Control Hijacking - Attacks Flashcards
What are the different types of control hijacking attacks?
- Buffer overflow
- Integer overflow
- Stack overflow
- Index overflow
- C++ VTables overflow
Define
Control Hijacking Attacks
An attacker hijacks the control flow by corrupting memory
Describe
Buffer Overflow
Writing more data in the buffer and over its adjacement memory
Describe
Integer Overflow
Unexpected results from comparing, casting, and positive/negative integers
How could integer overflow be prevented?
Using assertions
Describe
Stack Overflow
Overwriting the stack information
What does the stack overflow cause?
Segmentation faults
What can an attacker do after a stack overflow?
Jump to user-defined code, overwrite sensitive data
Describe
Index Overflow
Access an array index beyond boundary check
What does an integer flow allow?
Direct write to memory locations
Describe
C++ VTables Overflow
Overwriting a variable or pointer pointing to the vtable with a fake vtable in order to execute malicious code
A program’s state is described by what
Processor registers and memory
Define
Processor Registers
Loads data for operations copied back/from main memory; stores local data for arithmetic computations
Define
Stack
Collection of push/pop operations and stack frames
Which way does the stack grow and towards what?
Down towards lower memory
Describe
ESP
Points to the top of the stack and the most recent item
What does push() do on the stack?
- Decrements the ESP’s position in memory
- Updates the stored ESP value with the newest stack item
What does pop() do on the stack?
- Increments the ESP’s position in memory
- Returns the value stored in the ESP (top of the stack)
- Removing top element from the stack
Define
EBP
Stores the address of the current stack frame
Define
Stack Frame
The function being invoked or return
What happens to a function after it executes in relation to the stack?
The frame is removed from the stack to signify completion of the function
How are local variables stored on the stack?
Little Endian
Given the following, how would they be stored on the stack from highest in memory to lowest?
local_var(a, b, c)
c
b
a
Define
Memory Safety
No access to “undefined”
What constitutes as access?
Read, write, or execute privileges
How do you build confidence with memory safety?
- Module-by-module analysis
- Preconditions
- Postconditions
Define
Precondition
Holds true for a statement or function to execute
Define
Postcondition
Holds true after function returns or statement executes
What does the postcondition imply?
The precondition was true
What is the layout of a stackframe from top of memory to bottom of memory?
Caller’s Frame
Function Arguments/Params
Return Addr
Pointer to previous frame
Local variables