Sunday, July 24, 2016

Introduction to Stack Buffer Overflows: Overwriting Data

Introduction to Buffer Overflows 


In the previous post, we talked about the stack layout on x86 processors and the x86 general registers and instruction set. In this post, we will learn how stack buffer overflows occur and how we can exploit this vulnerability to overwrite data in memory.

A buffer is a generic term for a block of data storage in memory. A buffer overflow is a condition that occurs when when we put more data into the buffer than that buffer can hold. The extra data overflows into the next region of memory, and this will usually cause the program to crash. However, sometimes, it is possible to overflow into a specific region of memory with a specific value such that when the computer attempts to use that memory, the data is valid.

Read more »
Posted by at No comments:
Labels: , , ,

Thursday, July 21, 2016

Stack Buffer Overflow Primer: Stack and Assembly in x86

Introduction


A buffer overflow is a very well-known vulnerability that occurs when it is possible to put more data into a buffer than that buffer can hold. In the coming tutorials, we will learn about this vulnerability and how it can be exploited. In this tutorial, however, we will go over some concepts that will be necessary to know in order to understand the buffer overflow.

The Stack Structure


The stack is a data structure that holds information about functions while the program is executing. Whenever a function is called, a new stack frame is pushed onto the stack. When the function is finished executing, its stack frame is popped off the stack.  Consider the following program
Read more »
Posted by at No comments:
Labels: , , ,

Monday, July 18, 2016

Linux Backdoors via SUID Executables

Backdoors: Maintaining Root Access


In the last post, we talked about how we could use SUID programs to gain root access. Now after gaining root access, what happens next will vary depending on objectives. In general though, you might like to maintain root access without the legitimate root user noticing. This is essentially what a backdoor does. Of course you could just redo the exploit you did to get in, but sometimes that is not possible. Backdoors have become increasingly sophisticated over the years, but their main purpose is to allow a person to regain access to a system at another time. You can always look for popular backdoor scripts online, but it's fun to write your own.
Read more »
Posted by at No comments:
Labels: , ,

Sunday, July 17, 2016

Linux Privilege Escalation via SUID Executables using Environment Paths

Introduction to SUID Executables


A well-known way to gain root privilege in Linux is by using SUID Executables. SUID (SetUID) is a permission given to a program that allows users to execute the program as if the owner of the program were executing it. Thus, if a program is owned by root, a user temporarily has root privilege during the execution of that program. It is possible, therefore, to exploit SUID executables in order to arbitrarily execute commands as root and maintain root privilege.
Read more »
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)