开发者

Is this how buffer overflows work?

开发者 https://www.devze.com 2023-02-16 20:42 出处:网络
I guess there are similar questions and some data on the web...but I want to be sure that I grasp the concept correctly, since all online tutorials are way too long and focus on exploits, ect. So, the

I guess there are similar questions and some data on the web...but I want to be sure that I grasp the concept correctly, since all online tutorials are way too long and focus on exploits, ect. So, the way I see it a simple buffer overflow will be something like:

//////////////////////////////////////////////////

  1. You send a string of arguments/input like that: nop instructions(x90) + shellcode + some text + address of some nop instruction.

  2. If the string is of the correct length it will override the return address ebp with the address of some of the nop instructions. Once it jumps there - it will then skip until reaching the shellcode....and the rest is history.

////////////////////////////////////////////////

I am more of a c++/php/c# type of 开发者_如何学Cguy and assembly and c are beyond my mental capabilities....lol...so seriously...or jokingly..is the description above something along the line? Plus, as far as I understand there are some protections against buffers ovs., though I don't undertand them yet. How will firewall catch this?

10x!


Smashing the stack for fun and profit is a must read for anybody who is serious about understanding how Buffer Overflows work. You will find no better answer than what that white paper provides.

Edit

If you've already read Smashing the Stack and want to go further then may I suggest reading Hacking: The Art of Exploitation 2nd Ed

Is this how buffer overflows work?


Yes, that's one way to explore a buffer overflow. This book is a great reading.

I'm not aware of any firewalls with capabilities to monitor buffer overflows on other applications (if that is what you mean).


Specifically, what you are describing is known as a NOP sled (or "slide," or "ramp"). Here is an article that provides a real-world honeypot example of this.

You can protect against an attack like this by, for example, limiting the number of characters you read in to less than the size of your buffer. More generally, network intrusion detection tools like Snort aim for broad detection and prevention in case things like lack of input validation happen to go unnoticed.

0

精彩评论

暂无评论...
验证码 换一张
取 消