Many people ask, how do Hackers do what they do? How do they gain access to systems? Well, basically they probe and prod until they find a vulnerability. The most common vulnerability is a buffer overflow of poorly written software. This blog can get a bit technical, but with cybercrime on the rise each year for over a decade, you’ll want to know about one of the easiest ways for hackers to control your network. Here’s what you need to know about buffer overflow.
What is Buffer Overflow?
Buffers are memory storage areas in a system that hold data momentarily as it is being transferred from one location to another. A buffer overflow occurs when the volume of data being transferred exceeds the storage capacity of the memory buffer. As a result, the program writing the code to the buffer can overwrite it causing corruption, crash the program or even cause the execution of malicious code.
Remember, most real hackers do not want to crash a system, they want control of it. So with a buffer overflow, a hacker stuffs more data into a programmer buffer than what it can handle. By doing this and using some creative memory inspection tools, the hacker can see what memory location in the stack was going to be executed next. Knowing this information can allow the hacker to inject additional code to modify the return address therefore executing an additional program, in most cases a shell prompt.
So, What Does a Poorly Written Program Susceptible to an Overflow Look Like?
This simple program has the typical buffer overflow error and copies a supplied string without having bounds checking by using strcpy() instead of strncpy(). If you run this program you will get a segmentation violation. The Buffer of the array is set to “16” in the overflow function, while the for loop is looping the letter A 255 times, therefore overflowing the buffer.
What’s Next After Executing the Vulnerable Program?
Once you execute the vulnerable program and overrun the buffer you will most likely get a long string of characters. These Characters are the return address of the next function call for the program. To properly exploit the buffer, you will need to convert these strings to Hex. So for example if the return address space is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…… then your return address is 41414141. By knowing the return address space and some little basic math you can inject a new return address space into the buffer of another program, and that could potentially execute a shell for a hacker to gain control over. Sorry readers, I’m not going to show you how to do it 🙂 but basically you do the following:
Note: this is an attack example and is only used for demonstration purposes.
While a computer is relatively safe from hacking as long as you are using the proper devices, firewalls, and anti-virus/anti-malware software, they are still susceptible if you install untrusted software. Therefore, this is why most IT departments will lock down your ability to install software. Trust me, it’s not because we like to keep busy. It’s because we want to make sure the systems we manage to stay in our control. It’s also the responsibility of the programmers to write secure programs, especially in secure or publicly accessible environments.
Assess Your Network Vulnerabilities
A computer gets attacked every 39 seconds on average. According to Fundera, 60% of small businesses that are victims of a cyberattack go out of business within six months. You’d have to be a little crazy or extremely confident in your network security not to gasp at those stats. In the new digital age, cybersecurity has never been more important. If you are worried that your IT infrastructure may be susceptible to an attack, you may want to perform a cybersecurity assessment or audit.