Embedded Files
Buffer overflow: the illustration below shows the main program in C, which takes user input into string s, and passes that input to sample_function. Within the function, the variable size input is copied into the fixed-size string, leading to buffer overflow. In our example the length of the user input is just enough to overwrite the return address.
Main point: the attacker can control what will be executed after the buffer overflow. They can make the return address point back into the user input and put some executable code there, or they can make the return address point to some other code in the computer memory.
Attacker goals: typically to create a way for them to get access to command line (shell application) on the machine running vulnerable code. From there they can execute any command they like.
Page updated
Google Sites
Report abuse