The string could
potentially overwrite the return address, telling the web application what machine instructions
it should execute next. The injection aspect of buffer overflows is that the attacker injects
machine instructions (called shell code) into some user input. The attacker somewhat needs to
know where the shell code will end up in the memory of the computer running the web
application. Then the attacker overwrites the return address to point to the memory location
of the shell code.
Exploiting buffer overflows are nontrivial, but finding them is not as difficult, and
finding buffer overflows on a local machine is easy. You need only send very long strings
in all user inputs. We suggest inputting predictable strings, such as 10,000 capital As, into
each input. If the program crashes, it is most likely due to a buffer overflow. Repeat the
crash while running the application in a debugger. When the program crashes, investigate
the program registers. If you see 41414141 (41 is the ASCII representation of a capital A)
in the SP register, you have found a buffer overflow.
Finding buffer overflows on remote machines, such as a web application, is a lot
more difficult, because attackers cannot view the contents of the web application??™s
registers, and it may even be difficult to recognize that the web application has even
crashed.
Pages:
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81