Pro Corner

Exploited: The buffer overflow
Posted in Security & Technology on February 7, 2011 , by


Many people ask, how do Hackers do what they do? How do they gain access to systems? Well basically they probe and prod until they find a vulnerability. The most common vulnerability is a buffer overflow of poorly written software. Remember most real hackers do not want to crash a system, they want control of it. So with a buffer overflow a hacker stuffs more data into a programmers buffer than what it can handle. By doing this and using some creative memory inspection tools, the hacker can see what memory location in the stack was going to be executed next. Knowing this information can allow the hacker to inject additional code to modify the return address therefor executing an additional program, in most cases a shell prompt.

So what does a poorly written program that is susceptible to an overflow look like?

Precompiled program called Overflow

This simple program has the typical buffer over flow error and copies a supplied string without having bounds checking by using strcpy() instead of strncpy(). If you run this program you will get a segmentation violation. The Buffer of the array is set to “16” in the overflow function while the for loop is looping the letter A 255 times, therefore overflowing the buffer.

Once you execute the vulnerable program and overrun the buffer you will most likely get a long string of characters. These Characters are the return address of the next function call for the program. To properly exploit the buffer you will need to convert these strings to Hex. So for example if the return address space is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…… then your return address is 41414141. By knowing the return address space and some little basic math you can inject a new return address space into the buffer of another program which could potentially execute a shell for a hacker to gain control over. Sorry readers I’m not going to show you how to do it :) but basically you do the following

Note this is an attack example, and is only used for demonstration purposes.

So while a computer is relatively safe from hacking as long as you are using the proper devices, firewalls and anti-virus/anti-malware software, they are still susceptible if you install untrusted software. Therefore, this is why most IT departments will lock down your ability to install software. Trust me it’s not because we like to keep busy… It’s because we want to make sure the systems we manage stay in our control. It’s also the responsibility of the programmers to write secure programs especially in secure or publicly accessible environments.


About Next Horizon

Backed by unparalleled technical design ability and customer service, Next Horizon is a cloud computing, web technology design and IT services company touted by clients for results-producing websites. Since 1998, Next Horizon – a Microsoft, Cisco and SonicWALL VAR – has helped customers grow their business revenue by designing and implementing efficient computer networks and successfully designing, constructing and managing business-to-business custom websites and programs. Next Horizon drives e-commerce sales from Internet visitors through strategic, creative and measurable Internet marketing campaigns. Past & current clients include: Fence Outlet, Night Lite Pediatrics, David Maas, RL Haines, Glickstein, Laval, Carris, P.A., among others.


Categories

Here are some the categories & topics to help you get around.