Skip to content
This repository has been archived by the owner on Nov 25, 2023. It is now read-only.

B1rby/Stack-Based-Buffer-Overflows

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Stack-Based-Buffer-Overflows

Image3

Stack overflow is a type of buffer overflow vulnerability. When we pour water in a glass more than its capacity the water spills or overflow, similarly when we enter data in a buffer more than its capacity the data overflows to adjacent memory location causing program to crash. This is know as buffer overflow1.

Stack

The stack has a Last-in, First-out (LIFO) design which means that we can only pop the last argument we pushed on the stack.

Example:

stack final 1

Imagine someone want to put 20 bytes of data into a buffer that had only been allocated 8 bytes of space, that type of action is allowed, even though it will most likely cause the program to crash. We can see that the 20 bytes that we sent overwrited the other existing values. The program will crash because the fucntion will try to return to the address of eip which is 0x1234565. But this value no longer existed. This is known as a buffer overrun or buffer overflow, since the extra 12 bytes of data will overflow and spill out of the allocated memory, overwriting whatever happens to come next. If a critical piece of data is overwritten, the program will crash. If we determine exactly the number of bytes we have to send before reaching eip/rip we will be able to put after this string a shellcode for our program to execute. Or If we calculate our input precisely, we can place a valid address in the location of eip. So after that the program is overwritted it will return to the adress that we have put.

Steps

The Buffer Overflow attack is defined by 6 steps:

  1. Crash the binary
  2. Take control of eip/rip
  3. Determine the lenght of our shellcode
  4. Identify the bad characters
  5. Generating the shellcode
  6. Identification of the return adress

All these steps are explained here.

Protections

This vulnerability can be more or less difficult to exploit depending on the security put on the binary. The securities can be:

Writeup

Writeup about the Stack-Based Buffer Overflows on Linux x86 module of HackThebox Academy. The module was made by Cry0l1t3. In this writeup you will learn how I exploit a binary with a simple stack-based buffer overflow without any bypassing to do etc. And may be learn new things about stack-based buffer overflow.

bof logo 3

Advanced Stack-Based Buffer Overflow

Assembly:

C (GNU linux system):

Rop techniques to bypass mitigations:

Sources

A couple of images in the writeup that you have seen are providing from the HTB Academy website and the buffer images were modified by me for illustrate what I were doing

Academy, H. T. B. (n.d.). HTB Academy : Cyber security training. Cyber Security Training : HTB Academy. Retrieved December 14, 2021, from https://academy.hackthebox.com/module/details/318

Copyright

Copyright © Birby 2022. The Stack-Based-Buffer-Overflows by B1rby is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Footnotes

  1. Thakur, A. S. (2019, December 4). Stack overflow vulnerability. Hacker Noon. Retrieved December 14, 2021, from https://hackernoon.com/stack-overflow-vulnerability-xou2bbm