DEV Community

BEIDI DINA SAMUEL
BEIDI DINA SAMUEL

Posted on

2 2

buffer Overflow (Application Vulnerability)

https://github.com/samglish/bufferOverflow/

In french dépassement de tampon ou débordement de tampon

copy data without checking size.
A bug whereby a process, when writing to a buffer, writes outside the space allocated to the buffer, thus overwriting information necessary for the process.

Most common exploitation

  1. stack overflow
  2. Injection of a shellcode on the stack and calculation of its address
  3. Overflow of a variable on the stack
  4. Overwriting SEIP with the shellcode address

Image description

A C program to demonstrate buffer overflow

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{

       // Reserve 5 byte of buffer plus the terminating NULL.
       // should allocate 8 bytes = 2 double words,
       // To overflow, need more than 8 bytes...
       char buffer[5];  // If more than 8 characters input
                        // by user, there will be access 
                        // violation, segmentation fault

       // a prompt how to execute the program...
       if (argc < 2)
       {
              printf("strcpy() NOT executed....\n");
              printf("Syntax: %s <characters>\n", argv[0]);
              exit(0);
       }

       // copy the user input to mybuffer, without any
       // bound checking a secure version is strcpy_s()
       strcpy(buffer, argv[1]);
       printf("buffer content= %s\n", buffer);

       // you may want to try strcpy_s()
       printf("strcpy() executed...\n");

       return 0;
}
Enter fullscreen mode Exit fullscreen mode

Test

Open terminal

  1. compile the program
gcc -g -o BOF testoverflow.c
Enter fullscreen mode Exit fullscreen mode
  1. execute
./BOF sam
Enter fullscreen mode Exit fullscreen mode
  1. output
buffer content= sam
strcpy() executed...
Enter fullscreen mode Exit fullscreen mode

now enter more than 8 characters.

./BOF beididinasamuel
Enter fullscreen mode Exit fullscreen mode

output

buffer content= beididinasamuel
strcpy() executed...
Erreur de segmentation
Enter fullscreen mode Exit fullscreen mode

exploit, use GDB in terminal

$gdb -q ./BOF 
Enter fullscreen mode Exit fullscreen mode

output

Reading symbols from ./BOF...
(gdb) 
Enter fullscreen mode Exit fullscreen mode
  1. list the program
(gdb) list 1
Enter fullscreen mode Exit fullscreen mode

output

1   // A C program to demonstrate buffer overflow
2   #include <stdio.h>
3   #include <string.h>
4   #include <stdlib.h>
5    
6   int main(int argc, char *argv[])
7   {
8    
9          // Reserve 5 byte of buffer plus the terminating NULL.
10         // should allocate 8 bytes = 2 double words,
(gdb) 
11         // To overflow, need more than 8 bytes...
12         char buffer[5];  // If more than 8 characters input
13                          // by user, there will be access 
14                          // violation, segmentation fault
15   
16         // a prompt how to execute the program...
17         if (argc < 2)
18         {
19                printf("strcpy() NOT executed....\n");
20                printf("Syntax: %s <characters>\n", argv[0]);
(gdb) 
21                exit(0);
22         }
23   
24         // copy the user input to mybuffer, without any
25         // bound checking a secure version is strcpy_s()
26         strcpy(buffer, argv[1]);
27         printf("buffer content= %s\n", buffer);
28   
29         // you may want to try strcpy_s()
30         printf("strcpy() executed...\n");
Enter fullscreen mode Exit fullscreen mode
  1. breakpoint ( gdb will stop your program just before that function is called)
(gdb) break 26
Enter fullscreen mode Exit fullscreen mode

output

(gdb) break 26
Breakpoint 1 at 0x11ab: file overflow.c, line 26.
Enter fullscreen mode Exit fullscreen mode
  1. run the program
(gdb) run AAAAAAAAAAAAAAAA
Enter fullscreen mode Exit fullscreen mode

output

Starting program: Directory/BOF AAAAAAAAAAAAAAAA

Breakpoint 1, main (argc=2, argv=0x7fffffffe038) at overflow.c:26
26         strcpy(buffer, argv[1]);
(gdb) 

Enter fullscreen mode Exit fullscreen mode

the program stopped at line 26

let's analyze the data of the variable

(gdb) x/s buffer
Enter fullscreen mode Exit fullscreen mode

output

0x7fffffffdf3b:"001"
(gdb) 
Enter fullscreen mode Exit fullscreen mode

for more information on the exploit of content visit click here
https://bufferoverflows.net/getting-started-with-linux-buffer-overflow/

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay