SlideShare a Scribd company logo

Ceh v5 module 20 buffer overflow

Vi Tính Hoàng Nam
Vi Tính Hoàng Nam

Ceh v5 module 20 buffer overflow

Technology
1 of 25
Download to read offline
Module XX Buffer Overflows Ethical Hacking Version 5
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Module Objective This module will familiarize you with the following: Buffer Overflows Reasons for buffer overflow attacks Types of buffer overflow Stacks Shell code Detecting buffer overflows in a program Mutating buffer Overflow exploit Buffer overflow countermeasures Code Analysis
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Module Flow Buffer Overflows Code Analysis Types of Buffer Overflow Reasons for Buffer Overflow Attacks Detecting Buffer Overflows In a Program Shell Code Defense against Buffer OverflowsStacks Mutating Buffer Overflow Exploit Attacking a Real Program
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Why are Programs/Applications Vulnerable? Since there is lot of pressure to maintain the turnaround of deliverables, programmers are bound to make mistakes that are often overlooked Boundary checks are not done fully or, in most cases, they are skipped entirely Programming languages, such as C, which programmers use to develop packages or applications, have errors in it The strcat(), strcpy(), sprintf(), vsprintf(), bcopy(), gets(), and scanf() calls in C language can be exploited because these functions do not check to see if the buffer, allocated on the stack, is large enough for the data copied into the buffer Good programming practices are not adhered to
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Buffer Overflows A buffer overrun is when a program allocates a block of memory of a certain length and then tries to stuff too much data into the buffer, with extra overflowing and overwriting possibly critical information crucial to the normal execution of the program Consider the following source code. When the source is compiled and turned into a program and the program is run, it will assign a block of memory 32 bytes long to hold the name string #include<stdio.h> int main ( int argc , char **argv) { char target[5]=”TTTT”; char attacker[11]=”AAAAAAAAAA”; strcpy( attacker,” DDDDDDDDDDDDDD”); printf(“% n”,target); return 0; } This type of vulnerability is prevalent in UNIX- and NT-based systems
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Reasons for Buffer Overflow Attacks Buffer overflow attacks depend on two things: the lack of boundary testing and a machine that can execute code that resides in the data/stack segment The lack of boundary is very common and, usually, the program ends with segmentation fault or bus error. In order to exploit buffer overflow to gain access to or escalate privileges, the offender must create the data to be fed to the application Random data will generate a segmentation fault or bus error, never a remote shell or the execution of a command
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Knowledge Required to Program Buffer Overflow Exploits 1. C functions and the stack 2. A little knowledge of assembly/machine language 3. How system calls are made (at the machine code level) 4. exec( ) system calls 5. How to guess some key parameters
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Types of Buffer Overflows Stack-based Buffer Overflow Heap/BSS-based Buffer Overflow
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Stack-based Buffer Overflow Buffer is expecting a maximum number of guests Send the buffer more than x guests If the system does not perform boundary checks, extra guests continue to be placed at positions beyond the legitimate locations within the buffer. (Java does not permit to run off the end of an array or string as C and C++ do) Malicious code can be pushed on the stack The overflow can overwrite the return pointer so that the flow of control switches to the malicious code
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Understanding Assembly Language The two most important operations in a stack: • 1. Push – put one item on the top of the stack • 2. Pop – "remove" one item from the top of the stack • Typically, returns the contents pointed to by a pointer and changes the pointer (not the memory contents)
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Understanding Stacks The stack is a (LIFO) mechanism that computers use both to pass arguments to functions and to reference local variables It acts like a buffer, holding all of the information that the function needs The stack is created at the beginning of a function and released at the end of it BP anywhere within the stack frame SP points here Stack growth direction
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited A Normal Stack
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Shellcode Shellcode is a method used to exploit stack-based overflows Shellcodes exploit computer bugs in how the stack is handled Buffers are soft targets for attackers as they overflow very easily if the conditions match "x2dx0bxd8x9axacx15xa1x6ex2fx0bxdcxdax90x0bx80x0e" "x92x03xa0x08x94x1ax80x0ax9cx03xa0x10xecx3bxbfxf0" "xdcx23xbfxf8xc0x23xbfxfcx82x10x20x3bxaax10x3fxff" "x91xd5x60x01x90x1bxc0x0fx82x10x20x01x91xd5x60x01"
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Heap-based Buffer Overflow Variables that are dynamically allocated with functions, such as malloc(), are created on the heap Heap is a memory that is dynamically allocated. It is different from the memory that is allocated for stack and code In a heap-based buffer overflow attack, an attacker overflows a buffer that is placed on the lower part of heap, overwriting other dynamic variables, which can have unexpected and unwanted effects
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited How to Detect Buffer Overflows in a Program There are two ways to detect buffer overflows: • One way is to look at the source code. In this case, the hacker can look for strings declared as local variables in functions or methods and verify the presence of boundary checks. It is also necessary to check for improper use of standard functions, especially those related to strings and input/output • Another way is to feed the application with huge amounts of data and check for abnormal behavior
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Attacking a Real Program Assuming that a string function is being exploited, the attacker can send a long string as the input This string overflows the buffer and causes a segmentation error The return pointer of the function is overwritten, and the attacker succeeds in altering the flow of execution If he has to insert his code in the input, he has to: • Know the exact address on the stack • Know the size of the stack • Make the return pointer point to his code for execution
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited NOPS Most CPUs have a No Operation (NOP) instruction – it does nothing but advance the instruction pointer Usually, we can put some of these ahead of our program (in the string) As long as the new return address points to a NOP, we are OK Attacker pads the beginning of the intended buffer overflow with a long run of NOP instructions (a NOP slide or sled) so the CPU will do nothing until it gets to the 'main event' (which preceded the 'return pointer') Most intrusion detection systems (IDSs) look for signatures of NOP sleds. ADMutate (by K2) accepts a buffer overflow exploit as input and randomly creates a functionally equivalent version (polymorphism)
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited How to Mutate a Buffer Overflow Exploit For the NOP portion Randomly replace the NOPs with functionally equivalent segments of code (e.g.: x++; x-; ? NOP NOP) For the "main event" Apply XOR to combine code with a random key unintelligible to IDS. The CPU code must also decode the gibberish in time in order to run the decoder. By itself, the decoder is polymorphic and, therefore, hard to spot For the "return pointer" Randomly tweak LSB of pointer to land in the NOP-zone
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Once the Stack is Smashed... Once the vulnerable process is commandeered, the attacker has the same privileges as the process and can gain normal access. He can then exploit a local buffer overflow vulnerability to gain super-user access Create a backdoor Using (UNIX-specific) inetd Using Trivial FTP (TFTP) included with Windows 2000 and some UNIX flavors Use Netcat to make raw, interactive connections Shoot back an Xterminal connection UNIX-specific GUI
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Defense Against Buffer Overflows Manual auditing of code Disabling stack execution Safer C library support Compiler techniques
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool to Defend Buffer Overflow: Return Address Defender (RAD) RAD is a simple patch for the compiler that automatically creates a safe area to store a copy of return addresses After that, RAD automatically adds protection code into applications that it compiles to defend programs against buffer overflow attacks RAD does not change the stack layout
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool to Defend Buffer Overflow: StackGuard StackGuard: Protects systems from stack smashing attacks StackGuard is a compiler approach for defending programs and systems against "stack smashing" attacks Programs that have been compiled with StackGuard are largely immune to stack smashing attacks Protection requires no source code changes at all. When a vulnerability is exploited, StackGuard detects the attack in progress, raises an intrusion alert, and halts the victim program http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool to Defend Buffer Overflow: Immunix System Immunix System is an Immunix-enabled RedHat Linux distribution and suite of application-level security tools Immunix secures a Linux OS and applications Immunix works by hardening existing software components and platforms so that attempts to exploit security vulnerabilities will fail safe. That is, the compromised process halts instead of giving control to the attacker, and then is restarted http://immunix.org
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Simple Buffer Overflow in C Vulnerable C Program overrun.c #include <stdio.h> main() { char *name; char *dangerous_system_command; name = (char *) malloc(10); dangerous_system_command = (char *) malloc(128); printf("Address of name is %dn", name); printf("Address of command is %dn", dangerous_system_command); sprintf(dangerous_system_command, "echo %s", "Hello world!"); printf("What's your name?"); gets(name); system(dangerous_system_command); }
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Summary A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold Buffer overflow attacks depend on: the lack of boundary testing, and a machine that can execute code that resides in the data/stack segment Buffer overflow vulnerability can be detected by skilled auditing of the code as well as boundary testing Once the stack is smashed, the attacker can deploy his payload and take control of the attacked system Countermeasures include checking the code, disabling stack execution, safer C library support, and using safer compiler techniques Tools like stackguard, Immunix, and vulnerability scanners help in securing systems

Recommended

Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injectionVi Tính Hoàng Nam
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffersVi Tính Hoàng Nam
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksVi Tính Hoàng Nam
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesVi Tính Hoàng Nam
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

Recommended

Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injectionVi Tính Hoàng Nam
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffersVi Tính Hoàng Nam
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksVi Tính Hoàng Nam
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesVi Tính Hoàng Nam
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)Wail Hassan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
File inclusion
File inclusionFile inclusion
File inclusionAaftabKhan14
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanningVi Tính Hoàng Nam
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Secure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxSuman Astani
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.Vuz Dở Hơi
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsVi Tính Hoàng Nam
 

More Related Content

What's hot

Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)Wail Hassan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Secure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxSuman Astani
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 

What's hot (20)

Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
File inclusion
File inclusionFile inclusion
File inclusion
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
System hacking
System hackingSystem hacking
System hacking
 
Secure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injection
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of service
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptx
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 

Viewers also liked

Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.Vuz Dở Hơi
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsVi Tính Hoàng Nam
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasuresPresentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasurestharindunew
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsVuz Dở Hơi
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)Vi Tính Hoàng Nam
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingpolichen
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 

Viewers also liked (17)

Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasuresPresentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasures
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingCeh v5 module 18 linux hacking
Ceh v5 module 18 linux hacking
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
Anatomy Of Hack
Anatomy Of HackAnatomy Of Hack
Anatomy Of Hack
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and Backdoors
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 

Similar to Ceh v5 module 20 buffer overflow

Dive into exploit development
Dive into exploit developmentDive into exploit development
Dive into exploit developmentPayampardaz
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Elvin Gentiles
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
 
Report on hacking blind
Report on hacking blindReport on hacking blind
Report on hacking blindNikitaAndhale
 
Stack-Based Buffer Overflows
Stack-Based Buffer OverflowsStack-Based Buffer Overflows
Stack-Based Buffer OverflowsDaniel Tumser
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Cysinfo Cyber Security Community
 
Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflowjyoti_lakhani
 
Buffer overflow explained
Buffer overflow explainedBuffer overflow explained
Buffer overflow explainedTeja Babu
 
Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackAnatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackRob Gillen
 
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsCaptain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsenSilo
 
Piratng Avs to bypass exploit mitigation
Piratng Avs to bypass exploit mitigationPiratng Avs to bypass exploit mitigation
Piratng Avs to bypass exploit mitigationPriyanka Aash
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackTomer Zait
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 

Similar to Ceh v5 module 20 buffer overflow (20)

Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
Dive into exploit development
Dive into exploit developmentDive into exploit development
Dive into exploit development
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
 
Return oriented programming (ROP)
Return oriented programming (ROP)Return oriented programming (ROP)
Return oriented programming (ROP)
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
 
Report on hacking blind
Report on hacking blindReport on hacking blind
Report on hacking blind
 
Stack-Based Buffer Overflows
Stack-Based Buffer OverflowsStack-Based Buffer Overflows
Stack-Based Buffer Overflows
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
 
Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflow
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
 
Buffer overflow explained
Buffer overflow explainedBuffer overflow explained
Buffer overflow explained
 
Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackAnatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow Attack
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
 
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsCaptain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
 
Piratng Avs to bypass exploit mitigation
Piratng Avs to bypass exploit mitigationPiratng Avs to bypass exploit mitigation
Piratng Avs to bypass exploit mitigation
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for Middleware
 
Microprocessor systems (4)
Microprocessor systems (4)Microprocessor systems (4)
Microprocessor systems (4)
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 

More from Vi Tính Hoàng Nam

CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)Vi Tính Hoàng Nam
 
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnTl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnVi Tính Hoàng Nam
 
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108Vi Tính Hoàng Nam
 
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesBrochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesVi Tính Hoàng Nam
 
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoNSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoVi Tính Hoàng Nam
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangVi Tính Hoàng Nam
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangVi Tính Hoàng Nam
 
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQPEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQVi Tính Hoàng Nam
 
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EHRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EVi Tính Hoàng Nam
 
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhRPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhVi Tính Hoàng Nam
 
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhRPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhVi Tính Hoàng Nam
 
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhHCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhVi Tính Hoàng Nam
 
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhHCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhVi Tính Hoàng Nam
 

More from Vi Tính Hoàng Nam (20)

CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
 
Catalogue 2015
Catalogue 2015Catalogue 2015
Catalogue 2015
 
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnTl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
 
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁTCATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
 
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
 
Các loại cáp mạng
Các loại cáp mạngCác loại cáp mạng
Các loại cáp mạng
 
Catalogue 10-2014-new
Catalogue 10-2014-newCatalogue 10-2014-new
Catalogue 10-2014-new
 
Qtx 6404
Qtx 6404Qtx 6404
Qtx 6404
 
Camera QTX-1210
Camera QTX-1210Camera QTX-1210
Camera QTX-1210
 
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesBrochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
 
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoNSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
 
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQPEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
 
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EHRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
 
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhRPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
 
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhRPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
 
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhHCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
 
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhHCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
 
I phone v1.2_e
I phone v1.2_eI phone v1.2_e
I phone v1.2_e
 

Recently uploaded

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Ceh v5 module 20 buffer overflow

  • 2. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Module Objective This module will familiarize you with the following: Buffer Overflows Reasons for buffer overflow attacks Types of buffer overflow Stacks Shell code Detecting buffer overflows in a program Mutating buffer Overflow exploit Buffer overflow countermeasures Code Analysis
  • 3. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Module Flow Buffer Overflows Code Analysis Types of Buffer Overflow Reasons for Buffer Overflow Attacks Detecting Buffer Overflows In a Program Shell Code Defense against Buffer OverflowsStacks Mutating Buffer Overflow Exploit Attacking a Real Program
  • 4. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Why are Programs/Applications Vulnerable? Since there is lot of pressure to maintain the turnaround of deliverables, programmers are bound to make mistakes that are often overlooked Boundary checks are not done fully or, in most cases, they are skipped entirely Programming languages, such as C, which programmers use to develop packages or applications, have errors in it The strcat(), strcpy(), sprintf(), vsprintf(), bcopy(), gets(), and scanf() calls in C language can be exploited because these functions do not check to see if the buffer, allocated on the stack, is large enough for the data copied into the buffer Good programming practices are not adhered to
  • 5. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Buffer Overflows A buffer overrun is when a program allocates a block of memory of a certain length and then tries to stuff too much data into the buffer, with extra overflowing and overwriting possibly critical information crucial to the normal execution of the program Consider the following source code. When the source is compiled and turned into a program and the program is run, it will assign a block of memory 32 bytes long to hold the name string #include<stdio.h> int main ( int argc , char **argv) { char target[5]=”TTTT”; char attacker[11]=”AAAAAAAAAA”; strcpy( attacker,” DDDDDDDDDDDDDD”); printf(“% n”,target); return 0; } This type of vulnerability is prevalent in UNIX- and NT-based systems
  • 6. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Reasons for Buffer Overflow Attacks Buffer overflow attacks depend on two things: the lack of boundary testing and a machine that can execute code that resides in the data/stack segment The lack of boundary is very common and, usually, the program ends with segmentation fault or bus error. In order to exploit buffer overflow to gain access to or escalate privileges, the offender must create the data to be fed to the application Random data will generate a segmentation fault or bus error, never a remote shell or the execution of a command
  • 7. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Knowledge Required to Program Buffer Overflow Exploits 1. C functions and the stack 2. A little knowledge of assembly/machine language 3. How system calls are made (at the machine code level) 4. exec( ) system calls 5. How to guess some key parameters
  • 8. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Types of Buffer Overflows Stack-based Buffer Overflow Heap/BSS-based Buffer Overflow
  • 9. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Stack-based Buffer Overflow Buffer is expecting a maximum number of guests Send the buffer more than x guests If the system does not perform boundary checks, extra guests continue to be placed at positions beyond the legitimate locations within the buffer. (Java does not permit to run off the end of an array or string as C and C++ do) Malicious code can be pushed on the stack The overflow can overwrite the return pointer so that the flow of control switches to the malicious code
  • 10. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Understanding Assembly Language The two most important operations in a stack: • 1. Push – put one item on the top of the stack • 2. Pop – "remove" one item from the top of the stack • Typically, returns the contents pointed to by a pointer and changes the pointer (not the memory contents)
  • 11. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Understanding Stacks The stack is a (LIFO) mechanism that computers use both to pass arguments to functions and to reference local variables It acts like a buffer, holding all of the information that the function needs The stack is created at the beginning of a function and released at the end of it BP anywhere within the stack frame SP points here Stack growth direction
  • 12. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited A Normal Stack
  • 13. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Shellcode Shellcode is a method used to exploit stack-based overflows Shellcodes exploit computer bugs in how the stack is handled Buffers are soft targets for attackers as they overflow very easily if the conditions match "x2dx0bxd8x9axacx15xa1x6ex2fx0bxdcxdax90x0bx80x0e" "x92x03xa0x08x94x1ax80x0ax9cx03xa0x10xecx3bxbfxf0" "xdcx23xbfxf8xc0x23xbfxfcx82x10x20x3bxaax10x3fxff" "x91xd5x60x01x90x1bxc0x0fx82x10x20x01x91xd5x60x01"
  • 14. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Heap-based Buffer Overflow Variables that are dynamically allocated with functions, such as malloc(), are created on the heap Heap is a memory that is dynamically allocated. It is different from the memory that is allocated for stack and code In a heap-based buffer overflow attack, an attacker overflows a buffer that is placed on the lower part of heap, overwriting other dynamic variables, which can have unexpected and unwanted effects
  • 15. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited How to Detect Buffer Overflows in a Program There are two ways to detect buffer overflows: • One way is to look at the source code. In this case, the hacker can look for strings declared as local variables in functions or methods and verify the presence of boundary checks. It is also necessary to check for improper use of standard functions, especially those related to strings and input/output • Another way is to feed the application with huge amounts of data and check for abnormal behavior
  • 16. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Attacking a Real Program Assuming that a string function is being exploited, the attacker can send a long string as the input This string overflows the buffer and causes a segmentation error The return pointer of the function is overwritten, and the attacker succeeds in altering the flow of execution If he has to insert his code in the input, he has to: • Know the exact address on the stack • Know the size of the stack • Make the return pointer point to his code for execution
  • 17. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited NOPS Most CPUs have a No Operation (NOP) instruction – it does nothing but advance the instruction pointer Usually, we can put some of these ahead of our program (in the string) As long as the new return address points to a NOP, we are OK Attacker pads the beginning of the intended buffer overflow with a long run of NOP instructions (a NOP slide or sled) so the CPU will do nothing until it gets to the 'main event' (which preceded the 'return pointer') Most intrusion detection systems (IDSs) look for signatures of NOP sleds. ADMutate (by K2) accepts a buffer overflow exploit as input and randomly creates a functionally equivalent version (polymorphism)
  • 18. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited How to Mutate a Buffer Overflow Exploit For the NOP portion Randomly replace the NOPs with functionally equivalent segments of code (e.g.: x++; x-; ? NOP NOP) For the "main event" Apply XOR to combine code with a random key unintelligible to IDS. The CPU code must also decode the gibberish in time in order to run the decoder. By itself, the decoder is polymorphic and, therefore, hard to spot For the "return pointer" Randomly tweak LSB of pointer to land in the NOP-zone
  • 19. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Once the Stack is Smashed... Once the vulnerable process is commandeered, the attacker has the same privileges as the process and can gain normal access. He can then exploit a local buffer overflow vulnerability to gain super-user access Create a backdoor Using (UNIX-specific) inetd Using Trivial FTP (TFTP) included with Windows 2000 and some UNIX flavors Use Netcat to make raw, interactive connections Shoot back an Xterminal connection UNIX-specific GUI
  • 20. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Defense Against Buffer Overflows Manual auditing of code Disabling stack execution Safer C library support Compiler techniques
  • 21. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool to Defend Buffer Overflow: Return Address Defender (RAD) RAD is a simple patch for the compiler that automatically creates a safe area to store a copy of return addresses After that, RAD automatically adds protection code into applications that it compiles to defend programs against buffer overflow attacks RAD does not change the stack layout
  • 22. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool to Defend Buffer Overflow: StackGuard StackGuard: Protects systems from stack smashing attacks StackGuard is a compiler approach for defending programs and systems against "stack smashing" attacks Programs that have been compiled with StackGuard are largely immune to stack smashing attacks Protection requires no source code changes at all. When a vulnerability is exploited, StackGuard detects the attack in progress, raises an intrusion alert, and halts the victim program http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
  • 23. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool to Defend Buffer Overflow: Immunix System Immunix System is an Immunix-enabled RedHat Linux distribution and suite of application-level security tools Immunix secures a Linux OS and applications Immunix works by hardening existing software components and platforms so that attempts to exploit security vulnerabilities will fail safe. That is, the compromised process halts instead of giving control to the attacker, and then is restarted http://immunix.org
  • 24. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Simple Buffer Overflow in C Vulnerable C Program overrun.c #include <stdio.h> main() { char *name; char *dangerous_system_command; name = (char *) malloc(10); dangerous_system_command = (char *) malloc(128); printf("Address of name is %dn", name); printf("Address of command is %dn", dangerous_system_command); sprintf(dangerous_system_command, "echo %s", "Hello world!"); printf("What's your name?"); gets(name); system(dangerous_system_command); }
  • 25. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Summary A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold Buffer overflow attacks depend on: the lack of boundary testing, and a machine that can execute code that resides in the data/stack segment Buffer overflow vulnerability can be detected by skilled auditing of the code as well as boundary testing Once the stack is smashed, the attacker can deploy his payload and take control of the attacked system Countermeasures include checking the code, disabling stack execution, safer C library support, and using safer compiler techniques Tools like stackguard, Immunix, and vulnerability scanners help in securing systems