The most common vulnerability for hackers to get into

What is the buffer overflow?

Hacker safe sign that is crossed outMany people ask, how do Hackers do what they do? How do they gain access to systems? Well, basically they probe and prod until they find a vulnerability. The most common vulnerability is a buffer overflow of poorly written software. Remember most real hackers do not want to crash a system, they want control of it. So with a buffer overflow, a hacker stuffs more data into a programmers buffer than what it can handle. By doing this and using some creative memory inspection tools, the hacker can see what memory location in the stack was going to be executed next. Knowing this information can allow the hacker to inject additional code to modify the return address therefor executing an additional program, in most cases a shell prompt.

So what does a poorly written program that is susceptible to an overflow look like?

Precompiled program called Overflow

Poorly written code snipit

This simple program has the typical buffer overflow error and copies a supplied string without having bounds checking by using strcpy() instead of strncpy(). If you run this program you will get a segmentation violation. The Buffer of the array is set to “16” in the overflow function while the for loop is looping the letter A 255 times, therefore overflowing the buffer.

Once you execute the vulnerable program and overrun the buffer you will most likely get a long string of characters. These Characters are the return address of the next function call for the program. To properly exploit the buffer you will need to convert these strings to Hex. So for example if the return address space is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…… then your return address is 41414141. By knowing the return address space and some little basic math you can inject a new return address space into the buffer of another program, and that could potentially execute a shell for a hacker to gain control over. Sorry readers I’m not going to show you how to do it 🙂 but basically you do the following

Example hacking snipit

Note this is an attack example and is only used for demonstration purposes.

So while a computer is relatively safe from hacking as long as you are using the proper devices, firewalls, and anti-virus/anti-malware software, they are still susceptible if you install untrusted software. Therefore, this is why most IT departments will lock down your ability to install software. Trust me it’s not because we like to keep busy… It’s because we want to make sure the systems we manage stay in our control. It’s also the responsibility of the programmers to write secure programs, especially in secure or publicly accessible environments.

Learn more about how to keep your systems safe!

Tags: , , , ,

Categorised in: , ,