This semester we started doing some programming in C for our Secure Programming and Scripting module, amazing how efficient and powerful C is! Anyway we started on buffers last week, and what happens if boundary checks aren’t done correctly or at all, and as an assignment we had to write three pieces of code and overflow the buffers, seems simple enough.
I found it fascinating being able to affect memory on the stack, so read a bit more into it, and found that I could actually overflow the buffers with python scripts, ascii codes, and even assembly, so this got me thinking of how far I could push an overflow, and what affects it would have on the system.
So, using a buffer overflow I was able to overflow the buffer using NOP instructions, redirect the location of the return method and got it to run my own malicious code I had in a script, which launched a reverse TCP connection on the victims machine. So basically performing a remote code execution attack by leveraging an insecure buffer, and leaving a reverse shell on the machine afterwards!
Have to say im equal parts chuffed and terrified!
Just want to say to make sure you sanitise your inputs!