smashing the stack for fun and profit

SMASHING THE STACK FOR FUN AND PROFIT

PRESENTED BYMD. MASUDUR RAHMAN

MSSE 0404IIT, DU

2Outline

1. Problem specification of stack overflow2. Memory structure3. Stack overflow with examples4. Code Injection5. Discussion

3Research Problem

How could a stack be smashed? What Buffer Overflows are How Buffer Overflow exploit works

4Process Memory Organization (1/3)

5Process Memory Organization (2/3)

6Process Memory Organization (3/3)

7Structure of a Stack

Manage Control flow

8Stack Operation

Push Procedure prolog/enter/link

Pop Procedure epilog/leave/unlink

9Stack Operation with Example

10Stack Overflow

11Stack Overflow Example

12Injecting Shell Code

Shell Code in C

13Injecting Shell Code

14Injecting Shell Code

15Another Example of Exploit

16NOP Padding

17Problem with Small Buffer

Can’t hold Shell Code Return address points to another instead of shell code

Solution Use Environment variable

18Vulnerable Code

No built-in bound checking Functions: strcat(); strcpy(); gets(); etc

19Discussion

How to prevent stack overflow attack using bound checking?

Bound Checking when taking input from outside/untrusted source

Avoid vulnerable functions

20

21Question Set

1. Explain stack overflow with proper example.2. What is NOP? Why attackers use NOP instruction?3. Explain the problem with small buffer size an attacker

faces to exploit the buffer? Provide a solution for it?