November 3, 2019 · Basic Pen-Testing Adv. Pen-Testing

6.1 : Classic buffer overflow - Background (Part I)

Background

Before you learn how to exploit a buffer overflow, you should understand how a software use memory.
I recommend you should read this https://manybutfinite.com/post/anatomy-of-a-program-in-memory/.
It is a relatively easy to understand the memory structure of a program, pretty much self explained.

Anatomy of memory In short

Location Segment Description
Top Kernel OS usage
  Stack
(Grows Down)		 Software function,
variables
  Heap
(Grows Up)		 Global variables,
not assigned from software,
for C/C++, need to use
(malloc/calloc/free) to manipulate
Bottom Text Segment binary, images, immutable

more example between Stack & Heap
https://www.gribblelab.org/CBootCamp/7_Memory_Stack_vs_Heap.html

Different languages have different implementations.

For example, NodeJS store Object in Heap, variables in Stack.
You may check for the refs upon hacking different systems.

What is inside stack?

Location Segment Description
Top Extended Stack Pointer Calling from top to bottom,
fixed memory space
  Buffer Space Dynamic memory space
  Extended Base Pointer
  Extended Instruction Pointer main programming memory manipulation
Bottom Return Address

More: http://www.godevtool.com/GoasmHelp/usstack1.htm

So what is buffer overflow?

Location Segment Description
Top Extended Stack Pointer Calling from top to bottom,
fixed memory space
  Buffer Space throw shit load of junk data here
  Extended Base Pointer if the code has poor sanitation,
we can keep poisoning the junk data
until the return address
  Extended Instruction Pointer
Bottom Return Address here is the trick,
point it into our root shell code here

So, basically, buffer overflow is

  1. trying to fill up a function point memory space,
  2. try to manipulate the return address,
  3. or even better, inserting a rootkit on the return address.