buffer overflows with content
play

Buffer Overflows with Content 2 A Process Stack Buffer Overflow - PDF document

Feb 08, 2023 •179 likes •497 views

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

  1. 1 Buffer Overflows with Content

  2. 2 A Process Stack

  3. Buffer Overflow • Common Techniques employed in buffer overflow exploits to create backdoors – Execution of additional network services via the INETD daemon – The addition of new users to a system – Establishing a “trust” relationship between the victim machine and the attacker’s machine 3

  4. Example - AMD Buffer Overflow Port 2222 is a rootshell left by the AMD exploit 4

  5. Detecting Buffer Overflows by Protocol Signatures • Protocol Signature – Look for anomalous traffic, such as remote traffic targeted at facilities that should not be accessible to a remote user. • e.g. a remote user trying to connect to the Portmapper process • Payload Signature – No-OP instructions to pad the exploit code – Script signatures – Abnormal user data and responses 5

  6. 6 IMAP Buffer Overflow

  7. 7 IMAP Buffer Overflow – Con’t

  8. 8 IMAP Buffer Overflow – Con’t

  9. IMAP Buffer Overflow – Con’t • ls –a echo “+ + ”> /.rhosts 9

  10. NO-OP Hex Code Based on Processor Type 10

  11. 11 Script Signatures – NO-OP Overflow

  12. 12 Script Signatures – NO-OP Overflow Con’t

  13. Script Signatures – NO-OP Overflow Con’t • This frame shows a large number of hex 90s followed by some machine code, some ASCII strings, and a literal command /bin/sh -c 13

  14. Abnormal Responses FTP Authentication Buffer Overflow – FTPD exploit The password supplied in response to the FTPD prompt is 14 suspiciously large

  15. Defending Against Buffer Overflows • strcpy and strncpy • Introduce bounds checking into C programs • Stack-based buffer overflow - CPU executes code that is resident on the stack – Only code in the code space can be executed 15

  16. 16 Fragmentation

  17. Fragmentation • Attackers can use fragmentation to mask their probes and exploits • Fragment offset is specified as a quantity of 8- byte chunk – The size of all legal nonterminal fragments must be multiples of 8 bytes • Any fragmented packets with a byte size divisible by 8, except for the last one 17

  18. Boink Attack •IP stack has no concept of negative math •Availability DoS 18

  19. 19 Teardrop Attack

  20. 20 evilPing ….

  21. 21 evilPing

  22. 22 Modified Ping of Death

  23. 23 Modified Ping of Death

  24. CGI Scan •The attacker is running a script that attempts a number of Web server exploits, such as /cgi- bin/rwwwshell.pl 24

  25. 25 CGI Scan – Con’t

  26. CVE-1999-0067 26 PHF Attack

  27. Some Example CGI CVE Entries • CVE-1999-0068 – CGI PHP mylog script allows an attacker to read any file on the target server. • CVE-1999-0467 – The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter • CVE-1999-0509 – Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. 27

  28. SGI IRIX Object Server • Scan one to goodguy-a.com yields nothing • CVE-2000-0245 • A vulnerability in an SGI IRIX object server daemon – Allow remote attackers to create user accounts – Port 5135: the SGI object server 28

  29. SGI Object Server – Con’t • The scan to goodguy-b.com is a bust 29

  30. SGI Object Server – Con’t • The start of the bad guy • The user zippy is added 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security vulnerability in the 90s. Buffer overflows dominate in the area of remote network penetration vulnerabilities. CS 465 They represent one of the

651 views • 4 slides
Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows One of the most common vulnerabilities in software Programming languages commonly associated with buffer overflows including C and C++

1.14k views • 17 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1 Buffer Overflows One of the most common vulnerabili@es in soEware Programming languages commonly associated with buffer overflows including

199 views • 17 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1 Buffer Overflows One of the most common vulnerabiliCes in soGware Programming languages commonly associated with buffer overflows including

195 views • 17 slides
Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Last time We continued By launching our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow fundamentals This time We will finish up By looking at Buffer Overflow overflows

1.33k views • 103 slides
Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others prevention techniques known still of major concern

873 views • 53 slides
ASLR & DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR & DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR & DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows Buffer overflows are the source of many of the common vulnerabilities in modern software Caused by not checking the source length when writing to a

1.88k views • 130 slides
CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows II TA: Viktor Farkas vfarkas@cs Original slides by Franzi Lab 1 Deadline Reminders Lab

373 views • 11 slides
More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester Rebeiro Indian Institute of Technology Madras Buffer Overreads 2 Buffer Overread Example 3 Buffer Overread Example len read from command line

906 views • 76 slides
CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use large strings (or other datatypes) to overflow a buffer Craft input to make the server do whatever you want Easy to crash a program Harder

256 views • 11 slides
Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program Exploitation Buffer Overflows Memory Declaration Smashing The Stack TCP/IP Three Way Handshake Denial of Service SYN Flooding

403 views • 13 slides
On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco-Gisbert , Ismael Ripoll Universit` at Polit` ecnica

528 views • 35 slides
Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer Science Rutgers University http://www.cs.rutgers.edu/~vinodg/416 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red,

950 views • 55 slides
Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit by Aleph One Summer 2017 Roadmap 1 Process Memory Organization Text Fixed by program Includes code and read-only data

257 views • 22 slides
Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs reversed rj.rodriguez@unileon.es @RicardoJRdez www.ricardojrodriguez.es Research Institute of Applied Sciences in Cybersecurity University of

825 views • 50 slides
Computer Security Sec4on Week 2: Buffer Overflows TA:

Computer Security Sec4on Week 2: Buffer Overflows TA:

CSE 484 / CSE M 584 Computer Security Sec4on Week 2: Buffer Overflows TA: Thomas Crosley tcrosley@cs Thanks to Franzi Roesner, Adrian

502 views • 14 slides
CPL and CGI Transport in SIP REGISTER Payloads Jonathan Lennox Columbia University

CPL and CGI Transport in SIP REGISTER Payloads Jonathan Lennox Columbia University

' $ CPL and CGI transport in SIP REGISTER messages 1 CPL and CGI Transport in SIP REGISTER Payloads Jonathan Lennox Columbia University lennox@cs.columbia.edu IETF IPTel Working Group Tuesday, March 16, 1999 & % Jonathan Lennox ' $

338 views • 6 slides
W EB P LATFORM : T HE N OT C OMPLETELY AND O BVIOUSLY I NSECURE P ARTS Mike West @mikewest,

W EB P LATFORM : T HE N OT C OMPLETELY AND O BVIOUSLY I NSECURE P ARTS Mike West @mikewest,

W EB P LATFORM : T HE S ECURE P ARTS Mike West @mikewest, mkw.st/+ Slides: https://mkw.st/r/goto13 W EB P LATFORM : T HE N OT C OMPLETELY AND O BVIOUSLY I NSECURE P ARTS Mike West @mikewest, mkw.st/+ Slides: https://mkw.st/r/goto13 Insert

705 views • 41 slides
Web Technologies and What is Perl & What is it for? Applications Perl is an acronym for

Web Technologies and What is Perl & What is it for? Applications Perl is an acronym for

Web Technologies and What is Perl & What is it for? Applications Perl is an acronym for Practical Extraction and Report language. Winter 2001 It is currently the most used language for CGI- CMPUT 499: Perl, Cookies and other

457 views • 12 slides
CGI Apache mod_cgi.c oyama@cpan.org Shibuya Perl Mongers Shibuya.pm TechTalks#3 2003-06-13

CGI Apache mod_cgi.c oyama@cpan.org Shibuya Perl Mongers Shibuya.pm TechTalks#3 2003-06-13

CGI Apache mod_cgi.c oyama@cpan.org Shibuya Perl Mongers Shibuya.pm TechTalks#3 2003-06-13 p.1/17 Apache CGI Shibuya.pm TechTalks#3 2003-06-13 p.2/17 Apache http_core.c module mod_env.c

515 views • 19 slides
P rocesses Recall: A pr ocess includes Address space (Code, Dat a, Heap, St ack) 4:

P rocesses Recall: A pr ocess includes Address space (Code, Dat a, Heap, St ack) 4:

P rocesses Recall: A pr ocess includes Address space (Code, Dat a, Heap, St ack) 4: Threads Regist er values (including t he P C) Resources allocat ed t o t he process Memor y, open f iles, net wor k connect ions Last Modif

411 views • 5 slides
IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst

IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst

#RSAC SESSION ID: SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst Independent Security Evaluators (ISE) Independent Security Evaluators (ISE) @rramgatie @omerfar23 #RSAC

924 views • 43 slides
Development of Web Applications Principles and Practice Vincent Simonet, 2013-2014 Universit

Development of Web Applications Principles and Practice Vincent Simonet, 2013-2014 Universit

Development of Web Applications Principles and Practice Vincent Simonet, 2013-2014 Universit Pierre et Marie Curie, Master Informatique, Spcialit STL 3 Server Technologies Vincent Simonet, 2013-2014 Universit Pierre et Marie Curie,

1.17k views • 68 slides
W eb Services and the Grid W eb Services and the Grid Supercomputing, Visualization

W eb Services and the Grid W eb Services and the Grid Supercomputing, Visualization

W eb Services and the Grid W eb Services and the Grid Supercomputing, Visualization & e-Science Manchester Com puting W SRF and W SRF::Lite W SRF::Lite W SRF and Mark Mc Keown WSRF: : Lite developer Formerly UK Grid Support

658 views • 32 slides

More recommend