published
updated
:▓▐▟▘▙: %date
=### exploits =
Buffer Overflow
A buffer overflow happens when you place data into a variable that is larger than the memory that was allocated for the data. This leads to whatever was next in the memory being overwritten, possibly for malicious purposes.
memory
a program is made up of 5 segments, they are ordered in this way:
- text -> code, fixed size
- data -> global and static variables, fixed size
- bss -> uninitialized variables, fixed size
- heap -> stores whatever the programmer wants, variable size, grows downwards towards the stack
- stack -> temporary scratch pad, variable size, grows upwards towards the heap
the stack is built of stack frames. the EBP also known as FP (frame pointer) refers to local function variables in the current stack frame. each frame contains context for the current function, and two pointers; the SFP (saved frame pointer) and return address. These pointers help put things back together. The SFP returns the EBP to it's previous value, and the return address changes the EIP to it's old value.
storing memory on the heap requires the system call 'malloc()'. it takes a single argument (size) and returns a void pointer to the address. in case it fails to allocate the memory, it will return a null pointer (0x0), so error checking is required! deallocating it is done through 'heap()', it takes a single argument (pointer) and frees that address
c lang
pointers -> are memory address that point to other memory addresses address of (&) -> takes a variable and tells you the memory location of it dereference (*) -> takes a pointer and tells you the value of the address it is pointing to
various format strings require either a variable or a pointer; be careful! %s -> string, needs a pointer %p -> pointer, short hand for 0x%08x (0x<0 padded 8 hexadecimal>), obviously for a pointer %d -> decimal, needs a variable etc...
scanf uses format strings to take input, but requires a pointer! (check input.c)
you can also take input through command line arguments:
./
seg fault: when you try to access a memory segment that is outside the memory allocated to your program A good way to debug these is with gdb, because you can see which line tried to access which memory address that lead to the seg fault (for example, check the memory that is stored in argv, they're all pointers to other memory address)
scoping: be default all variables declared in a function are local to that function. a global variable must be defined outside of any function. if there is a clash, preference is given to local variables.
static: static variables will retain their value outside their scope and are only initiliazed once.
gdb
list -> show source code if compiled with -g command in gcc
disassemble main (disass main) -> fairly obvious
break main -> set break point to main
run -> execute to break point
info register
gdb examine command
format letters for the examine (x) command: o: octal x: hexadecimal u: unsigned base-10 decimal t: binary i: instruction c: character s: string d: integer(?) &: address of -> returns the address of the variable rather than the variable itself *: dereference -> take the value of the pointer rather than the address it is pointing to
registers can be referenced using $
we can also choose to show more data around the register we are examining by adding a number before the format like so:
x/12x
opening with gdb
compile: gcc -g -o
Register names
EBP -> base pointer ESP -> stack pointer ESI -> source index EDI -> destination index EIP -> instruction pointer General purpose registers include EAX, ECX, EDX, EBX. Accumulator, Counter, Data and Base respectively