Professional Documents
Culture Documents
CEHV8 - Module 18 - Labs Buffer Overflow
CEHV8 - Module 18 - Labs Buffer Overflow
B u f f e r O v e r f lo w
M o d u le 1 8
Module 18 - Buffer Overflow
Test your Hackers continuously look for vulnerabilities 111 software or a computer to break into
knowledge the system by exploiting these vulnerabilities.
sA W eb exercise
The most common vulnerability often exploited is die buffer overflow attack, where
m W orkbook review a program failure occurs eidier 111 allocating sufficient memory for an input string or
111 testing die lengdi o f string if it lies within its valid range. A hacker can exploit such
a weakness by submitting an extra-long input to the program, designed to overflow
its allocated input buffer (temporary storage area) and modify the values of nearby
variables, cause the program to jump to unintended places, or even replace the
program's instructions by arbitrary code.
If the buffer overflow bugs lie 111 a network service daemon, the attack can be done
by direcdy feeding the poisonous input string to the daemon. If the bug lies 111 an
ordinary system tool or application, with no direct access, the hacker attaches the
poisonous string widi a document or an email which, once opened, will launch a
passive buffer overflow attack. Such attacks are equivalent to a hacker logging into
the system widi die same user ID and privileges as die compromised program.
Buffer overflow bugs are especially common 111 C programs, since that language
does not provides built-in array bound checking, and uses a final null byte to mark
the end of a string, instead o f keeping its length 111 a separate field. To make dungs
worse, C provides many library functions, such as s t r c a t and g e t l i n e , which copy
strings without any bounds-checking.
As an expert ethical hacker and penetration tester, you must have sound
knowledge of when and how buffer overflow occurs. You must understand stacks-
based and heap-based buffer overflows, perform penetration te s ts for detecting
buffer overflows in programs, and take precautions to prevent programs trom
buffer overflow attacks.
Lab Objectives
The objective o f tins lab is to help students to learn and perform buffer
overflow attacks to execute passwords.
111 tins lab, you need to:
■ Prepare a script to overflow buffer
■ Run the script against an application
Lab Duration
Time: 20 Aluiutes
2* TASK 1
Lab Tasks
Overview Recommended labs to assist you 111 buffer overflow:
■ Enumerating Passwords 111 “Default Password List”
o W rite a Code
o Compile die Code
o Execute the Code
o Perform Buffer Overflow Attack
o Obtain Command Shell
Lab Analysis
Analyze and document the results related to the lab exercise. Give your opinion on
your target’s security posture and exposure.
Lab Objectives
The objective o f tins lab is to help students to learn and perform buffer
overflow to execute passwords.
111 tins lab, you need to:
Lab Duration
Time: 20 Minutes
{ 3 4 5 6 7 89 10
char B u fferfll] =״AAAAAAAAAA;״ ■cA A A A A A A A A A \0
strcpylBuffer/DDDDDDDDDODD;}״
printf(“96 \n ״. Buffer);
1 2 3 4 i
S7 6״
return 0;
Lab Tasks
S TASK 1
1. Launch your Back Track 5 R3 Virtual Machine.
Write a Code
2. For bdogin, type root and press Enter. Type the password as toor, and
press Enter to log 111 to BackTrack virtual maclune.
cklrack 5 JO - 64 B it bt t t y l
m Codewhichis entered
inkedit is case-sensitive.
ca Programminglanguages
commonlyassociatedwith
<< back track
buffer overflowsincludeC
andC++.
nam e);
p r i n t f ("E n te r your n am e:");
g e ts (n a m e );
p r i n t f ("H ello % s\n",nam e);
system (com m and);
}
>׳׳ v x *u n s a v e d Docum ent 1 ־g e d it
File Edit View Search Tools Documents Help
^ ^ ^ J o p e n ▼ ^_Save Undo
Ii=y1 Codeis compiledusing ^ 9k
the followingcommend:gee n *Unsaved Document 1 X
buffer.cbiiffer. # 1 nclude<std 10 .h>
v o id m ain()
{
char •name;
char •command;
name=(char * )m a llo c (1 0 );
command=(char *)m a llo c (1 2 8 );
p r in tf(" a d d re s s o f name i s : % d\n",name);
p r in tf(" a d d re s s o f command is:% d\n",comm and);
p r i n t f ( “ D iffe re n c e between address is :%d\n“ ,command-name);
p r in t f ( " E n t e r your name:“ ) ;
gets(nam e);
p r in t f ( " H e llo % s\n",name);
system( command);
Now launch die command terminal and compile die code by running:
/v v x ro o t @ b t : -
The programexecutes
usingfollowingcommand:
.!buffer
: b a c k I tra c k
FIGURE 1.8: BackTrackError MessageWindow
— j 10. To execute the program type . /buffer
־־ * ro o t@ b t: ~
m Anexecutableprogram
■
on adiskcontains a set of
binaryinstructions tobe
executedbydieprocessor.
. b ack tra c k ^ ) 1
ם
FIGURE 1.9: BackTrackExecutingProgram
11. Type any name in die Input held and press Enter; here, using Jason as an
example.
» - :v x ro o t@ b t
c a Buffer overflowswork
bymanipulatingpointers
(includingstoredaddresses).
b a ck I tra c k
FIGURE 1.10: Input Field
12. Hello Jason should be printed.
/\ - :v x ro o t@ b t
״o o t® b t:~ # fl
b a c k I tra c k
FIGURE 1.11: HelloJason
B T A S K 4
13. Now, overflow the buffer and execute the listed system commands.
Obtain Command 18. Run die program again ./buffer and tvpe
Shell 12345678912345678912345678912345/ b i n / s h 111 the Input held.
/v v x r o o t@ b t: -
back tra c k
FIGURE 1.13: Executing12345678912345678912345678912345/hin/sh
19. Type Exit 111 Shell !Console 01 ־close the program.
Lab Analysis
Analyze and document die results related to die lab exercise. Giye your opinion 011
your target’s security posture and exposure.
Questions
1. Evaluate various m ethods to prevent buffer overflow.
2. Analyze how to detect run-time buffer overflow.
3. Evaluate and list the com m on causes o f buffer-overflow errors under
.N ET language.
In te rn e t C o n n ectio n R eq u ired
D Yes 0N o
P latform S upported
0 C lassroom 0 !Labs