KJSCE/IT/TY/SEM V/INS/2021-22

Batch: B2 Roll No.: 1914110 Experiment No.: 6

Aim: To simulate Buffer Overflow Attack.

Resources needed: Windows/ Kali Linux OS, C/JAVA language

Theory:
A buffer, in terms of a program in execution, can be thought of as a region of computer’s main
memory that has certain boundaries in context with the program variable that references this
memory.

For example:
char buff[10]

In the above example, „buff‟ represents an array of 10 bytes where buff[0] is the left boundary and buff[9] is
the right boundary of the buffer.

A buffer is said to be overflown when the data (meant to be written into memory buffer) gets written past the
left or the right boundary of the buffer. This way the data gets written to a portion of memory which does not
belong to the program variable that references the buffer.

Here is an example:

char buff[10];

buff[10] = 'a';

In the above example, we declared an array of size 10 bytes. Please note that index 0 to index 9 can used
to refer these 10 bytes of buffer. But, in the next line, we index 10

was used to store the value „a‟. This is the point where buffer overrun happens

Buffer overflows, if undetected, can cause your program to crash or produce unexpected results.

int main(){

char buff[10] = {0};

strcpy(buff, "This String Will Overflow the Buffer");}

As you can see that the program will write the complete string in the array „buff‟ but as the size of „buff‟ is
less than the size of string so the data will get written past the right boundary of array „buff‟. Now, depending
on the compiler you are using, chances are high that this will get unnoticed during compilation and would not
crash during execution. The simple reason being that stack memory belongs to program so any buffer
overflow in this memory could get unnoticed.
So in these kinds of scenarios, buffer over flow quietly corrupts the neighbouring memory and if
the corrupted memory is being used by the program then it can cause unexpected results.

Consider for example the software is used for authentication and the authentication resides in a
single bit in the memory. If a buffer overflow overwrites this authentication bit, then any attacker
can get authenticated.

Buffer overflow errors are characterized by the overwriting of memory fragments of the process, which
should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction
Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other errors to
occur. Usually these errors end execution of the application in an unexpected way. Buffer overflow errors
occur when we operate on buffers of char type.

Activity:

1) Students should find some vulnerability in c programming.

2) Students should use the vulnerability to implement buffer overflow
on KaliLinux. Hint: Explore Stack smash

Results:
Code:
#include <signal.h>
#include <stdio.h>
#include <string.h>
int main(){
char realPass[20];
char enteredPass[20];
printf("Enter Password: ");
strncpy(realPass, "ssssssssss", 20);
gets(enteredPass);

if (0 == strncmp(enteredPass, realPass, 20))

{
printf("LOGIN SUCCESSFULL!\n");
}
else
{
printf("LOGIN FAILED!\n");
}
raise(SIGINT);
printf("givenPassword: %s\n", enteredPass);
printf("realPassword: %s\n", realPass);
return 0;
}
Output:

Case 1: Login is successful if we enter the correct password.

Case 2: Login is unsuccessful if we enter incorrect password.

Case 3: When the buffer overflows the login is successful.

Questions:

1. Explain buffer overflow in terms of web

server attack.
Ans: Attackers use buffer overflows to corrupt the execution stack of a web application. By sending
carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary
code – effectively taking over the machine.
Buffer overflow flaws can be present in both the web server or application server products that serve the
static and dynamic aspects of the site, or the web application itself. Buffer overflows found in widely used
server products are likely to become widely known and can pose a significant risk to users of these
products. When web applications use libraries, such as a graphics library to generate images, they open
themselves to potential buffer overflow attacks.
Buffer overflows can also be found in custom web application code, and may even be more likely given the
lack of scrutiny that web applications typically go through. Buffer overflow flaws in custom web
applications are less likely to be detected because there will normally be far fewer hackers trying to find and
exploit such flaws in a specific application. If discovered in a custom application, the ability to exploit the
flaw (other than to crash the application) is significantly reduced by the fact that the source code and
detailed error messages for the application are normally not available to the hacker.

2. What are the other nonmalicous program

errors or attacks?
Ans:
1. Covert Channel:
a) A covert channel is a type of computer security attack that creates a capability to transfer
information objects between processes that are not supposed to be allowed to communicate by
the computer security policy.
b) A covert channel is so called because it is hidden from the access control mechanisms of ultra-
high- assurance secure operating systems since it does not use the legitimate data transfer
mechanisms of the computer system such as read and write, and therefore cannot be detected
or controlled by the hardware based security mechanisms that underlie ultra-high-assurance
secure operating systems.
c) Covert channels are exceedingly hard to install in real systems, and can often be detected by
monitoring system performance; in addition, they suffer from a low signal-to-noise ratio and low
data rates (on the order of a few bits per second).
d) They can also be removed manually with a high degree of assurance from secure systems by
well established covert channel analysis strategies.

2. Incomplete mediation:
a) In C program a function strcpy(buffer, input) copies the contents of the input string input to the
arraybuffer. A buffer overflow will occur if the length of input is greater than the length of
buffer.
b) To prevent such a buffer overflow, the program validates the input by checking the length
of inputbefore attempting to write it to buffer. Failure to do so is an example of incomplete
mediation.
c) Example: Input data to a web form is often transferred to the server by embedding it in a URL.
 Outcomes: CO4: Understand Security issues related to Software, Web and Networks.

Conclusion: Simulated a buffer overflow attack using C programming language. Understood how
buffer overflow attack can be exploited and provide unauthorized access to hackers.

Grade: AA / AB / BB / BC / CC / CD /DD

Signature of faculty in-charge with date

References: Books/ Journals/ Websites:
1. Charles P. Pfleeger, “Security in Computing”, Pearson Education
2. BehrouzA. Forouzan, “Cryptography and Network Security”, Tata McGraw Hill
3. William Stalling, “Cryptography and Network Security”, Prentice Hall

(Autonomous College Affiliated to University of Mumbai)