Buffer Overflow Analysis Lesson No. 01: Introduction to Buffer overflow analysis

Preface

Buffer overflow analysis is a collection of lecture notes for the video course of the same name that I recorded for "I Spring". Every time I finish writing my course documents, I will explain the course according to the contents of the document. And the content of this series is from scratch, to give you a more easy-to-digest buffer Overflow vulnerability explanation. The whole course is a combination of theory and practice, each after the completion of a few basic theories, will be coupled with the actual software in the analysis of loopholes to help you better understand the principle of the loophole.

Course Introduction

A vulnerability is a flaw in the implementation of hardware, software, protocols, or system security policies, usually caused by the negligence of the author of the program at the time of writing. The existence of the vulnerability allows an attacker to access or destroy the target system without permission, which poses a significant threat to the security of the user's system.

In general, software vulnerabilities do not affect the normal functionality of the program, but if exploited successfully by an attacker, it is possible to allow the software to execute additional malicious code. Exploit and exploit is a very advanced technology, even a piece of art, these are the top hackers ability to get the job.

Most program vulnerability mining is related to memory corruption, such as the most common buffer overflow, such as vulnerability mining technology. The ultimate goal of using such techniques is to control the execution of the target program to trick the program into running a piece of malicious code that secretly implants memory so that the hacker can make the program do almost anything he wants to do.

When it comes to spills, it's possible that the water spill is the first thing in our minds:

Fig. 1 Overflow of water

The size of the cup is fixed, if the cup is not filled, then there will be no problem. But once full, and continue to pretend, then this time, the water will continue to overflow.

Inside the computer, the input data is usually stored in a temporary space, the temporary storage space is called a buffer, the length of the buffer has been pre-defined by the program or the operating system. Fill the buffer with data, if the length of the data is longer than the buffer itself capacity, then the data will overflow storage space, and these overflow data will be overwritten on the legitimate data, this is the truth of buffer and buffer overflow.

Of course, in an ideal situation, the program checks the length of each data and does not allow the length of the buffer to be exceeded, but some programs assume that the length of the data is always matched to the allocated storage space without checking to bury the hidden danger of buffer overflow.

So what should we do with buffer overflows? In general, overflow data overwrites the contents of adjacent areas. We can use the overflow data to make the computer execute the command we want. This is what many loophole announcements say: "Hackers can use well-constructed data ..." That's the truth.

As a beginner, if you are unfamiliar with this concept, you can first interpret the buffer overflow exploit to allow an attacker to place a value longer than expected in a program variable, thereby executing arbitrary commands with the privileges of the user currently running the program.

The first buffer overflow attack--morris worm, which occurred in 1988, was made by beauty (Robert Morris), which has paralysed more than 6,000 network servers worldwide. Today, overflow attacks are still a hot topic in the security arena, such as the Cloud Network (wooyun.org) always has a report on the buffer overflow class vulnerability:

Figure 2 Overview of a software buffer vulnerability

This is a bug report on "Buffer Overflow", submitted on September 22, 2014, by Societe Generale. The following is an overflow report for the platform:

Figure 3 Summary of Stack Overflow vulnerability for a platform

The visible buffer overflow vulnerability is indeed pervasive.

Finally, we will talk about the curriculum of this series, first of all to analyze the basis of the buffer overflow vulnerability principle and the use of methods, as well as the basic ShellCode writing method, with the continuous deepening of the curriculum, I will continue to improve our ShellCode, and combined with real case analysis of loopholes. We will also introduce more kinds of buffer overflow methods, as well as high-level precautions against buffer overflow vulnerabilities. I hope that this series of courses will foster safety awareness, expand our thinking, so that after learning this series of courses, we can lay a solid foundation, so that every friend can become experts in the field of security.

Buffer Overflow Analysis Lesson No. 01: Introduction to Buffer overflow analysis