Week 10 - Memory Based Attacks Flashcards

1
Q

Where does the EIP point to?

A

The current instruction being executed in memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where does the ESP point to?

A

The top of the stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where does the EBP point to?

A

The base of the current stack frame

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What happens in the stack when a function is called?

A

The current EIP and current EBP values are pushed onto the stack. A new stack frame is created at the top of the stack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the NX-bit defence against buffer overflow attacks?

A

The NX-bit provides a hardware distinction between the text and the stack. If the EIP ever points to the stack the program crashes. This makes it so data in memory can either be executable, or be read/written from/to, but it can not be both.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is one way of getting around the NX-bit?

A

To find code in the text you want to execute (such as open the shell), and use a buffer overflow attack to make the EIP point to that code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does a buffer overflow attack work?

A

Write data into a buffer so that the data overflows into the EIP and EBP values stored on the stack. When the current function finishes executing, the overwritten EIP and EBP values will be loaded. This makes it possible to change where the code will resume from.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly