Buffer Overflow Attack Part 1 -The Basics Tutorials

This article explains the most commonly known attack buffer overflow at a very basic level.

What is Buffer over Flow?

Buffer over flow happens when any process tires to store data in a buffer more then the actual memory which is allocated by the programmer during coding time buffer overflow happens at run time mostly. Here is an example of a Program which has a buffer size of 10. This example will explain you more about buffer overflow. We need to understand the the programs given below

Buffer Flow Happens due to Lack of Boundary Checks

#include <stdio.h
int main()

{
char name[10];
printf(“Enter Your Name”);
gets(name);
printf(“Your Name is %s\n”, name);
return 0;
}

Normal Conditions : when we run this program it will ask us to “Enter Your Name” then we will type our name “Mohit”   looks fine till this point then it will print “Your Name is Mohit” which looks completely fine.

Buffer Overflow Conditions : when we run this program again it will ask us to “Enter Your Name” then we type “Mohit Kumar Yadav” see it carefully last time it executed successfully but this time it will give an Overflow Error and Program will terminate unexpectedly it is because this program can only store buffer size of 10 characters but we gave “Mohit Kumar Yadav” which is 17 characters. This is called Buffer over flow. This happened because these functions like strcpy() strcat() sprintf() vsprintf() scanf() getchar()  does not performs any kinds of boundary Checks,

 

Now what is Boundary Checks. By boundary checks we means while accepting the data it does not checks the amount of data that variable can store it will try to store as much data as much you will type and when you finish typing and press enter it tries to push complete data to the variable ie “name”  but here name has a fixed buffer size of 10 it can not store more then 10 bytes. So the program terminates. Program Terminates because it tries to overwrite the adjacent memory , which normally contains other data like program variables values and program execution flow So Program Terminates with “Segmentation error”.

 

Buffer overflow is a clear cause of improper or inefficient programming done. Some times programming languages also had some limitations due to which these kind of situations could arise. in the program get() function which is a C library function does not performs any kind of boundary checks.

 

We need to under stand about stack. Stack is used to allocate the local variables in functions dynamically,also passing parameters to functions at run time and any return values coming from functions. Stacks works on basics concepts of LIFO – Last In First Out that means

any elements which goes last it came out First ie Last In First Out.

Lets Talk more about Stack implementations

Stacks is the main region where everything happens all data gets manipulated at stack level. Its is very important statement to understand. when normally our program gets executed it has two main things ie.
1 Buffer space
2 return address –  this is the address which program remembers (from where it has to start after completing one task)
In Normal Condition we tried to enter name as “Mohit” stack will be like this given below
————————
Buffer Space —— Mohit
————————
Saved Return Address (Program will return a proper return address and execute successfully)
————————

 

In Buffer Over Flow Conditions stack will be like below given

Buffer Over Flow Condition : but wen we enter Mohit Kumar Yadav stack will be like this

————————————–

Buffer Space——– Mohit kuma

————————————–

r Yadav (Return address have been over written with our extra data which we entered due to this program currupts and terminates unexpectedly )

————————————–

Above you can understand that the return address which program was having was over written with the extra data which user Wrote in Program . “r Yadav” overwrites the Return address
Saved Return Address : When every we call any function or procedure system saves its return address to remember it at from which location it was called from. So when this function completes all its tasks it will return on the same address and program will executed step by step functions and again come to the last address then again next function will be called and after completing the function it will come back to the return address of that function Saved Return Address is very important.
If we want to prevent our program from crashing we should use alternative functions of gets()
We can use fget() functions instead of get() in c because boundary checks can be done on fget() function.
How Hackers Hack Systems and Compromise using Buffer Overflow attacks ?
Hackers Overwrites the Return address of the program with there Shell Code.
Now what is Shell Code ?
Shell code is a malicious code or you can say some kind of payload which can give you the access of System may be command prompt or shell access. With the Help of buffer over flow hackers usually include shell codes in there buffer over flow exploits. One they executed these exploits program terminates and returns back to the return address hackers put there shell code at return address so that shell code can get executed. After successfully exploiting hackers normally get the shell or command prompt of the system then they can compromise the complete System.

One thought on “Buffer Overflow Attack Part 1 -The Basics Tutorials”

Leave a Reply