Buffer OverFlow Exploit
2 likes170 views
This document discusses buffer overflow exploits. It defines a buffer overflow as when a program overruns a buffer's boundary and overwrites adjacent memory locations. This can allow malicious code to be executed by replacing executable code. A simple C program example is provided to demonstrate this vulnerability. The document also mentions the 1988 Internet worm, which took down 10% of the Internet at the time by exploiting a buffer overflow in the finger program. Safer alternatives to vulnerable functions like gets() that cause buffer overflows are suggested.
![12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 5/8
Simple Program
#include <stdio.h>
#include <string.h>
void secretfunction(void)
{
puts("You have been Hacked!!");
}
void pass(void)
{
char pass[10] = "zilogic";
char buff[20];
int flag = 0;
gets(buff);
if (!strcmp(buff, pass))
flag = 1;
if (flag)
puts("Password CorrectnAuthorization
Granted!!");
else
puts("Password Wrong");
}
int main(void)
{
printf("Enter Passwordn");
pass();
return 0;
}](https://image.slidesharecdn.com/bufferoverflowexploit2-161201051634/85/Buffer-OverFlow-Exploit-5-320.jpg)
Buffer OverFlow Exploit
- 1. 12/1/2016 Buffer Overflow Exploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 1/8 Buffer Overflow Exploit Suresh Krishna
- 2. 12/1/2016 Buffer Overflow Exploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 2/8 Table of Contents 1. What is Buffer Overflow? 2. Simple Program. 3. Worm of 1988. 4. Safer side.
- 3. 12/1/2016 Buffer Overflow Exploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 3/8 What is Buffer Overflow? Buffer Overflow is a situation where a program overruns the buffer’s boundary and overwrites adjacent memory locations. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code, and replace it with malicious code. Can be caused by using "gets".
- 4. 12/1/2016 Buffer Overflow Exploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 4/8 Pictoral View
- 5. 12/1/2016 Buffer Overflow Exploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 5/8 Simple Program #include <stdio.h> #include <string.h> void secretfunction(void) { puts("You have been Hacked!!"); } void pass(void) { char pass[10] = "zilogic"; char buff[20]; int flag = 0; gets(buff); if (!strcmp(buff, pass)) flag = 1; if (flag) puts("Password CorrectnAuthorization Granted!!"); else puts("Password Wrong"); } int main(void) { printf("Enter Passwordn"); pass(); return 0; }
- 6. 12/1/2016 Buffer Overflow Exploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 6/8 Worm of 1988 The Worm is named after its creator and releaser, Robert Tappan Morris. The worm made use of the buffer overflow vulnerability in the finger program. It took down nearly 10% of the Internet of that time.
- 7. 12/1/2016 Buffer Overflow Exploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 7/8 Alternatives 1. fgets() 2. getline();
- 8. 12/1/2016 Buffer Overflow Exploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 8/8 Thank You!