✔️ Remote code execution

✔️ Privilege escalation attacks

✔️ Understanding basics of memory corruption attacks

→ buffer overflow vulnerability where an attacker can take control :

  1. execution flow of a piece of software
  2. routine of the operating system

we want the application to behave differently from the way the author designed it to be

what can the buffer overflow attack lead to?

What is a buffer?

area in the computer RAM for temporary data storage:

buffers have finite size

example:

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/f6b3e21e-678e-42a3-aa80-5f0b3270652d/Untitled.png

what happens if developer doesn't enforce buffers' limits:

attacker can write beyond the limits

→ attacker writes arbitrary code in the RAM

→ attacker writes a program

→ gains flow of the program execution flow

Buffers are stored in stacks

LIFO

push() and pop()

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/31d52299-83be-45b6-9753-cc4b3030c0b4/Untitled.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2523d5d6-6178-438f-b927-d79737c1ff8d/Untitled.png

similarly if we overwrite the content of the execution function in the stack, then we will be controlling the execution flow

random overwriting will crash the application

well-engineered overwriting can exploit buffer overflow

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/043aa330-d1c4-4c1d-a9e5-5dde6edf6bac/Untitled.png

I we are able to overwrite local variables and the base pointer, we can overwrite Return Address with a buffer flow

tougher and requires assembly language programming.