Hello everyone this tutorial will cover some basics of Buffer overflow ,identifying it and some methods to prevent it which is caused due to bad programming techniques..So lets get started with What is Buffer Overflow and how can it be prevented?
A Buffer Overflow occurs when a program tries to store more data in a buffer than it is intended to hold.
Let us take a small example of a C program below:
int main(int argc,char **argv)
Considering the above program when it is compiled and run,an array “buffer”of size 11 bytes is allocated to hold the “AAAAAAAAAA” string.
“strcpy()”will copy the string “DDDDDDDDDDDD” into the array “buffer”which will exceed the buffer size of 11bytes and results in buffer overflow!!
Why are Aplications vulnerable to Buffer Overflows?
*Its because Boundary checks are not done fully or it is skipped entirely.
*Programming languages such a C have vulnerabilities in them strcat(),strcpy,etc..where C funtions do not validate target size of buffer.
Now lets see some steps of identifying buffer overflows..
Step 1: Run the web server on the local machine.
Step 2:Issue a request with long tags ending with “$$$$$” sign.
Step 3:If the webserver crashes, search core dump for “$$$$$” to find overflow location.
Step 4:you can find it by using some automated tools such as codeBlocker,eEye retina,etc
Step 5:Use deassemblers and Debuggers
Step 6: use tool such as IDA-PRO to construct an exploit
How to Detect Buffer Overflow in a program??
In this case an attacker might look for strings declared as local variables in functions or methods, and verify the presence of boundary checks.
It is also necessary to check for improper use of standard functions, especially those related to strings and input or output.
Another way is to feed the application with huge amount of data and look for abnormal behaviour.
Here is the list of Buffer overflow detection tools:
Now lets look at Program Countermeasures:
*Design Program with security in mind.
*Consider using safer compilers such as StackGuard
*Disable Stack execution
*Prevent return address to be overwritten
*Test an debug the codes to check for errors
*Validate arguments and reduce the amount of code which runs with root privilages.
*Prevent use of functions such as gets,strcpy,etc.
*Prevent all sensitive information to be overwritten.
*Make use of safe libraries
*Make use of tools that can detect buffer overflow vulnerability
Here are the list of buffer overflow security tools:
*Comodo Memory Firewall,etc..
Now lets see a tutorial on buffer overflow exploitation..
Let us consider the program below which is vulnerable to buffer overflow..
printf(“address of name is : %d\n”,name);
printf(“address of command is : %d\n”,command);
printf(“Difference between address is %d\n”,command-name);
printf(“Enter your name:”);
Copy paste the above program in ur linux environment and save it with .c extension
Then compile it using the following command: gcc buffer.c –o buffer
Run it using: ./buffer<hit enter>
Flow the inputs given in the screen shots::
The above given input was a normal input..
Now lets perform a buffer overflow..
the above given input contains more characters than the maximum characters present in name array which results in buffer overflow and it displays contents of passwd file..
similarly to obtain the Command Shell the input can be given as shown in the screenshot below:
I hope this tutorial helped programmers about some basic knowledge of buffer overflow and to prevent it..
Thank You.. :)
Article by::Kartik Durg[J-BOYZ] :D