Ethical Hacking and Penetration Testing Guide
What Is a Buffer Overflow?
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- What Is a Buffer Overflow
|
What Is a Buffer Overflow?
The idea behind a buffer overflow is very simple: you provide an amount of input data (e.g., file, network packet) to the program that is larger than its memory can handle, which causes the 272 ◾ Ethical Hacking and Penetration Testing Guide program to crash and adjacent memory locations get corrupted. How the application works can be controlled in this manner. But that’s just the formal definition of buffer overflow. To truly understand buffer overflow you need to know how the memory is laid out inside of the computer. I would recommend you take some time reading the first paper that talks about buffer overflow in depth: “Smashing the stack for fun and profit,” by Aleph One. Link : http://insecure.org/stf/smashstack.html. Vulnerable Application In order to test for buffer overflows, we would need to look for an application that is already vul- nerable. For the sake of simplicity, I have chosen the Freefloat FTP server, an application widely available on the web. The Freefloat application has been found vulnerable to several different buf- fer overflow vulnerabilities in various FTP commands. A quick search for “Freefloat” in exploit-db reveals tons of exploits. For this particular scenario, we will focus on the following exploit, that is, “Freefloat FTP server USER command Buffer Overflow.” You can see that the exploit has been verified by the exploit-db team. Windows Exploit Development Basics ◾ 273 How to Find Buffer Overflows When the source code is available, it’s very easy to find buffer overflows by doing a source code review. In case the source code is not available, you would need to resort to a reverse engineering approach that involves disassembling the program. We do the same in a black box approach. In this chapter we will talk about a technique known as fuzzing . In fuzzing, we maintain data of various lengths in the program input to see if the program crashes. We can create our own fuzzers or use existing ones. Methodology So the methodology we will follow for creating a simple stack-based overflow exploit is as follows: ◾ We will create a fuzzer that sends data of various sizes (in increasing order) and wait for the application to crash. ◾ We will then identify the offset to see what bytes are exactly overwriting the ESP and EIP register. The EIP register is the holy grail for hackers; if we are able to control EIP , we will be able to control the next instruction to be executed by the program. The ESP register stands for stack pointer register, and it points to the top of the stack. ◾ We will then use Metasploit to generate a Shell code that we want to be executed by the target computer. ◾ Next, we will identify all the bad characters from the shell code that could prevent the buffer from overflowing. ◾ Next, we will identify the usable amount of space for our shellcode. ◾ Finally we will deploy our shell code, and our exploit will be completed. Yüklə 22,44 Mb. Dostları ilə paylaş:
|