GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08Ĭopyright (C) 2011 Free Software Foundation, Inc. With gcc and diassemble it with ~/Desktop$ gcc -ggdb test.c -o ~/Desktop $ gdb test void test_func ( ) To understand what the program does to call function() we compile it Lets write a small function which allows buffer overflow exploit. Now we are all set for the stack buffer overflow experiment. eip – the instruction pointer (eip) points to the next machine instruction.ebp – the base pointer (ebp) points to the top of the current stack frame.esp – the stack pointer (esp) points to the top of stack, (TOS).A LIFO structure with pop and push operations grows from 0xBFFFFFFF down.īefore diving into the code lets have a look at registers.
stack segment - memory area where automatic variables are stored.data segment - space for variables and dynamic buffers.code segment - data in this segment are assembler instructions that the processor executes.To see how and where an overflow takes place, lets take a look at image how memory is organized. To be overwritten by arbitrary input and making the process execute this code. The stack buffer overflow is to overwrite parts of memory which aren't supposed Now question is what was the exploit ? Well, answer is stack buffer overflow. How many times have you seen this error and ignored ? warning:the `gets' function is dangerous and should not be used.
One particularly gaping hole in the gets() library call, allowed the virus to create a root shell on a remote machine! Let’s dig into that hole more closely. Worm exploited several holes in the UNIX operating system. The aim of the worm was to propagate slowly and measure the size of internet.There was a bug, which cause worm to be replicating and reinfecting machines at a much faster rate. Robert Morris a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating, self-propagating program called a worm and injected it into the Internet.
/filters:no_upscale()/articles/Java-Bytecode-Bending-the-Rules/en/resources/fig1_final.jpg "stack smashing detected virtual machine")
On November 2nd, 1988 the famous Internet Worm “Morris Worm” brought down 60,000 machines.
0 kommentar(er)
