Basic Control Hijacking Attacks - Stanford University
Announcements: ? Project 1 is out: part I due Apr. 13. ? Please come to section on Friday at 11:30am
Control Hijacking
Basic Control Hijacking Attacks
Dan Boneh
Control hijacking attacks
? Attacker's goal: Take over target machine (e.g. web server) ? Execute arbitrary code on target by hijacking application control flow
? Examples: ? Buffer overflow and integer overflow attacks ? Format string vulnerabilities ? Use after free
Dan Boneh
First example: buffer overflows
Extremely common bug in C/C++ programs. ? First major exploit: 1988 Internet Worm. Fingerd.
Whenever possible avoid C/C++
Often cannot avoid C/C++ : ? Need to understand
attacks and defenses
Feb. 2024: White House support for memory safety
Source: web.nvd.
Dan Boneh
What is needed
? Understanding C functions, the stack, and the heap. ? Know how system calls are made ? The exec() system call
? Attacker needs to know which CPU and OS used on the target machine:
? Our examples are for x86-64 running Linux or Windows ? Details vary slightly between CPUs and OSs:
? Stack Frame structure (Unix vs. Windows, x86 vs. ARM) ? Little endian vs. big endian
Dan Boneh
Linux process memory layout (x86-64)
%rsp
(stack pointer)
(esp in 32-bit mode)
user stack
0x0000 7FFF FFFF FFFF (128 TB)
shared libraries 0x0000 7F1F6 XXXX XXXX
Loaded from executable
run time heap
text and data unused
0x0000 0000 0040 0040
0
Dan Boneh
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- lecture 04 pointers and strings
- computer science foundation exam
- lecture 02 c strings file io c primer
- basic control hijacking attacks stanford university
- buffer overflow exploits computer science
- format string vulnerability printf user input
- windows 2000 format string vulnerabilities by
- buffer overflow vulnerabilities and attacks
Related searches
- stanford university philosophy department
- stanford university plato
- stanford university encyclopedia of philosophy
- stanford university philosophy encyclopedia
- stanford university philosophy
- stanford university ein number
- stanford university master computer science
- stanford university graduate programs
- stanford university computer science ms
- stanford university phd programs
- stanford university phd in education
- stanford university online doctoral programs