Howard College Buffer Overflow Report

User Generated

MYNGNA64

Programming

Howard College

Description

Submit a report on Buffer overflow attack. the report should be between 5-7 pages.

first page: Introduction and history of Buffer overflow attack

2nd page: Sample of a vulnerable problem (use the program in the Buffer overflow lab) and discussion on why it is vulnerable

third & fourth : Analysis of the program. Use GDB to run the program and inspect the stack and memory contains. Use the screenshots of GDB output for the discussion.

last pages: Develop a payload program in python so that it generates a dash shell. Run this code, generate the payload and demonstrate the Buffer overflow attack. Give detailed descriptions for each steps.


User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running Head: BUFFER OVERFLOW

1

Buffer Overflow
Name of Author
Institutional Affiliation
Date of Submission

BUFFER OVERFLOW

2
Buffer Overflow

This is a software coding setback that occurs when a process tries to write more data to a
buffer. Buffers are memory spaces of fixed lengths that are created by a program when it is run.
Once the program is run, the buffer is allocated the fixed amount memory set that the program
would otherwise need to run. Buffers are usually created to hold this fixed amount of program
data which means that any extra data sent over the set limit usually have nowhere to be stored on
the current buffer. This usually leads to the excess data overflowing to the adjacent storage and
overwriting data in these storages. The data overwrites adjacent data through the use of the
memory addresses adjacent to it. Normally this can be avoided if the program has bounds set that
check and discard any extra data when a buffer is full. These overflows are usually caused by
poor input choices during the development process. Programmers may sometimes assume the
size of certain input from the calculations of various variables. They then set the size of the
buffer to this assumed input size which becomes a problem when a variable manipulation returns
a value greater than the expected.
These overflows when they occur are known to cause the program to crash, produce
incorrect results and also lead to a lot of memory access errors. Hackers are able to exploit this
vulnerability present in many of the programs. Buffer overflows have been there since the first
reported form of buffer flow attack in 1988. The Morris Worm was a worm created during this
period to exploit the various buffers in operating systems. Since many operating systems have
well-defined memory layout programs, a script created with data aimed to cause buffer overflow
can be sent to the Operating system to enable an attacker to replace executable code memory
areas that hold them with malicious code. Operating system codes have a lot of buffers used all
around them. With that in mind, performing privilege escalation attacks to gain access to the

BUFFER OVERFLOW

3

computer's resources and have administrator-level access is quite possible. As stated earlier, the
Morris Worm was the first program to achieve this feat.
Programs written in C and C++ are quite more vulnerable to buff...

Related Tags