Free Essay

Lab About Buffer Overflow Attack

In: Computers and Technology

Submitted By tello
Words 482
Pages 2
Tasks 1) Open linux terminal and compile victimFile.c, and run it. Type the message that you see: After running and compiling the victimFile.c the massage shown was: you didn’t provide any argument: ./.out <string>

2) Check the source code of victimFile.c by opening the file in an editor. Which variable can be used to apply a buffer overflow attack? Why? var, because the input variable will be used inside the copy function and will copy it to var; and var is array of characters with fixed size of 20.

3) Run the file with an argument that will cause an exception (execution error). How long was your argument? (How many letters)?
Since var max size is 20, so any argument that is more than 20 will cause an exception. Example “123456789123456789123” 21 letters as shown below:

4) Disable the buffer overflow protector that linux has, and try to overflow the buffer by increasing the length of your argument until you receive “Segmentation fault”. How long is the argument now?
After disabling the buffer overflow protector using –fno-stack-protector, now we can overwrite into the stack without Abort. An argument of length 32 causes the segmentation fault. 20 (var) + 4 (var2)+ 4(input)+ 4(bptr) =32

5) a) In this step we created the script.pl file that needs arguments and the address to where it should jump. In our case we want to jump to hacked function.

b) We run the gdb tool using “gdb a.out”. After that, using “(gdb) disassemble hacked” the assembly code of the function hacked was shown as below. The first shown address next to push is the address of the hacked function; which is “0x080484b7”.

c) In the script.pl, we filled the argument of size 36 (size of string needed to reach the eip pointer) concatenated with function hacked address (which will come inside eip pointer), in reserved order as shown below: * 20 (var) + 4 (var2)+ 4(input)+ 4(bptr)+ 4 (return address) =36

6) Finally we run the script file using “perl script.pl”. And the message “Can you see me now?” inside the hacked function will be shown as below:

Optional:
In this step, we will be able to know the length of the argument to be used in the buffer overflow without looking into the code. * First we generated a string of random length using pattern_create. * After running the a.out file, the generated string will fill into the stack. We need to know the part of the string that filled the eip pointer; this can be done by viewing the content of the registers using “info registers”. Then we took the content of the eip pointer and compared it with the generated string using pattern_offset. This will give the length of the string needed to reach the eip pointer; which is 36 as shown below:

Similar Documents

Premium Essay

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...

Words: 6103 - Pages: 25

Free Essay

Ceh Course

...EC-Council CEH v7 Course Outline Course Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50 Who Should Attend This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration 5 days (9:00 – 5:00) Certification The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification. Page 2 EC-Council Legal Agreement Ethical Hacking and Countermeasures course mission is to educate...

Words: 458 - Pages: 2

Premium Essay

Fdess

...Hands-On Ethical Hacking and Network Defense Second Edition Chapter 3 Network and Computer Attacks Objectives • After this lecture and completing the exercises, you will be able to : – Describe the different types of malicious software and what damage they can do – Describe methods of protecting against malware attacks – Describe the types of network attacks – Identify physical security attacks and vulnerabilities Hands-On Ethical Hacking and Network Defense, Second Edition 2 Malicious Software (Malware) • Network attacks prevent a business from operating – Malicious software (malware) • Virus • Worm • Trojan program – Goals • • • • Destroy data Corrupt data Shutdown a network or system Make money 3 Hands-On Ethical Hacking and Network Defense, Second Edition Viruses • Virus attaches itself to a file or program – Needs host to replicate – Does not stand on its own – No foolproof prevention method • Antivirus programs – Detection based on virus signatures • Signatures are kept in virus signature file • Must update periodically • Some offer automatic update feature Hands-On Ethical Hacking and Network Defense, Second Edition 4 Table 3-1 Common computer viruses Hands-On Ethical Hacking and Network Defense, Second Edition 5 Viruses (cont’d.) • Encoding using base 64 – – – – – – – – Typically used to reduce size of e-mail attachments Also, used to encrypt (hide) suspicious code. Represents zero to 63 using six bits A is 000000… Z is 011001 Create groups of four characters...

Words: 1394 - Pages: 6

Premium Essay

Information System Controls for Systems Reliability

...CHAPTER 7 INFORMATION SYSTEM CONTROLS for SYSTEMS RELIABILITY SUGGESTED ANSWERS TO DISCUSSION QUESTIONS 7.1 1. Encryption is the final layer of preventative controls in that encrypting data provides a barrier against an intruder who has obtained access to company data. Encryption employing a digital signature and a public key infrastructure (PKI) can also strengthen authentication procedures and helps to ensure and verify the validity of e-business transactions. The digital signature is some sort of identifying information about the signer that is encrypted with the signer’s private key. This identifying information can only be decrypted using the corresponding public key. Since a private key is only known to it’s owner, only the owner can hold both the public and the private key and be the creator of the digital signature. Thus, digital signatures can be used to authenticate a particular party involved in a transaction as being the creator of a document. This provides for non-repudiation: the creator of the digital signature cannot deny having signed a document.. A digital certificate is an electronic document that is digitally signed by a trusted third party that certifies the identity of the owner of a pair of public and private keys. The PKI is a system that is used to process and manage the public and private keys used in digital signatures and digital certificates. An organization that handles digital certificates is called a certificate...

Words: 5091 - Pages: 21

Free Essay

Ceh Test Questions

...is just a cracker who is getting paid. Answer: C Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. QUESTION 2: What does the term "Ethical Hacking" mean? A. Someone who is hacking for ethical reasons. B. Someone who is using his/her skills for ethical reasons. C. Someone who is using his/her skills for defensive purposes. D. Someone who is using his/her skills for offensive purposes. Answer: C Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. QUESTION 3: Who is an Ethical Hacker? A. A person whohacksfor ethical reasons B. A person whohacksfor an ethical cause C. A person whohacksfor defensive purposes D. A person whohacksfor offensive purposes Answer: C Explanation: The Ethical hacker is a security professional who applies his hacking skills for defensive purposes. Actualtests.com - The Power of Knowing 312-50 QUESTION 4: What is "Hacktivism"? A. Hacking for a cause B. Hacking ruthlessly C. An association which groups activists D. None of the above Answer: A Explanation: The term was coined by author/critic Jason Logan...

Words: 34575 - Pages: 139

Premium Essay

Lot2 Task2

...Hacking Countermeasures & Techniques Distributed Denial of Service (DDoS) Best Practices Guide to Counter DDoS attacks: This Guide will cover Best Practices to counter DDoS attacks like the attack on the Universities Registration System Server (RSS) by infected computers (Bots). The attack by rogue software installed on computers located in University Computer Labs resulted in the shutting down web access to the RSS system. Coordinated by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. This prevented students from accessing the Web site/server for legitimate traffic during the attack. (Schifreen, R. (2006)) This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. (Specht, S. M., & Lee, R. B. (2004)) These best practices would help prevent and/or reduce the effects of such attacks. Industry best practices to counter DDoS attacks start with documentation that addresses procedures to be followed before, during, and after an attack. (Schifreen, R. (2006)) The establishment of a Security Incident Response Team (SIPT) trained to react to incidents reduces damage and duration of outages. Best practices include; training, network configuration, patch management, access control lists, encryption, intrusion detection, intrusion prevention, and traffic shaping. (Cunningham, B, Dykstra, T, Fuller, E, Gatford, C, Gold, A, Hoagberg, M, Hubbard, A, Little, C, Manzuik, S,...

Words: 1240 - Pages: 5

Premium Essay

Practical Verification & Safeguard Tools for C/C++

...P ra c t i c a l ve ri f i c a t i o n & s a fe g u a rd tools for C/C++ F Michaud . R. Carbone DRDC Valcartier Defence R&D Canada – Valcartier Technical Report DRDC Valcartier TR 2006-735 November 2007 Practical verification & safeguard tools for C/C++ F. Michaud R. Carbone DRDC Valcartier DRDC Valcartier Technical Report DRDC Valcartier TR 2006-735 November 2007 Principal Author Approved by Yves van Chestein Head/IKM Approved for release by Christian Carrier Chief Scientist c Her Majesty the Queen in Right of Canada as represented by the Minister of National Defence, 2007 c Sa Majest´ la Reine (en droit du Canada), telle que repr´sent´e par le ministre de la e e e D´fense nationale, 2007 e Abstract This document is the final report of an activity that took place in 2005-2006. The goal of this project was first to identify common software defects related to the use of the C and C++ programming languages. Errors and vulnerabilities created by these defects were also investigated, so that meaningful test cases could be created for the evaluation of best-ofbreed automatic verification tools. Finally, when relevant, best practices were inferred from our experiments with these tools. ´ ´ Resume Ce document est le rapport final d’un projet de recherche qui a eu lieu en 2005-2006. Le but de ce projet ´tait avant tout d’identifier les d´fauts logiciels courants li´s ` l’utilisation des e e e a langages de programmation C et C++. Les erreurs et vuln´rabilit´s...

Words: 22394 - Pages: 90

Premium Essay

Lot Task2

...LOT2 Task 2 5/24/2013 Best Practices in Prevention of DoS/DDoS Attacks This guide is meant to describe best practices for the detection and prevention of denial of service attacks, such as the event that recently occurred at the university. It was determined that based on current security guidelines and current controls in place, the university was still severely vulnerable from an internal aspect and all identified gaps need to be addressed and resolved. Each control described below will provide a more in depth look at the overall strategy of how a network should be protected but still allow for the functionality that is required to maintain normal operations. Know the Signs of an Attack An essential part of network security is knowing what the characteristics of an attack are, so they can be countered or prevented. When the university suffered an overwhelming internal DDoS attack, it required administrators to reevaluate its security guidelines based on what was known about the attack. As seen at the time of attack, certain characteristics were: Network performance unusually slow Website was unavailable for at least 24 hours Thousands of bogus HTTP packets sent to internal web server Taking these factors into account, it can be safe to say it was an actual attack rather than just legitimate network usage. Now that it is known what such an event would look like, identifying similar attacks in the future will be much easier and may allow for limited down...

Words: 1264 - Pages: 6

Free Essay

A Hands on Intro to Hacking

...Penetration testing Penetration testing A Hands-On Introduction to Hacking by Georgia Weidman San Francisco Penetration testing. Copyright © 2014 by Georgia Weidman. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in USA First printing 18 17 16 15 14   123456789 ISBN-10: 1-59327-564-1 ISBN-13: 978-1-59327-564-8 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Mertsaloff/Shutterstock Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: Jason Oliver Copyeditor: Pamela Hunt Compositor: Susan Glinert Stevens Proofreader: James Fraleigh Indexer: Nancy Guenther For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data Weidman, Georgia. Penetration testing : a hands-on introduction to hacking / Georgia Weidman. pages cm Includes index. ISBN 978-1-59327-564-8 (paperback) -- ISBN 1-59327-564-1 (paperback) 1. Penetration testing (Computer security) 2. Kali Linux. 3. Computer hackers. QA76.9.A25W4258 2014 005.8'092--dc23 2014001066...

Words: 117203 - Pages: 469

Premium Essay

Computer Tricks

...EC-Council Press | The Experts: EC-Council EC-Council’s mission is to address the need for well educated and certified information security and e-business practitioners. EC-Council is a global, member based organization comprised of hundreds of industry and subject matter experts all working together to set the standards and raise the bar in Information Security certification and education. EC-Council certifications are viewed as the essential certifications needed where standard configuration and security policy courses fall short. Providing a true, hands-on, tactical approach to security, individuals armed with the knowledge disseminated by EC-Council programs are securing networks around the world and beating the hackers at their own game. The Solution: EC-Council Press The EC-Council | Press marks an innovation in academic text books and courses of study in information security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certification programs to fit academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certification: C|EH – Certified Ethical Hacker Certified Ethical Hacker is a certification...

Words: 61838 - Pages: 248

Premium Essay

Blackjacking Security

...Blackjacking Security Threats to BlackBerry® Devices, PDAs, and Cell Phones in the Enterprise Daniel Hoffman Wiley Publishing, Inc. Blackjacking Blackjacking Security Threats to BlackBerry® Devices, PDAs, and Cell Phones in the Enterprise Daniel Hoffman Wiley Publishing, Inc. Blackjacking: Security Threats to BlackBerrys, PDAs, and Cell Phones in the Enterprise Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-12754-4 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make...

Words: 83592 - Pages: 335

Premium Essay

Windows Fundamentals

...within the last two weeks. Answer: B Explanation: 2 QUESTION NO: 4 Which of the following devices is BEST suited for servers that need to store private keys? A. Hardware security module B. Hardened network firewall C. Solid state disk drive D. Hardened host firewall Answer: A Explanation: QUESTION NO: 5 All of the following are valid cryptographic hash functions EXCEPT: A. RIPEMD. B. RC4. C. SHA-512. D. MD4. Answer: B Explanation: QUESTION NO: 6 Which of the following can prevent an unauthorized person from accessing the network by plugging into an open network jack? A. 802.1x B. DHCP C. 802.1q D. NIPS Answer: A Explanation: 3 QUESTION NO: 7 A targeted email attack sent to Sara, the company’s Chief...

Words: 14377 - Pages: 58

Free Essay

Lab #10 Securing the Network with an Intrusion Detection System (Ids)

...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides...

Words: 3209 - Pages: 13

Premium Essay

Test Paper

...support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications, including CompTIA A+, Network+, Security+, and CASP; (ISC)2 SSCP and CISSP; Microsoft MCSE and MCITP, and ITIL Foundations. In response to repeated requests, Darril created the http://gcgapremium.com/ site where he provides study materials for several certification exams, including the Security+ exam. Darril regularly posts blog...

Words: 125224 - Pages: 501

Free Essay

Df Sdfsdf Sdfsdf Sdfsdfsdf

...THREAT MODELING AND ITS USAGE IN MITIGATING SECURITY THREATS IN AN APPLICATION Thesis Submitted in partial fulfillment of the requirements for the degree of MASTER OF TECHNOLOGY in COMPUTER SCIENCE & ENGINEERING - INFORMATION SECURITY by EBENEZER JANGAM (07IS02F) DEPARTMENT OF COMPUTER ENGINEERING NATIONAL INSTITUTE OF TECHNOLOGY KARNATAKA SURATHKAL, MANGALORE-575025 JULY, 2009 Dedicated To My Family, Brothers & Suraksha Group Members DECLARATION I hereby declare that the Report of the P.G Project Work entitled "THREAT MODELING AND ITS USAGE IN MITIGATING SECURITY THREATS IN AN APPLICATION" which is being submitted to the National Institute of Technology Karnataka, Surathkal, in partial fulfillment of the requirements for the award of the Degree of Master of Technology in Computer Science & Engineering - Information Security in the Department of Computer Engineering, is a bonafide report of the work carried out by me. The material contained in this report has not been submitted to any University or Institution for the award of any degree. ……………………………………………………………………………….. (Register Number, Name & Signature of the Student) Department of Computer Engineering Place: NITK, SURATHKAL Date: ............................ CERTIFICATE This is to certify that the P.G Project Work Report entitled " THREAT MODELING AND ITS USAGE IN MITIGATING SECURITY THREATS IN AN APPLICATION" submitted by Ebenezer Jangam (Register Number:07IS02F)...

Words: 18945 - Pages: 76