Skip to content
/ Buffer-Overflows Public

An introduction to buffer overflow vulnerabilities exploitation.

License

MIT license
14 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JasonPap/Buffer-Overflows

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
hyperuser
hyperuser
 
 
masteruser
masteruser
 
 
shellcode
shellcode
 
 
superuser
superuser
 
 
CompSec1_Report.pdf
CompSec1_Report.pdf
 
 
LICENSE
LICENSE
 
 
Readme.md
Readme.md
 
 

Repository files navigation

Introduction to buffer overflows

As a first project for my University's Computer Security course I was tasked to find and exploit buffer overflow vulnerabilities on three different simple programs.

Prerequisites

Before diving into buffer overflows you should be familiar with:

  • Basic C/C++ understanding.
  • Linux permissions.
  • Basic Assembly knowledge.
  • GDB and program memory allocation (stack, frames).

The GNU project debugger (a.k.a. GDB) is especially useful and since I won’t go into details on how to use it, if you’re not familiar with go check the docs or any good tutorial. The parts that are useful to this project are: disassembling the program, inspecting variable content and print frame information such as saved return address.

Now you can start reading about buffer overflows here.

(also the GDB manual here)

The scenario

There are three other users on the same Linux machine so the /home directory looks like this:

jason@linux /home $ ls

hyperuser jason masteruser superuser

Each of the users (superuser, hyperuser, masteruser) have an executable on their home directory which can be executed by other users and runs with the suid bit enabled. That means that when executed the program will have the owners privileges and not the privileges of the user executing it.

Each user also have a secret.txt file which can be read only by him.

Aim of the project

The goal is to introduce students to buffer overflow vulnerabilities. In order to reveal the final secret, each of the three secrets from superuser, hyperuser and masteruser must be combined.

Each of the executables have a different flaw that must be exploited with the ultimate goal in each case to create a Shell running with the victim's privileges.

  • superuser: he has the convert.c program without any protection against buffer overflows and is the easiest target.
  • hyperuser: has the arpsender.c program which uses a canary to protect against buffer overflows. (not ready yet)
  • masteruser: has the zoo.cpp program that must be exploited using the VPTR. (not ready yet)

Links

  • Computer Security course website
  • Course slides on b.o. here
  • "Smashing the stack for fun and profit" great introduction to buffer overflows here.

License

MIT License - fork, modify and use however you want.

About

An introduction to buffer overflow vulnerabilities exploitation.

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages