Home / Hacking / Buffer Overflow / How do buffer overflow attack works?
buffer overflow

How do buffer overflow attack works?

When a web application is launched a process is created in a CPU where PMU (Process Management Unit) allocates temporary storage in RAM which holds the data right before it is used by the application. Before going into buffer overflow attack we should learn what it really means.

How Buffer is used?

Let’s see how buffer is used on the server. Suppose we have a form in web application, when the user fills the form and submit the form, http request is generated that is entertained by the server which runs all the time. The server contains a Master Process which is the collection of relative files and folders residing on the server i.e CGI (child processes). The web application allocates child process to handle this http request and switches the control to web application server which now creates a process stack which holds the data required to execute the program. Usually the process stackscreenshot_16 is divided into three regions. The image shows that the text part contains code of the application. The data part contains uninitialized data (variables that are initialized to zero) and initialized data (hard coded data, it could be tables that contain VIP data to be used for specific purpose). The text and data part together are known as application-specific data upon which buffer resides. Buffer could be stack (static memory location) that moves towards application-specific data or it could be heap (dynamic memory location) where in data moves away from application-specific data.

The actual phase comes when the user inputs data, it is sent via http request and is check by uninitialized data function if it’s not empty the values are calculated by initialized data function and is saved in the stack. The size of stack is specified in terms of 2^x where x starts from 10 i.e 2^10 = 1024 Bytes and it could vary by increment of 1 in x. Suppose x=11 so 2^11=2048 Bytes.

The act of inserting data into stack that exceeds its boundary is known as buffer overflow. As a result of buffer overflow the web application will display all the related VIP data in tables. Buffer overflow leads application to overwrite adjacent memory locations. This is a special case of the violation of memory safety. Buffer overflows can be triggered by user inputs that are designed in malicious way to execute arbitrary code, or it could alter the way in which the program operates and perform it’s functions. This may cause damage to the system and can disrupt the system behavior. It can also leads the program to crash or give erratic results. This is the major breach of system security. Thus, they are the basis of many software vulnerabilities and can be maliciously exploited. Programming languages commonly associated with buffer overflows include C and C++, which provide no built-in protection against accessing or overwriting data in any part of memory and do not automatically check that data written to an array (the built-in buffer type) is within the boundaries of that array.

Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine.

Please read more hacking articles.

About Kamran Mohsin

Kamran Mohsin
Kamran Mohsin is a Certified Ethical Hacker. Currently working as a Penetration Tester within a private company in Pakistan. He is also doing Masters in information Security. He worked in web development (front-back-end) from recent back years. With the passage of time he took interest in Hacking and started to write blogs on IS from late 2015.

Check Also

SSH Key-Based Authentication

How To Configure SSH Key-Based Authentication on a Linux Server

Introduction to SSH Secure Shell (SSH) is a cryptographic network protocol for operating network services …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: