1. ART OF EXPLOIT WRITING
Ashfaq Ansari
Security Researcher & Penetration Tester
Founder Of: HackSys Team
http://hacksys.vfreaks.com/
null Meet @Bangalore – 19th Jan 2013
2. Buffer Overflow
• Writing more data into a buffer than the
allocated size.
• Two types:
– Stack Overflow
corrupt the execution stack by writing past the
end of an array (aka. smashing the stack/
stack overflow)
– Heap Overflow
corrupt the heap
3. Process Memory Organization
• Fixed by the program
Text • Read-only
Text
Data
• Initialized & Uninitialized Data
• Static variables are stored here
Heap Data
• Local variables for functions
• Return address and local stack pointer
Stack
Stack
4. The Stack - We Must Know Him
• Stack is LIFO – Last In First
LIFO Out
• PUSH & POP operation
Buffer 2
• Dynamically allocate local
Buffer 1
Used variables used in functions
• Pass parameters to
functions, etc. SFP
RET
• Stack Pointer (SP) points a
Info to the top of the stack
• Contains return address
and local stack pointer
b
c
7. Overview
• Black Box software testing technique,
which helps in finding implementation
1 bugs using malformed /semi-malformed
data injection in an automated fashion
2 • Lazy mans tool
8. The Stack - Overflow
Buffer • Overwritten by A’s & AAAA
B’s AAAA
1&2 AAAA
BBBB
SFP • Overwritten by C’s BBBB
CCCC
DDDD
AAAA
• Return Overwritten
RET by D’s AAAA
AAAA