Buffer Overflow Explained
I always got questions about buffer overflow exploitation from people who want to prepare for the OSCP exam. I was surprised to know that they did not know the background of Buffer Overflow. Do you think you know enough information about Buffer Overflow? Wait until you read the article I wrote for you.
Now, I am going to explain what Buffer Overflow is.
Stack – One of the key parts we have in memory, is responsible for running a local code.
Main
* A
Need to perform some example action:
Code Code
code code
* B
* C
In fact, as soon as this function is run, some computational action is performed, for that matter our Stack is built in such a way that every time we run code through the Main we turn to a certain function, this function performs an action and as soon as it finishes it returns to Main and once it returns to Main all written code is local code , And as soon as we finish working with this code we go back to Main and all the memory we have allocated is overridden and moves on to the next function which is actually function B
The Stack works in the form of Lifo (Last in First out) or the last one that comes in is the first one that comes out . The Stack knows how to work only with local variables, it knows how to enter a certain function, get the result and clean up.
Stack has Advantages and Disadvantages:
1. Very fast, works automatically. We do not need to initiate memory allocation / memory cleaning manually which makes our work faster.
2. Its disadvantage is that it is very small compared to the Heap, it is itself a dynamic memory, if we want to allocate memory proactively it means we will have to use functions like Malock in C to come and say how much X memory we want for our Process.
Heap – refers more to global things, for that matter: every time we write about the heap it can be accessed from any area in the code, however in Stack things only work locally for certain functions.
Advantage and disadvantage:
1. A large memory space that can be used to allocate a lot of memory
2. The heap is much slower
If we do not know how to clear the memory after us, we can cause suffocation in the memory and that we perceive a certain piece in the memory that is no longer needed and just occupied.
Code – contains all the instructions we have in Assembly that need to be loaded into the CPU and the processor needs to use Thread in order to run all of these instructions, basically this section holds all the instructions.
Data – Global variables that actually contain Predefined Variables that in the end if we now have dll or other functions that are global then Data is the one that contains them.
In C programming, there is something called Data Types, certain types of Data.
The table has Type and size.
This is just one example of Data Types, the idea is in C that if we want to assign some variable we will have to adjust it to a certain location in memory, we will have to generate something called Buffer to which we will push the memory.
What is Buffer?
If we take some example:
We will assign a Char that contains only one byte, and if we take a Char that contains 8 bytes, we will actually create a memory space that can have up to 8 bytes.
A memory buffer is basically an area that we allocate to our computer’s memory to store information that is temporary.
What is Overflow?
We have assigned some variables, and the same Char of 8 bytes is supposed to get some input from the user. The problem is that we write input that is much larger than the buffer is supposed to get. Once we do that, we write outside the buffer, and this is called overflow.
Buffers are in the program just to get information at the input/output level. The goal is to store information in a certain way for a piece of memory that we will need to use.
An example of a buffer is always the use of Credentials that we put in a username and password. Think about it that there is some input we need to give into the software the other party should get the input and should process it and store it in a certain way to use this information temporarily to allow you access or not.
That we are actually writing some information into the buffer in memory, and we are actually doing this overflow; we are entering a state of buffer overrun and have leaked out of the edge boundaries:
You can see that I have assigned 8 bytes here, note that if you assign some memory/location in the memory, the count will always start from 0 in language C, so as you can see inside the 8 bytes, you can enter the word Username, and in the 8th we pushed the smiley into the software hard to understand what to do with it.
Usually, this situation happens due to a lack of proper programming. Buffer overflow falls into the category of Input Validation Attacks. The idea is that the programmer, on the other hand, knew how to limit the buffer and give it more accurate Acceptance, basically, which means: I assign 5 bytes, and everything goes beyond these 5. I do not refer to him, and I throw him out. This means that the software does not get stuck, and nothing happens to it.
What happens to software that is incorrectly written that we are trying to do Buffer Overflow is that it will crash/get stuck/unstable.
A lot of times, we write things into the Buffer. What happens is that we leak to another location in our software. It could be in the Flow of the software that it will try to get to other locations and try to get to other information because we do kind of overwrite. The software will not work for us at all.
The idea is ultimately to get a code run by the EIP register is always the register that indicates the next instruction we want to run, what we will need to do at the end of the day is understand how we manage to control that register, once we control it and we can understand how we get there Once the buffer overflow is done we can try to rewrite the same register and we can get it to point to a location in memory that will contain malicious code that will run and we can get code execution and control of the station.
That’s it for this article.
Thank you for reading this article, I hope you find this useful.
Idan Malihi