Content:
Introduction
Vulnerable Example
Changing Variables
Jumping to adresses
Executing Shellcode
Buffer Overflows are a way of breaking into a running program that does not check for the size of user input, before
copying it into a buffer. Buffer Overflows are usually caused by strcpy, scanf and their various variants.
To understand Buffer Overflows you need to understand the way a computer stores information in it's memory. On "regular"
Little Endian Machines, the stack is "upside-down", meaning it grows
towards the lower end, 0x000000. The Stack is a "First-In First-Out" List, imagine it like a stack of books: you can push
a book on top or pop the uppermost. The data is stored in words, each of which is 4 bytes (32 bits) in size usually.
If a user puts in a string that is longer as the allocated space, the string just grows out of the string's space and overwrites the
adjacent space, which can result in major exploits.
#include <stdio.h>
int main ( int argc, const char *argv[] ) {
int number = 0;
char buf[20];
printf( "number is %d; input 20 char string to change number too 75:\n", number );
scanf( "%s", buf );
printf( "you entered '%s'\n", buf );
printf( "number is %d\n", number );
if ( number == 75 )
printf( "Congratz\n" );
else
printf( "Shame on you\n" );
return 0;
}
echo "thisis20charsandaone12345678K" | ./overflow
number is 0; input 20 char string to change number too 75:
you entered 'thisis20charsandaone12345678K'
number is 75
Congratz
<Not quite ready yet>
<Not quite ready yet>
<Not quite ready yet>