We covered the first part of buffer overflow training using TryHackMe Buffer Overflow room which is part of the OSCP pathway. In this part, we used the IDE, immunity debugger, to perform the debugging and analysis of the executable binaries to discover buffer overflow vulnerabilities.
What is Buffer Overflow Vulnerability?
A buffer overflow occurs when an application receives more input, or different input, than it expects. The result is an error that exposes system
memory that would otherwise be protected and inaccessible. Normally, an application will have access only to a specific area of memory, called a
buffer. The buffer overflow allows access to memory locations beyond the application’s buffer, enabling an attacker to write malicious code into this memory area. For example, an application may expect to receive a string of 15 characters for a username. If it receives more than 15 characters and tries to store the data in a buffer, it can cause a buffer overflow and expose system memory. Typically it will cause the known error segmentation fault which is is clear indication that the code is vulnerable to buffer overflow.
The main cause of Buffer Overflow Vulnerability
BOF happens when the program accepts a user input and doesn’t perform the necessary checks to make sure it conforms to the parameters used to define variables. For example, a BOF can occur if the program defines a variable of 20 bytes for instance and then accepts an unlimited input size from the user. This will cause segmentation fault which is the first sign a program/binary is vulnerable to buffer overflow vulnerability
Another example of BOF vulnerabilities is integer overflow vulnerabilities. This happens when a user input is stored in a variable declared as unsigned
uint. In that case and to overflow the buffer, we send the maximum value-1t will be interpreted as0xffffffffffffffffif and only if the variable then was casted asulongin the code.
Continue Reading here.
Video Walkthrough | TryHackMe Buffer Overflow Prep