Download to read offline
![12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 5/8
Simple Program
#include <stdio.h>
#include <string.h>
void secretfunction(void)
{
puts("You have been Hacked!!");
}
void pass(void)
{
char pass[10] = "zilogic";
char buff[20];
int flag = 0;
gets(buff);
if (!strcmp(buff, pass))
flag = 1;
if (flag)
puts("Password CorrectnAuthorization
Granted!!");
else
puts("Password Wrong");
}
int main(void)
{
printf("Enter Passwordn");
pass();
return 0;
}](https://image.slidesharecdn.com/bufferoverflowexploit2-161201051634/85/Buffer-OverFlow-Exploit-5-320.jpg)
![12/1/2016 Buffer Overflow Exploit (2)
file:///home/user/Desktop/queue/bufferover.html#(2) 5/8
Simple Program
#include <stdio.h>
#include <string.h>
void secretfunction(void)
{
puts("You have been Hacked!!");
}
void pass(void)
{
char pass[10] = "zilogic";
char buff[20];
int flag = 0;
gets(buff);
if (!strcmp(buff, pass))
flag = 1;
if (flag)
puts("Password CorrectnAuthorization
Granted!!");
else
puts("Password Wrong");
}
int main(void)
{
printf("Enter Passwordn");
pass();
return 0;
}](https://image.slidesharecdn.com/bufferoverflowexploit2-161201051634/75/Buffer-OverFlow-Exploit-5-2048.jpg)
Uploaded bySuresh Krishna
Buffer OverFlow Exploit
This document discusses buffer overflow exploits. It defines a buffer overflow as when a program overruns a buffer's boundary and overwrites adjacent memory locations. This can allow malicious code to be executed by replacing executable code. A simple C program example is provided to demonstrate this vulnerability. The document also mentions the 1988 Internet worm, which took down 10% of the Internet at the time by exploiting a buffer overflow in the finger program. Safer alternatives to vulnerable functions like gets() that cause buffer overflows are suggested.
Buffer OverFlow Exploit
- 1. 12/1/2016 Buffer OverflowExploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 1/8 Buffer Overflow Exploit Suresh Krishna
- 2. 12/1/2016 Buffer OverflowExploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 2/8 Table of Contents 1. What is Buffer Overflow? 2. Simple Program. 3. Worm of 1988. 4. Safer side.
- 3. 12/1/2016 Buffer OverflowExploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 3/8 What is Buffer Overflow? Buffer Overflow is a situation where a program overruns the buffer’s boundary and overwrites adjacent memory locations. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code, and replace it with malicious code. Can be caused by using "gets".
- 4. 12/1/2016 Buffer OverflowExploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 4/8 Pictoral View
- 5. 12/1/2016 Buffer OverflowExploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 5/8 Simple Program #include <stdio.h> #include <string.h> void secretfunction(void) { puts("You have been Hacked!!"); } void pass(void) { char pass[10] = "zilogic"; char buff[20]; int flag = 0; gets(buff); if (!strcmp(buff, pass)) flag = 1; if (flag) puts("Password CorrectnAuthorization Granted!!"); else puts("Password Wrong"); } int main(void) { printf("Enter Passwordn"); pass(); return 0; }
- 6. 12/1/2016 Buffer OverflowExploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 6/8 Worm of 1988 The Worm is named after its creator and releaser, Robert Tappan Morris. The worm made use of the buffer overflow vulnerability in the finger program. It took down nearly 10% of the Internet of that time.
- 7. 12/1/2016 Buffer OverflowExploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 7/8 Alternatives 1. fgets() 2. getline();
- 8. 12/1/2016 Buffer OverflowExploit (2) file:///home/user/Desktop/queue/bufferover.html#(2) 8/8 Thank You!