Sunday, January 13, 2013

Types of Buffer Overflows and Methods of Detection


Types of Buffer Overflows and Methods of Detection

Buffer overflows are exploits that hackers use against an operating system or application; like SQL injection attacks, they’re usually targeted at user input fields. A buffer overflow exploit causes a system to fail by overloading memory or executing a command shell or arbitrary code on the target system. A buffer overflow vulnerability is caused by a lack of bounds checking or a lack of input-validation sanitization in a variable field (such as on a web form). If the application doesn’t check or validate the size or format of a variable before sending it to be stored in memory, an overflow vulnerability exits.



The two types of buffer overflows are stack based and heap based.

The stack and the heap are storage locations for user-supplied variables within a run-ning program. Variables are stored in the stack or heap until the program needs them. Stacks are static locations of memory address space, whereas heaps are dynamic memory address spaces that occur while a program is running.



The picture represents a heap-based buffer overflow occurring in the lowest part of the memory and in that way it overwrites other dynamic variables.

Buffer Overflow Countermeasures

A hacker must know the exact memory address and the size of the stack in order to make the return pointer execute their code. A hacker can use a No Operation (NOP) instruction, which is just padding to move the instruction pointer and does not execute any code. The NOP instruction is added to a string before the malicious code to be executed. To bypass the IDS, the hacker can randomly replace some of the NOP instructions with equivalent pieces of code, such as [b]x++,x-;?NOPNOP[/b]. This example of a mutated buffer overflow attack can bypass detection by an IDS. Programmers should not use the built-in strcpy(), strcat(), and streadd() C/C++ functions because they are susceptible to buffer overflows. Alternatively, Java can be used as the programming language since Java is not susceptible to buffer overflows.[/center]

Related Posts:

  • Full Ultimate Cross-Site Scripting (XSS) Tutorial Tutorial provided by Zer0Pwn Hello and thanks for reading this tutorial on XSS, written by me. You may be asking as to why I'm creating this tutorial. My inbox has lat… Read More
  • WPA Network hacking and cracking with oclHashcat-plus and Backtrack Tutorial provided by Keeper oclHashcat-plus is a CPU / GPU password cracker with a huge number of options able to handle a myriad of hash types. I w… Read More
  • XPath Injection using updatexml() function Tutorial provided by: -DownFall This is a detailed XPath Injection tutorial using the updatexml() method, I'd thought I'd make a quick tutorial for it. Extrac… Read More
  • Wordlists manipulation and generation with Backtrack 5R2 Crunch application Tutorial provided by Keeper Brief Introduction: Ok. This tutorial is going to introduce you with a Backtrack application called Crunch. Mos… Read More
  • Using Hydra after connecting to network Tutorial provided by Keeper After gaining access to your network, you can check the strength of your router's access passwords by using a tool called Hydra from THC. Hydra is… Read More

0 comments:

Post a Comment