Scribd
Upload
19 views

Report

Buffer overflow attacks modify a program's return address on the stack to execute attacker code. The document describes steps to conduct a buffer overflow attack: 1) Use files target.c and exploit.c to find the values of buf, maxlen, and len using gdb; 2) Construct a stack diagram showing these values and the return address; 3) Execute with shellcode.h, observing a positive buf size but negative arglen indicating buffer overflow.

Uploaded by

KarthikBalasubramanian
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views

Report

Buffer overflow attacks modify a program's return address on the stack to execute attacker code. The document describes steps to conduct a buffer overflow attack: 1) Use files target.c and exploit.c to find the values of buf, maxlen, and len using gdb; 2) Construct a stack diagram showing these values and the return address; 3) Execute with shellcode.h, observing a positive buf size but negative arglen indicating buffer overflow.

Uploaded by

KarthikBalasubramanian
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Buffer Overflow:

Buffer Overflow is done by the attacker in order to execute his code by modifying the return
address. In this type of attack the buffer which is in the form of a stack is overloaded and made
to overflow.
The attack can be well understood in this program with the help of buf size and arglen.
The overflow can be depicted by observing that the buf size is a positive value whereas the
arglen value is a negative one. This is one of the cases where the memory can be overridden and
security can be breached.

STEPS:

1. The files vital for this attack that are used are target.c, exploit.c and shellcode.h
Initially we need to draw the stack and so we insert the files target.c and exploit.c without the
shellcode.h

For this purpose we need to find the values of buf,maxlen and len.
-

Insert the code into the exploit.c and modify the target address.
Execute and get the executable files for the two programs
Create the makefile by using the code provided to us.

The make file is then created and the values can be found out as follows.

Type the make command to execute the makefile


The makefile automatically generates the files required for finding the values of
buf,maxlen and len
After it is done type the command setarch i686 R gdb exploitnew
Now in gdb do the following steps
1. Initially use the break command before any line of strncpy that is present in target
code.
Eg. Break target.c:14,break target.c:15 (applicable to any line before strncpy)
2. The break command produces the corresponding output and then continue with
the gdb. The next command to be typed is run which initiates the process.
3. Now we can find the values of buf,maxlen and len by typing the corresponding
commands

Buf x buf
Maxlen x &maxlen
Len x &len

In order to find the values of saved stack pointer and return address we can use the
command info frame. This gives us the remaining two values required for constructing the
stack.

STACK :
Return Address

0xbfff7e1c

0xbfff7e18

Saved Stack Pointer

0xbfff7e0c

Maxlen

0xbfff7e08

Len

0xbfff7da4

Buf

Overflow:

Now the files are executed with shellcode.h where the buf size is a positive value and
the arglen value is negative. Also we can see that $ symbol appears twice.

This shows that the buffer has overflowed.

BEFORE OVERFLOW:

AFTER OVERFLOW:

You might also like