Buffer overflow
Buffer overflow
My program outputs to the screen:
"Please type your first name:"
My program will take the input from the user(his first name) and place
it in a varibale I declaired in my program.A problem can arrise if the
variable that will hold the users' name will be 15 bytes long(looks long enough for a first name),
but the users' name will be 25 bytes long.What will happen is that
all bytes after the 15th byte will "overflow" the memory that was allocated for the name variable.
When the program starts,memory is allocated like this:
<var1><var2><vname><Other things in memory>
10b 6b 15b
(var1 and var2 are irelevant variables,vname is the variable that
will contain the name the user will input,it's size is 15 bytes long)
assuming the user will input the name "abcabcabcabcabcabcabcabcabc" the memory will look like this:
somevalue2avalusabcabcabcabcabcabcabcabcabc
<var1 ><var2><vname ><other things go here>
So what happended here is that the variable vname was "overflowed" by the input
from the user and now the value of "other things in memory" changed bacause of
the overflow of charecters from the user input.
Those of you with the criminal mind are asking by now "so how can I exploite this"???
Before we get to that,there are some important basic things we should know about computer architucture.
In this article we will discuss linux,but the concept are simialer with other platform.
Proccess
The basic functioning unit in a running computer is a proccess.Eveything the computer
is doing is devided to proccesses and the operating system in charge of dividing the
working power of a computer between all the many proccesses running together.Each procces has his own adress space-a part of memory that belongs only to it
,and no other proccess can access this memory.Which brings us to the next thing
you have to understand:
Memory management.
Modern operating systems manage memory as virtual memory.That means that no
appclication has access directly to physical memory.The OS is keeping a mapping
table between real physical adresses of memory to virtual adresses.When memory
os alocated for some program to run,only the virtual adress is handed to the program,
never the physical adress.Another use of virtual memory is that because memory is
not accesses directly by each procces(or program),the OS can use space on Hard disk
as memory,and the application can never know that the memory in use now is not phsycal
RAM memroy,but harddisk swap space.
A buufer overflow is a software condition that happens because of
poor programming habbits. one example is buffer overflow exploite is
the 'code red' virus,which taked advantage of a buffer overflow in microsoft IIS server(MS web server).
In genral,a buufer overflow occurs when a program declairs a variable
with a fixed length(for exapmle,20 bytes long) but the value that was
assigned to this variable is greater than the variable size..
Take this example:poor programming habbits. one example is buffer overflow exploite is
the 'code red' virus,which taked advantage of a buffer overflow in microsoft IIS server(MS web server).
In genral,a buufer overflow occurs when a program declairs a variable
with a fixed length(for exapmle,20 bytes long) but the value that was
assigned to this variable is greater than the variable size..
My program outputs to the screen:
"Please type your first name:"
My program will take the input from the user(his first name) and place
it in a varibale I declaired in my program.A problem can arrise if the
variable that will hold the users' name will be 15 bytes long(looks long enough for a first name),
but the users' name will be 25 bytes long.What will happen is that
all bytes after the 15th byte will "overflow" the memory that was allocated for the name variable.
When the program starts,memory is allocated like this:
<var1><var2><vname><Other things in memory>
10b 6b 15b
(var1 and var2 are irelevant variables,vname is the variable that
will contain the name the user will input,it's size is 15 bytes long)
assuming the user will input the name "abcabcabcabcabcabcabcabcabc" the memory will look like this:
somevalue2avalusabcabcabcabcabcabcabcabcabc
<var1 ><var2><vname ><other things go here>
So what happended here is that the variable vname was "overflowed" by the input
from the user and now the value of "other things in memory" changed bacause of
the overflow of charecters from the user input.
Those of you with the criminal mind are asking by now "so how can I exploite this"???
Before we get to that,there are some important basic things we should know about computer architucture.
In this article we will discuss linux,but the concept are simialer with other platform.
Proccess
The basic functioning unit in a running computer is a proccess.Eveything the computer
is doing is devided to proccesses and the operating system in charge of dividing the
working power of a computer between all the many proccesses running together.Each procces has his own adress space-a part of memory that belongs only to it
,and no other proccess can access this memory.Which brings us to the next thing
you have to understand:
Memory management.
Modern operating systems manage memory as virtual memory.That means that no
appclication has access directly to physical memory.The OS is keeping a mapping
table between real physical adresses of memory to virtual adresses.When memory
os alocated for some program to run,only the virtual adress is handed to the program,
never the physical adress.Another use of virtual memory is that because memory is
not accesses directly by each procces(or program),the OS can use space on Hard disk
as memory,and the application can never know that the memory in use now is not phsycal
RAM memroy,but harddisk swap space.
Now we get to the fun part-how is all that going to give me root access to an exploitable system?
Remember we said earlier that when the input from the user is longer than the memory that
was allocated for this input,the extra input is overflowing everything in memory that is
after the variable name?This is the place we can take advantage of things.
What we do is that:inside our input string(in the example above the first name we should input)
we put commands for the computer,the most popular is to make the computer spawn a shell that we
can use later to take full control of the exploited system.Making this work is not as simple
as it may sound,so will be handled in following posts.
Remember we said earlier that when the input from the user is longer than the memory that
was allocated for this input,the extra input is overflowing everything in memory that is
after the variable name?This is the place we can take advantage of things.
What we do is that:inside our input string(in the example above the first name we should input)
we put commands for the computer,the most popular is to make the computer spawn a shell that we
can use later to take full control of the exploited system.Making this work is not as simple
as it may sound,so will be handled in following posts.
0 comments:
Post a Comment