Buffer overflow

Overview-

Buffers are referred to as discrete, small chunks of memory used to keep data while a programme is
running, or an application is executing actions. There is a size restriction on buffer memory. If this
buffer memory is overwriting nearby data or executable code, it could lead to unanticipated
programme behaviour, such as memory access problems, false conclusions, and software crashes

Buffer overflow is defined as the condition where a programmer overwrites its adjacent memory
while writing the data. It follows LIFO (last in first out) approach, and the overflowed memory is
represented with stack structure.

How buffer overflow is used as black Hat way-

Basically, buffer overflow has two types
1. Stack based
2. Heap based

 Heap based attack: Predominantly reliant on forcing the programme to use

more memory than is permitted. This attack has its own issues and only
occasionally occurs by itself.
 Stack based- The main objective of a buffer overflow attack is to redirect a
privileged program's function so that the attacker can seize control of it; if
the programme has enough privileges, the hacker will also seize control of
the programme. For this the attacker will attack the root programme to get
root shell access but not always he will be succeeded, to achieve this the
attacker must go through to two things
1. Must develop the executable code which must me present in the
programmes address space
2. The developed code must comply with the reasonable restrictions
without affecting access to the executable code.
How buffer overflow is used as white Hat way
To prevent this attack developer and engineers must avoid using standard library that are
not boundary restricted
Buffer overflow analysis is used by developers to learn about the border values of buffers
and their maximum explosion threshold. When a programme is running, they can limit the
values or data that flow into the buffer memory. By deploying intrusion detection systems,
security managers can even prevent any attempts to access an IP address.

Shell code
Overview -
It is hacking word that denotes the usage of a small portion of code as a payload when
investigating a software vulnerability. It gained its name because it launches a command
shell that allows the hacker to take control of the computer, but people refer to any piece of
code that grants the same rights in this way. Shellcode is typically written in machine code.

Types of shell code- so there are two types of shell code-

 Local
 Remote

Local - When a hacker doesn't have complete control over the computer but can
take advantage of a weakness in one of its inner processes, they utilise this
technique. Hackers could gain access to the computer with the highest rights after
execution.

Remote - when hackers were able to control the system through the network.
Hackers typically need to grant high levels of access to the shell for TCP/IP socket
connections to be successfully executed.

How shell is used as black Hat way-

In terms of hacking, shell code is referred to as a payload. Attackers can gain
command-line access to a local or remote computer with full control over the
vulnerable process by using malicious instructions. The language used to create this
explosive code is C or C++. The software jumps to shellcode and executes the
attacker's commands as stated in shell code when the attacker successfully imports
the exploit code, which produces a severe error in the targeted system. There are
many attackers using polymorphic, self-decrypting, and various static approaches
right now.

How shell is used as white Hat way

In this virtual environment, this is still a serious threat to product developers. With
some good information on input approval, the product developers can avoid this. It
usually involves conducting a thorough study of the data that is used in the product
programme. Additionally, it can be avoided by using higher level programming
languages like Java or C# rather than C or C+