SlideShare a Scribd company logo

Buffer overflow for Beginners

Download as pptx, pdf
Ajin Abraham
Ajin Abraham

Buffer overflow occurs when too much data is inserted into a buffer than it can handle, which may lead to arbitrary code execution if a memory pointer is overwritten. The document provides an example of a buffer overflow happening when user input longer than the buffer size is read using gets() into the buffer without limits. To prevent this, fgets() should be used instead, as it allows specifying the maximum number of characters to read from input.

Education
1 of 8
Downloaded 29 times
1
2
3
4
5
6
7
8
Buffer Overflow for Beginners Ajin Abraham www.keralacyberforce.in
Buffer: it is a block of memory What is Buffer Overflow? Buffer overflow is caused when too much data is inserted into a buffer than it can handle. So this may lead to the executing of arbitrary code if a certain memory pointer is overwritten.
Buffer Overflow for Beginner 152903854 128 + 6 bytes Command 152903720 10 + 6 bytes Name 152903704
Buffer Overflow for Beginner Command {with system() function execute the contents of the variable command} system(command); Name {Read to Name Variable and Print the contents of name variable} gets(name); printf(“Hello %sn”,name);
Buffer Overflow for Beginner When you give an input, say www.keralacyberforce.in What happens?
Buffer Overflow for Beginner 152903832 128 + 6 bytes commandorce.in 10 + 6 bytes (10)namewww.kerala (6)malloccyberf 152903704 It will be assigned to the memory like this.
Buffer Overflow for Beginner This buffer overflow is caused because the gets() function doesn't limit’s the length of the input
Buffer Overflow for Beginner To overrule this buffer overflow you can use fgets(name, 10, stdin); where it will read a maximum of 10 characters from the input.

More Related Content

What's hot (20)

PDF
Nginx cheat sheet
Lam Hoang
 
PPT
4 exercises for part 1
drewz lin
 
PDF
Scalable Socket Server by Aryo
Agate Studio
 
PDF
NoSQL 동향
NAVER D2
 
PDF
HTTP 완벽가이드- 13 다이제스트 인증
박 민규
 
PPTX
Perintah perintah dasar linux Operating Sistem
Roziq Bahtiar
 
PDF
PostgreSQL Configuration for Humans / Alvaro Hernandez (OnGres)
Ontico
 
PPTX
50 Perintah Dasar pada linux
ReskyRian
 
PPTX
How To Deploy And Scale Meteor Applications
Designveloper
 
DOCX
Automation m ysql_and_customer_photo
Manju Kb
 
PDF
A3 sec -_msr_2.0
a3sec
 
DOCX
Install Cuckoo on Mac OS X
Mohd Khairulazam
 
PPTX
Oracle Database Cloud Performance Doag 2016
Randolf Geist
 
PDF
Introducing with MongoDB
Mahbub Tito
 
PPTX
PowerShell 2 remoting
jonathanmedd
 
PDF
Closures for Java
nextlib
 
DOCX
Creating qmgr and allowing remote authorization
Ravi Babu
 
KEY
Luc Suryo - Puppet on EC2
Puppet
 
PDF
Java Week9(A) Notepad
Chaitanya Rajkumar Limmala
 
PPTX
0x20 hack
antitree
 
Nginx cheat sheet
Lam Hoang
 
4 exercises for part 1
drewz lin
 
Scalable Socket Server by Aryo
Agate Studio
 
NoSQL 동향
NAVER D2
 
HTTP 완벽가이드- 13 다이제스트 인증
박 민규
 
Perintah perintah dasar linux Operating Sistem
Roziq Bahtiar
 
PostgreSQL Configuration for Humans / Alvaro Hernandez (OnGres)
Ontico
 
50 Perintah Dasar pada linux
ReskyRian
 
How To Deploy And Scale Meteor Applications
Designveloper
 
Automation m ysql_and_customer_photo
Manju Kb
 
A3 sec -_msr_2.0
a3sec
 
Install Cuckoo on Mac OS X
Mohd Khairulazam
 
Oracle Database Cloud Performance Doag 2016
Randolf Geist
 
Introducing with MongoDB
Mahbub Tito
 
PowerShell 2 remoting
jonathanmedd
 
Closures for Java
nextlib
 
Creating qmgr and allowing remote authorization
Ravi Babu
 
Luc Suryo - Puppet on EC2
Puppet
 
Java Week9(A) Notepad
Chaitanya Rajkumar Limmala
 
0x20 hack
antitree
 

Viewers also liked (11)

PPTX
Phishing With Data URI
Ajin Abraham
 
PDF
Xenotix XSS Exploit Framework: Clubhack 2012
Ajin Abraham
 
PPTX
Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013
Ajin Abraham
 
PPTX
Exploit Research and Development Megaprimer: Buffer overflow for beginners
Ajin Abraham
 
PPTX
Exploit Research and Development Megaprimer: Win32 Egghunter
Ajin Abraham
 
PPTX
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Ajin Abraham
 
PDF
OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013
Ajin Abraham
 
PPTX
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
Ajin Abraham
 
PDF
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
Ajin Abraham
 
PPTX
Abusing Google Apps and Data API: Google is My Command and Control Center
Ajin Abraham
 
PPTX
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
Ajin Abraham
 
Phishing With Data URI
Ajin Abraham
 
Xenotix XSS Exploit Framework: Clubhack 2012
Ajin Abraham
 
Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013
Ajin Abraham
 
Exploit Research and Development Megaprimer: Buffer overflow for beginners
Ajin Abraham
 
Exploit Research and Development Megaprimer: Win32 Egghunter
Ajin Abraham
 
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Ajin Abraham
 
OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013
Ajin Abraham
 
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
Ajin Abraham
 
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
Ajin Abraham
 
Abusing Google Apps and Data API: Google is My Command and Control Center
Ajin Abraham
 
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
Ajin Abraham
 
Ad

Similar to Buffer overflow for Beginners (20)

PDF
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Dr. Ramchandra Mangrulkar
 
PPTX
Buffer overflow explained
Teja Babu
 
PPTX
Buffer overflow
Abu Juha Ahmed Muid
 
PPT
Buffer Overflows
Sumit Kumar
 
PPTX
test
aaro11
 
ODP
BufferOverflow - Offensive point of View
Toe Khaing
 
PDF
Presentation buffer overflow attacks and theircountermeasures
tharindunew
 
PDF
bufferoverflow-151214121251 presentation
JohnLagman3
 
PPTX
Buffer overflow
قصي نسور
 
PPTX
antoanthongtin_Lesson 3- Software Security (1).pptx
23162024
 
PDF
Buffer OverFlow Exploit
Suresh Krishna
 
PPTX
Golf teamlearnerlecture
kairistiona
 
PDF
2 buffer overflows
Karthic Rao
 
PDF
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
PPT
Buffer OverFlow
Rambabu Duddukuri
 
PPTX
Buffer overflow attack
Krish
 
PPSX
Ids 008 buffer overflow
jyoti_lakhani
 
ODP
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
 
PPTX
Stack-Based Buffer Overflows
Daniel Tumser
 
PDF
nullcon 2011 - Buffer UnderRun Exploits
n|u - The Open Security Community
 
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Dr. Ramchandra Mangrulkar
 
Buffer overflow explained
Teja Babu
 
Buffer overflow
Abu Juha Ahmed Muid
 
Buffer Overflows
Sumit Kumar
 
test
aaro11
 
BufferOverflow - Offensive point of View
Toe Khaing
 
Presentation buffer overflow attacks and theircountermeasures
tharindunew
 
bufferoverflow-151214121251 presentation
JohnLagman3
 
Buffer overflow
قصي نسور
 
antoanthongtin_Lesson 3- Software Security (1).pptx
23162024
 
Buffer OverFlow Exploit
Suresh Krishna
 
Golf teamlearnerlecture
kairistiona
 
2 buffer overflows
Karthic Rao
 
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
Buffer OverFlow
Rambabu Duddukuri
 
Buffer overflow attack
Krish
 
Ids 008 buffer overflow
jyoti_lakhani
 
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
 
Stack-Based Buffer Overflows
Daniel Tumser
 
nullcon 2011 - Buffer UnderRun Exploits
n|u - The Open Security Community
 
Ad

More from Ajin Abraham (14)

PDF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
PDF
Injecting Security into Web apps at Runtime Whitepaper
Ajin Abraham
 
PDF
Injecting Security into vulnerable web apps at Runtime
Ajin Abraham
 
PPTX
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
 
PDF
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
 
PPTX
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
 
PPTX
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Ajin Abraham
 
PPTX
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
PDF
Hacking Tizen: The OS of everything - Whitepaper
Ajin Abraham
 
PPTX
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 
PPTX
Abusing Exploiting and Pwning with Firefox Addons
Ajin Abraham
 
PDF
Abusing, Exploiting and Pwning with Firefox Add-ons
Ajin Abraham
 
PDF
Wi-Fi Security with Wi-Fi P+
Ajin Abraham
 
PDF
Shellcoding in linux
Ajin Abraham
 
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Injecting Security into Web apps at Runtime Whitepaper
Ajin Abraham
 
Injecting Security into vulnerable web apps at Runtime
Ajin Abraham
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Ajin Abraham
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
Hacking Tizen: The OS of everything - Whitepaper
Ajin Abraham
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 
Abusing Exploiting and Pwning with Firefox Addons
Ajin Abraham
 
Abusing, Exploiting and Pwning with Firefox Add-ons
Ajin Abraham
 
Wi-Fi Security with Wi-Fi P+
Ajin Abraham
 
Shellcoding in linux
Ajin Abraham
 

Recently uploaded (20)

PDF
Supply Chain Security A Comprehensive Approach 1st Edition Arthur G. Arway
rxgnika452
 
PPTX
Elo the HeroTHIS IS A STORY ABOUT A BOY WHO SAVED A LITTLE GOAT .pptx
JoyIPanos
 
PDF
Lesson 1 : Science and the Art of Geography Ecosystem
marvinnbustamante1
 
PPTX
JSON, XML and Data Science introduction.pptx
Ramakrishna Reddy Bijjam
 
PPT
M&A5 Q1 1 differentiate evolving early Philippine conventional and contempora...
ErlizaRosete
 
PDF
Nanotechnology and Functional Foods Effective Delivery of Bioactive Ingredien...
rmswlwcxai8321
 
PDF
Our Guide to the July 2025 USPS® Rate Change
Postal Advocate Inc.
 
PPTX
How to use grouped() method in Odoo 18 - Odoo Slides
Celine George
 
PDF
COM and NET Component Services 1st Edition Juval Löwy
kboqcyuw976
 
PPTX
2025 Completing the Pre-SET Plan Form.pptx
mansk2
 
PPTX
Martyrs of Ireland - who kept the faith of St. Patrick.pptx
Martin M Flynn
 
PPTX
How to Create & Manage Stages in Odoo 18 Helpdesk
Celine George
 
PDF
Wikinomics How Mass Collaboration Changes Everything Don Tapscott
wcsqyzf5909
 
PPTX
Elo the Hero is an story about a young boy who became hero.
TeacherEmily1
 
PPTX
ESP 10 Edukasyon sa Pagpapakatao PowerPoint Lessons Quarter 1.pptx
Sir J.
 
PDF
Rapid Mathematics Assessment Score sheet for all Grade levels
DessaCletSantos
 
PPTX
Iván Bornacelly - Presentation of the report - Empowering the workforce in th...
EduSkills OECD
 
PPTX
How to Add New Item in CogMenu in Odoo 18
Celine George
 
PDF
Romanticism in Love and Sacrifice An Analysis of Oscar Wilde’s The Nightingal...
KaryanaTantri21
 
PPTX
How to Setup Automatic Reordering Rule in Odoo 18 Inventory
Celine George
 
Supply Chain Security A Comprehensive Approach 1st Edition Arthur G. Arway
rxgnika452
 
Elo the HeroTHIS IS A STORY ABOUT A BOY WHO SAVED A LITTLE GOAT .pptx
JoyIPanos
 
Lesson 1 : Science and the Art of Geography Ecosystem
marvinnbustamante1
 
JSON, XML and Data Science introduction.pptx
Ramakrishna Reddy Bijjam
 
M&A5 Q1 1 differentiate evolving early Philippine conventional and contempora...
ErlizaRosete
 
Nanotechnology and Functional Foods Effective Delivery of Bioactive Ingredien...
rmswlwcxai8321
 
Our Guide to the July 2025 USPS® Rate Change
Postal Advocate Inc.
 
How to use grouped() method in Odoo 18 - Odoo Slides
Celine George
 
COM and NET Component Services 1st Edition Juval Löwy
kboqcyuw976
 
2025 Completing the Pre-SET Plan Form.pptx
mansk2
 
Martyrs of Ireland - who kept the faith of St. Patrick.pptx
Martin M Flynn
 
How to Create & Manage Stages in Odoo 18 Helpdesk
Celine George
 
Wikinomics How Mass Collaboration Changes Everything Don Tapscott
wcsqyzf5909
 
Elo the Hero is an story about a young boy who became hero.
TeacherEmily1
 
ESP 10 Edukasyon sa Pagpapakatao PowerPoint Lessons Quarter 1.pptx
Sir J.
 
Rapid Mathematics Assessment Score sheet for all Grade levels
DessaCletSantos
 
Iván Bornacelly - Presentation of the report - Empowering the workforce in th...
EduSkills OECD
 
How to Add New Item in CogMenu in Odoo 18
Celine George
 
Romanticism in Love and Sacrifice An Analysis of Oscar Wilde’s The Nightingal...
KaryanaTantri21
 
How to Setup Automatic Reordering Rule in Odoo 18 Inventory
Celine George
 

Buffer overflow for Beginners

  • 1. Buffer Overflow for Beginners Ajin Abraham www.keralacyberforce.in
  • 2. Buffer: it is a block of memory What is Buffer Overflow? Buffer overflow is caused when too much data is inserted into a buffer than it can handle. So this may lead to the executing of arbitrary code if a certain memory pointer is overwritten.
  • 3. Buffer Overflow for Beginner 152903854 128 + 6 bytes Command 152903720 10 + 6 bytes Name 152903704
  • 4. Buffer Overflow for Beginner Command {with system() function execute the contents of the variable command} system(command); Name {Read to Name Variable and Print the contents of name variable} gets(name); printf(“Hello %sn”,name);
  • 5. Buffer Overflow for Beginner When you give an input, say www.keralacyberforce.in What happens?
  • 6. Buffer Overflow for Beginner 152903832 128 + 6 bytes commandorce.in 10 + 6 bytes (10)namewww.kerala (6)malloccyberf 152903704 It will be assigned to the memory like this.
  • 7. Buffer Overflow for Beginner This buffer overflow is caused because the gets() function doesn't limit’s the length of the input
  • 8. Buffer Overflow for Beginner To overrule this buffer overflow you can use fgets(name, 10, stdin); where it will read a maximum of 10 characters from the input.