Fundamentals to Advance
Java Fundamentals to AdvanceKrish
 
Introduction to-ict
Introduction to-ictIntroduction to-ict
Introduction to-ictKrish
 

More from Krish (7)

Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Web Services
Web ServicesWeb Services
Web Services
 
Introduction to jenkins
Introduction to jenkinsIntroduction to jenkins
Introduction to jenkins
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Introduction to apache maven
Introduction to apache mavenIntroduction to apache maven
Introduction to apache maven
 
Java Fundamentals to Advance
Java Fundamentals to AdvanceJava Fundamentals to Advance
Java Fundamentals to Advance
 
Introduction to-ict
Introduction to-ictIntroduction to-ict
Introduction to-ict
 

Recently uploaded

A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 

Recently uploaded (20)

A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 

Buffer overflow attack

  • 1. Buffer Overflow Attack (Software security) Krishantha Dinesh
  • 2. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ What is it • Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs. • if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, if an anomalous transaction produces more data it could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes.
  • 3. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ Buffer overflow types • Stack overflow • Heap overflow • Off By One overflow • Function pointers • Integer overflow • Format string overflow • Unicode overflow
  • 4. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ Example (Format String attack) If the user passes %X as value, then printf() will receive a pointer to a string with “%X” in it on the stack Printf() will see the %X and assume there is another parameter above it on the stack Whatever is above it on the stack will be printed in hexadecimal
  • 5. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ Who are vulnerable • Applications written in Java, PHP, C#, ASP.NET, Ruby-on-rails, server-side javascript and JSP are managed applications, and are not lead to memory corruption vulnerabilities such as stack buffer overflows or heap buffer overflows caused by bad web-application code • Buffer overflows tend to be the preserve of C/C++ applications.
  • 6. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ How it comes • Pushing data more than the capacity of a buffer • buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. • For example: • - strcpy(target_buffer, large_string) • - printf(str_ptr)
  • 7. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ example
  • 8. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ ./sample.out hello
  • 9. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ ./sample.out AAAAAAAAAAAAAAAAA
  • 10. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ Unsafe C functions • strcpy (char *dest, const char *src) • strcat (char *dest, const char *src) • gets (char *s) • scanf ( const char *format, … ) • printf (conts char *format, … )
  • 11. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ How to prevent • never use printf(buffer) for any function in the printf family • Review loop bounds for off-by-one errors • Avoid unsafe C functions (e.g. strcpy(), strcat(), sprintf(), gets(), scanf()) and learn how to use alternatives (e.g. strncpy(), strncat(), snprintf()) • Insert bounds checking code • Avoid unsafe programming languages (C, C++) and use type safe languages like java
  • 12. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ records • The earliest documented hostile exploitation of a buffer overflow was in 1988. It was one of several exploits used by the Morris worm to propagate itself over the Internet. The program exploited was a service on Unix called finger.The Ping of death • The Morris (Internet worm of November 2, 1988) worm spread in part by exploiting a stack buffer overflow in the Unix finger server. • The Witty worm (2004) spread by exploiting a stack buffer overflow in the Internet Security Systems BlackICE Desktop Agent. The Witty worm is a computer worm that attacks the firewall and other computer security products written by a particular company, Internet Security Systems (ISS) now IBM Internet Security Systems.
  • 13. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ • The Slammer worm (January 25, 2003) spread by exploiting a stack buffer overflow in Microsoft's SQL server. • The Blaster worm spread by exploiting a stack buffer overflow in Microsoft DCOM service. The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a computer worm that spread on computers running the Microsoft operating systems Windows XP and Windows 2000, during August 2003.The earliest documented hostile exploitation of a buffer overflow was in 1988. It was one of several exploits used by the Morris worm to propagate itself over the Internet. The program exploited was a service on Unix called finger. •
  • 14. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ • 1995, Thomas Lopatic independently rediscovered the buffer overflow and published his findings on the Bugtraq security mailing list. A year later, in 1996, Elias Levy (also known as Aleph One) published in Phrack magazine the paper "Smashing the Stack for Fun and Profit”, a step-by-step introduction to exploiting stack-based buffer overflow vulnerabilities. Since then, at least two major internet worms have exploited buffer overflows to compromise a large number of systems. In 2001, the Code Red worm exploited a buffer overflow in Microsoft's Internet Information Services (IIS) 5.0 and in 2003 the SQL Slammer worm compromised machines running Microsoft SQL Server 2000.
  • 15. * http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/ • In 2003, buffer overflows present in licensed Xbox games have been exploited to allow unlicensed software, including homebrew games, to run on the console without the need for hardware modifications, known as modchips. The PS2 Independence Exploit also used a buffer overflow to achieve the same for the PlayStation 2. The Twilight hack accomplished the same with the Wii, using a buffer overflow in The Legend of Zelda: Twilight Princess.