Tenouk - a complete C & C++ resources

The Stack-based Buffer Overflow Vulnerability and Exploit Experimental Demonstration (in the controlled environment)

 

BOF Home 2

 

 

C & C++ Programming Tutorial

 

BOF Home 1

 

This BOF Home

 

GCC, GDB & FRIENDS TOOLS #1

 

GCC, GDB & FRIENDS TOOLS #2

 

Compiler, Assembler & Linker Story

 

C Memory Functions

 

25 Most Dangerous Programming Errors

 

C Code Listing ~ 340 C code samples

 

C++ Code Listing ~ 500 C++ code Samples

 

 

What do we have in this 'crap'?

 

This hands-on tutorial starts with an introduction of the study purposes, some literature review which contains the fundamental of the exploit environments. The environment discussion starts with the computer hardware (microprocessor) procedures on compiling and linking the C programs. Then, the discussion proceeds to the demonstration when the environment setup was completed. The study ends with a conclusion, recommendation and further research.

 

CHAPTER ONE: INTRODUCTION

 

1.0   Introduction

1.1   Scope and Limitation

1.2   Significance of the Study

 

CHAPTER TWO: LITERATURE REVIEW

 

2.1   The Current Trends

2.2   Detection and Prevention Solutions

2.3   The Current Implementation

2.4   The Exploit Advancement

2.5   Intel Processor Execution Environment

2.5.1  Memory

2.5.2  Registers

2.5.3  Procedure Call

2.5.3.1   Stack

2.5.3.2   General Task of the Stack Set up

2.5.3.3   Procedure Linking Information

2.5.3.4   Calling Procedures Using CALL and RET

2.6   Related Instructions and Stack Manipulation

 

CHAPTER THREE: METHODOLOGY

 

3.1   Introduction

3.2   The Specifications

3.3   Vulnerable Environment Preparation

3.3.1   Disabling the SELinux

3.3.2   Non-Executable Stack and Address Space Randomization

3.4   Preparing the Vulnerable Code

3.5   C Function Call Convention

3.6   Stack Boundary Alignment

3.7   Generating and Testing the Shellcode as a Payload

3.8   Storing the Shellcode in the Environment Variable

3.9   The Exploit: The Miserable setuid Program

3.10   Optional Steps

3.10.1   Disabling the 'Canary' [65]

3.10.2   Flagging the Executable Bit

3.10.3   The bash Shell Protection

 

CHAPTER FOUR: FINDING AND DISCUSSION

 

4.1   The Conditions for Buffer Overflow to Occur

4.1.1   Using Unsafe C Function

4.1.2   No Input Validation

4.1.3   Return Address Adjacent to Code and Data

4.1.4   Suitable Exploit Code Availability

4.2   Current Implementation Review

4.3   The Coding Stage Advantage

4.4   Recommendations

 

CHAPTER FIVE: CONCLUSION AND FUTURE WORK

 

5.1   Research Contribution

5.2   Related Future Work

 

 

BOF REFERENCE

IMPORTANT ABBREVIATIONS

GENERAL AND SIMPLIFIED VUL. & EXPLOIT FLOW CHART (pdf)

 

 

 

 

Summary

 

This tutorial revisits the stack-based buffer overflow problem which still dominate as one of the top threat to the computer security world. In this tutorial an experimental demonstration presented in a step-by-step manner which cover creating a simple buffer overflow C program, preparing the vulnerable environment and the exploit. It is a controlled experiment (well it is not the real one!), analyzing the vulnerability and how the exploit take action. An ample literature review also provided in the purpose to trace the problem from the lowest level and providing the current information regarding buffer overflow threat detection and prevention. In this case, the trends, current protection and detection techniques also discussed with the weaknesses and strength. At the end, after the demo has been completed the related issues mainly the current and previous detection and prevention mechanisms were discussed. Practical recommendations have been suggested while making the conclusion. The OS used is Fedora 9 as a guest OS on Win XP Pro SP2 machine using VMware.

Note: This is the expanded online report version which has been submitted by writer in partial fulfillment of the Master Degree program in ICT

 

 

 

 

 

Translate, email to friends and share:

 

>> Part 1 | Part 2 | Part 3 | Part 4 | Part 5 | Part 6 | Part 7