1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Why Stack Overflows Can Be Dangerous?

Discussion in 'C' started by lionaneesh, Jan 30, 2011.

  1. lionaneesh

    lionaneesh New Member

    Stack is a Last in First out(LIFO) abstract data structure...Stack is used as the main data structure for processing and data management on most of the OS architectures...like intel x86 etc etc..

    Stack based Overflows

    It happens when to much data is passed on the call stack and results in overwriting data...

    The call stack is limited amount of memory , of ten determined at the start of the program..

    When program tries to access more space that is available to the call stack it basically results in a overflow...

    Why it is dangerous

    It is dangerous because the call stack contains all our data (decrations) included the one used for user Input..

    eg :-

    if we declared
    char pass[] = “I am the password!!!”;
    int i = 0;
    char userInput[10];
    Then the stack would look like :-
    |int i = 0|
    |char pass|
    Now if we overflowed the userInput then we will successful overflow the int I with our desired value..It will be clear when we see the exploit example..


    Exploit :-


    int main()
    	int i=0;
    	char userInput[10];
    	printf("Please enter some data : ");
    	gets(userInput); // depriciated function now you will get to know why we should not use this...
    		printf("You !!!! Just exploited me.. Aah! :( :'(\n");
    Compiling :-

    We would be using gcc with the flag of no stack protector so that kernel does not stop us..

    aneesh@aneesh-laptop:~/articles/C$ gcc buggyProgram.c -fno-stack-protector -o buggyProgram
    /tmp/ccORWe40.o: In function `main':
    buggyProgram.c:(.text+0x26): warning: the `gets' function is dangerous and should not be used.
    Lets exploit it now....

    Lets create a attact string first :-

    As we know the userInput is just 10 bytes long. Thus, in order to exploit this we would need to pass 10 bytes to this... and further with 4 1's to overwrite the int I variable...

    Attack string :-

    [10 bytes garbage] +  [4 * 1]
       |                     |
    for filling       for overwriting     
    up userInput	  the int variable
    Now lets pass this to the program and see what happens..

    aneesh@aneesh-laptop:~/articles/C$ ./buggyProgram 
    Please enter some data : AAAAAAAAAA1111
    You !!!! Just exploited me.. Aah! :( :'(
    And BooM!! We did it!!!
  2. lionaneesh

    lionaneesh New Member

    Hey thanks...For accepting...
    Yeah and check your email please...
  3. etrade123

    etrade123 Banned

    Thank you to all those are join our company. its really good.
  4. pankajchandel

    pankajchandel New Member

    I am quite new in this forum lot of new things to learn although i am good at programming
  5. lionaneesh

    lionaneesh New Member

    Thanks Sir , And please read my other articles too!!

Share This Page