DEV Community

BEIDI DINA SAMUEL
BEIDI DINA SAMUEL

Posted on

2 2

buffer Overflow (Application Vulnerability)

https://github.com/samglish/bufferOverflow/

In french dépassement de tampon ou débordement de tampon

copy data without checking size.
A bug whereby a process, when writing to a buffer, writes outside the space allocated to the buffer, thus overwriting information necessary for the process.

Most common exploitation

  1. stack overflow
  2. Injection of a shellcode on the stack and calculation of its address
  3. Overflow of a variable on the stack
  4. Overwriting SEIP with the shellcode address

Image description

A C program to demonstrate buffer overflow

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{

       // Reserve 5 byte of buffer plus the terminating NULL.
       // should allocate 8 bytes = 2 double words,
       // To overflow, need more than 8 bytes...
       char buffer[5];  // If more than 8 characters input
                        // by user, there will be access 
                        // violation, segmentation fault

       // a prompt how to execute the program...
       if (argc < 2)
       {
              printf("strcpy() NOT executed....\n");
              printf("Syntax: %s <characters>\n", argv[0]);
              exit(0);
       }

       // copy the user input to mybuffer, without any
       // bound checking a secure version is strcpy_s()
       strcpy(buffer, argv[1]);
       printf("buffer content= %s\n", buffer);

       // you may want to try strcpy_s()
       printf("strcpy() executed...\n");

       return 0;
}
Enter fullscreen mode Exit fullscreen mode

Test

Open terminal

  1. compile the program
gcc -g -o BOF testoverflow.c
Enter fullscreen mode Exit fullscreen mode
  1. execute
./BOF sam
Enter fullscreen mode Exit fullscreen mode
  1. output
buffer content= sam
strcpy() executed...
Enter fullscreen mode Exit fullscreen mode

now enter more than 8 characters.

./BOF beididinasamuel
Enter fullscreen mode Exit fullscreen mode

output

buffer content= beididinasamuel
strcpy() executed...
Erreur de segmentation
Enter fullscreen mode Exit fullscreen mode

exploit, use GDB in terminal

$gdb -q ./BOF 
Enter fullscreen mode Exit fullscreen mode

output

Reading symbols from ./BOF...
(gdb) 
Enter fullscreen mode Exit fullscreen mode
  1. list the program
(gdb) list 1
Enter fullscreen mode Exit fullscreen mode

output

1   // A C program to demonstrate buffer overflow
2   #include <stdio.h>
3   #include <string.h>
4   #include <stdlib.h>
5    
6   int main(int argc, char *argv[])
7   {
8    
9          // Reserve 5 byte of buffer plus the terminating NULL.
10         // should allocate 8 bytes = 2 double words,
(gdb) 
11         // To overflow, need more than 8 bytes...
12         char buffer[5];  // If more than 8 characters input
13                          // by user, there will be access 
14                          // violation, segmentation fault
15   
16         // a prompt how to execute the program...
17         if (argc < 2)
18         {
19                printf("strcpy() NOT executed....\n");
20                printf("Syntax: %s <characters>\n", argv[0]);
(gdb) 
21                exit(0);
22         }
23   
24         // copy the user input to mybuffer, without any
25         // bound checking a secure version is strcpy_s()
26         strcpy(buffer, argv[1]);
27         printf("buffer content= %s\n", buffer);
28   
29         // you may want to try strcpy_s()
30         printf("strcpy() executed...\n");
Enter fullscreen mode Exit fullscreen mode
  1. breakpoint ( gdb will stop your program just before that function is called)
(gdb) break 26
Enter fullscreen mode Exit fullscreen mode

output

(gdb) break 26
Breakpoint 1 at 0x11ab: file overflow.c, line 26.
Enter fullscreen mode Exit fullscreen mode
  1. run the program
(gdb) run AAAAAAAAAAAAAAAA
Enter fullscreen mode Exit fullscreen mode

output

Starting program: Directory/BOF AAAAAAAAAAAAAAAA

Breakpoint 1, main (argc=2, argv=0x7fffffffe038) at overflow.c:26
26         strcpy(buffer, argv[1]);
(gdb) 

Enter fullscreen mode Exit fullscreen mode

the program stopped at line 26

let's analyze the data of the variable

(gdb) x/s buffer
Enter fullscreen mode Exit fullscreen mode

output

0x7fffffffdf3b:"001"
(gdb) 
Enter fullscreen mode Exit fullscreen mode

for more information on the exploit of content visit click here
https://bufferoverflows.net/getting-started-with-linux-buffer-overflow/

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

Heroku

This site is built on Heroku

Join the ranks of developers at Salesforce, Airbase, DEV, and more who deploy their mission critical applications on Heroku. Sign up today and launch your first app!

Get Started