Simple Buffer Overflow Explained

In this article am gonna talk about buffer overflow attacks presents in software Before diving into exploitation you need to get information of gdb,python,bash,C,assembly and registers So, i firmly recommend to learn those stuff before diving into buffer overflow exploitation Stack based overflows are more exploitable accross the globe then heap based overflow heap and stack comes under memory allocation let’s talk about memory management in program

Memory manangemnt ft. heap and stack

Stack and heap is used for memory management stack holds the local variables and function arguments passed with their return value when the program is terminated the memory got free and relocated when the another program executes while on the other hand Heap is used to store the global variables of program and also allocatoon and de allocation of memory

Registers

There are many registers in the assembly i won’t go in deep in short I will make another post explaining registers and their functions there is a important register call EIP which holds the next command to be executed in program

way eip register control the flow of program and holds the next command to be executed in program if we can control the EIP register There are various techniques used to prevent buffer overflows like ASLR,CANARY,DEP/NX,PI we can bypass all the security mechanism with the help of rop chains and other obsufacted techniques

simple buffer overflows

consider the following C program:

#include <stdio.h>

int main()
{
        char buff[10];
        printf("Enter your name: ");

        gets(buff);  #potential dangerous functions which won't check bound limits we can supply as many arguments we want leads to overflow of stack
        printf("hello %s" ,buff);
        return 0;
}

In this section we can see we see in gdb we successfully write the EIP register In upcoming articles we delibrately overwrite the EIP register by fiding offset and writing our custom exploits

so , in above code it took length of 10 buffer but we are using gets() function that function in C is potential dangerous because it doesn’t check length of input and takes arbitrary user input so what happen if we provide 1000 of “A” or any other chracter the program will simply throw a error of segmentation fault Segmantion error occurs when program crashes