Ethical Hacking and Penetration Testing Guide


What Is a Buffer Overflow?



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə169/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   165   166   167   168   169   170   171   172   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

What Is a Buffer Overflow?
The idea behind a buffer overflow is very simple: you provide an amount of input data (e.g., file, 
network packet) to the program that is larger than its memory can handle, which causes the 


272
◾ 
Ethical Hacking and Penetration Testing Guide
program to crash and adjacent memory locations get corrupted. How the application works can 
be controlled in this manner. But that’s just the formal definition of buffer overflow. To truly 
understand buffer overflow you need to know how the memory is laid out inside of the computer. 
I would recommend you take some time reading the first paper that talks about buffer overflow in 
depth: “Smashing the stack for fun and profit,” by Aleph One.
Link
:
http://insecure.org/stf/smashstack.html.
Vulnerable Application
In order to test for buffer overflows, we would need to look for an application that is already vul-
nerable. For the sake of simplicity, I have chosen the Freefloat FTP server, an application widely 
available on the web. The Freefloat application has been found vulnerable to several different buf-
fer overflow vulnerabilities in various FTP commands.
A quick search for “Freefloat” in exploit-db reveals tons of exploits.
For this particular scenario, we will focus on the following exploit, that is, “Freefloat FTP 
server USER command Buffer Overflow.” You can see that the exploit has been verified by the 
exploit-db team.


Windows Exploit Development Basics
◾ 
273
How to Find Buffer Overflows
When the source code is available, it’s very easy to find buffer overflows by doing a source code review. 
In case the source code is not available, you would need to resort to a reverse engineering approach 
that involves disassembling the program. We do the same in a black box approach. In this chapter 
we will talk about a technique known as 
fuzzing
. In fuzzing, we maintain data of various lengths in 
the program input to see if the program crashes. We can create our own fuzzers or use existing ones.
Methodology
So the methodology we will follow for creating a simple stack-based overflow exploit is as follows:

We will create a fuzzer that sends data of various sizes (in increasing order) and wait for the 
application to crash.

We will then identify the offset to see what bytes are exactly overwriting the ESP and EIP 
register. The EIP register is the holy grail for hackers; if we are able to control EIP , we will be 
able to control the next instruction to be executed by the program. The ESP register stands 
for stack pointer register, and it points to the top of the stack.

We will then use Metasploit to generate a Shell code that we want to be executed by the 
target computer.

Next, we will identify all the bad characters from the shell code that could prevent the buffer 
from overflowing.

Next, we will identify the usable amount of space for our shellcode.

Finally we will deploy our shell code, and our exploit will be completed.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   165   166   167   168   169   170   171   172   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2025
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin