AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Buffer overflow stack8/9/2023 ![]() For instance, if the attack code needs to execute “exec(“/bin/sh”)”, and there exists code in libc that executes “exec(arg)” where “arg” is a string pointer argument, then the attacker need only change a pointer to point to “/bin/sh” and jump to the appropriate instructions in the libc library ![]() The attacker need only parameterize the code, and then cause the program to jump to it. Often, the code to do what the attacker wants is already present in the program’s address space. Since nearly all C programs link with libc the code you need is already present. If you want a shell, there’s really no need to worry about injecting code though. The buffer itself can be anywhere – on the stack, the heap, or in the static data area. Note that you don’t need to overflow any buffers to do this, sufficient payload can be injected into perfectly reasonable buffers. Here the attacker is (ab)using the victim program’s buffers to store the attack code. The string contains bytes that are actually native CPU instructions for the platform being attacked. The attacker provides a string as input to the program, which the program stores in a buffer.
0 Comments
Read More
Leave a Reply. |