Professional Documents
Culture Documents
CPEN341 Chap2 Attacks Security Services
CPEN341 Chap2 Attacks Security Services
https://nvd.nist.gov/vuln/search/statistics
https://nvd.nist.gov/vuln/search/statistics
Data
Executable Code
int main() {
my_fct(3, 4);
}
UOB - Fall 2021-22 CPEN341 - C. Mokbel 26
Buffer Overflow
• Stack Frame
16 12 4 4 4 4
int main() {
int i = 0;
my_fct(3, 4);
i = 1;
printf (“%d\n”, i);
}
• What is printed?
UOB - Fall 2021-22 CPEN341 - C. Mokbel 29
Buffer Overflow
• How an attacker would use buffer overflow to
hijack the execution of a program?
– All NULL bytes shall be removed from the character
buffer to overflow
• E.g. using xor
– Overwrite the ret address to redirect execution:
• Some code injected in the buffer
• To some library function
– Metasploit.org
– Trial and error to know where the buffer starts
UOB - Fall 2021-22 CPEN341 - C. Mokbel 30
Buffer Overflow
• Forking or Spawning a shell
– Generate the attack code:
char shellcode[] =
“\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89”
“\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c”
“\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff”
“\xff\xff/bin/sh”;
• Get the attack code to execute
– Fill the buffer with the shell code followed by the address of the
beginning of the code
• Address of the beginning of the code is difficult to find
• Adding NOP instructions (0x90) will increase your chance
https://nvd.nist.gov/vuln/search/statistics
Assess
Monitor
(Identify
and
and
Report
Analyze
Handle (Mitigate
the risk)
ENISA
UOB - Fall 2021-22 CPEN341 - C. Mokbel 43
Cybersecurity Framework
• Benefits of defining a framework
– Managing practices
– Defining an order and better organizing the
sector
– Going from tools to architecture/policy to
strategy/governance
Risk Risk
Monitoring Assessment
Risk
Response