EIP (RIP for 64 bits) which correspond to the instruction pointer, this one contain the address of the next instruction to execute.Register we need to know for the exploitation: So in our case we will abuse the user space. The user space cannot access kernel space, but the kernel space can access user space. This virtual space is divided into two spaces, user and kernel space. The program loader will map all the loadable segment of the binary and the needed library with the system call, mmap(). When a program is executed, it is transformed to a process image by the program loader and a virtual memory space is allowed in RAM. Those techniques will not be explained in this article. There are other ways to exploit a buffer overflow like the ret into libc, or ROP. For this article all security will be disabled. The compiler is also modified by adding the canary. To block them, the developers have modifies the kernel with the implementation of the ASLR (Address Space Layout Randomization) and the openwall patch. Throughout the years, security has been improved to prevent this type of bug as much as possible. If the bug is exploited, it can permit attacker to inject some code. When this bug appears non intentionally, the computer comportment is unpredictable, most of the time this results as a seg fault error. We will see the exploitation of a vulnerable program compile in 32 bits on an x86 architecture.Ī buffer overflow is a bug that appears when a process writes in a memory buffer (stack or heap) and exceeds the allocated memory, overwriting some information used by the process. This document will be an overview of a very basic buffer overflow.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |