We were able to manipulate the gold of this game by inputting the name greater than 10 bytes. However, in C a char works in 4 byte increments called words, which means that even if we have a char that is 10 bytes long, it will still remain in the same memory address for 12 bytes. So we inputted a name that was 12 bytes long which then overflowed into the next memory address space which was the gold integer. In C a struct puts the memory addresses next to each other. This is relevant because when we overflow the name variable the excess bytes get stored in the gold variable. To change the gold to over 9000 we have to overflow in a specific way. After we have our 12 byte input, the next bytes we input as ASCII characters will be stored as the hexadecimal representation in the memory address of gold. For example, if our extra bytes are *** and our 12 bytes name is 12-byte-name then the hex representation of the ASCII characters *** will be 2A,2A,2A which is represented as 0x2A2A2A. And this number converted into decimal is 2763306.
hen the input is too long, it seems like a bad behavior. Because, when the stack overflow occurred in ASCII character, then the error message will be displayed which is based on the programs installed on the operating system (attacks?, 2017). The allocation of memory space will be varied for each C compilers. After completing the buffer storage area, it is impossible to create the integer type. So that, the ‘Word’ datatype is recommended to use for 12 bytes. After completing this 12 bytes, the input will be stored in the gold’s memory address as the hexadecimal values. Finally it is converted into decimal value.
One method is to use a managed language like C# or Python. These languages have out of bound checking on arrays automatically so you cannot overflow at all. Another method is to use a statistical analysis program that will parse the program and attempt to find buffer overflows. This is expensive and time consuming. So one of the best methods is to use a stack canary which is a 4 or 8 byte number located before the return memory address which allows us to verify that the canary has not been changed before it is returned.
The chosen programming language should have direct memory access and the classes can provide the memory handling functionality such as std::string. But if we are using these classes often and more, then the problem will be occurred in memory space. Another efficient method is using the code analysis tools such as Veracode, Fortify and Qualys to identify any buffer flows in code. Then the overflow will be identified and fixed (Cse.scu.edu, 2017).
The implemented exploit will be more useful because, it helps to modify the memory space of any program in any sorted order while the exploit is presented. To control the flow of entire process, the arbitrary machine code is written because generating the arbitrary machine code is not a difficult task. So for the control flow process can be done by creating an account on a target machine and also by altering the configuration of the target machine. This process can be done by revising the return address of the function into another function that contains the malicious code. It can be applied on any type of machine or program. This program can be an unmanaged language like web server or proprietary login manager for gaining the remote access from there, whatever we like.
We have to use the flag -fno-stack-protector because otherwise our command will fail because there is stack smashing protection automatically added to GCC. This flag adds a canary which is a 4 or 8 byte value located before the return address which must be checked against an expected result or else the program will terminate due to a corrupted canary.
The canary is a value which represents the stack-allocated data. It is located between control data of stack and the buffer. It helps to monitor any buffer overflows on the stack. When the buffer is overflowed the canary value will be destroyed. It shows that the overflow can be precede over by the buffer. After examining the canary value, if it found that the program is affected by malicious code, then the execution process will be terminated automatically. So it prevents the program from the attacker. There are three types of canaries such as terminator canaries, random canaries and random XOR canaries. The terminator canaries use the method strcpy() to prevent from the attacker. Because it won’t copies the null character. The random canaries helps to know the attacker while reading the program from the stack. These canaries provide the re-encoding methodology for the protection (SearchSecurity, 2017).
The canary becomes corrupted by being overwritten or changed by a buffer overflow. So this is an effective method to find and prevent buffer overflows.
If the game was written in JAVA it would no longer be exploitable because Java includes out of bound checking on its arrays and would return an ArrayOutOfBound error which would terminate the program instead of overwriting memory.
If the program we were exploiting ran on escalated privileges, we could run arbitrary machine code through a buffer overflow that would execute a bash shell by running the ‘/bin/sh’. After running /bin/sh we now have terminal window that we can run other commands that we like. This is known as shell code.
At first, the ‘objdump’ is used for getting the static address. Then this command will be ran with ‘gdb’. After executing this command, the address of the stack can be easily found. Then the buffer will be filled out with the string which helps to overwrite the return address in the buffer. Now we can insert the exploit code instead of inserting the code from other program.
We were able to login as any user we wanted provided that we had the user name by injecting a sql statement into the password field. For our password we input the line ‘ OR “” = “”;– which means that first we close the password field with the ‘ and then we insert an OR statement which checks if the statement “” = “” is true, which it always is. Then, we ignore the rest of the sql line by inserting the comment symbol — .
The SQL query will be created while the user entering the user name and password. Then it will be executed for validating these inputs with the details which are stored in the database. If the match is found then it granted the permission for user. As this security mechanism is bypassing, the SQL code need to be injected into the fields of inputs. The the result will be obtained by executing the valid SQL statement. If any errors occurred in the SQL query syntax, the valid result cannot be obtained. So that the random SQL commands never provide the successful authentication process (Sechow.com, 2017).
We could get the password of Bobby by querying his username in a second select statement. However, because the database does not allow two select statements at the same time, we had to use the UNION keyword which joins the results from two select statements into one. And since the fetchone command uses our most recent select statement, we will be able to display the answer to the last query. Using the union our sql injection was ‘ UNION SELECT password FROM Users WHERE username = ‘Bobby’;– which would give us the answer User UNION SELECT password FROM Users WHERE username = ‘Bobby’;– is lolcats .
One way to prevent these attacks is to allow the sql library to place the argument. The current code uses the python format to place a user provided string directly into the query whereas if you let the sql library to do it using the keyword ? Then it will convert it into a sql statement and also escaping the commands. It is a difficult problem to fix because it is so easy to allow these exploits to take place and also because when exploits happen it is completely transparent to you because there will be no errors returned since its normal sql code. And it is common because most database engineers do not factor in sql attacks when designing the architecture. Or because you may be using insecure infrastructure of old version of databases or you may not have enough time or money to go through your code and look for vulnerabilities.
The SQL injections are very common vulnerabilities and it will be happened by following factors (Securityidiots.com, 2017).
For protection the following steps are applied.
To overcome the problem of SQL injection attacks, the following steps are needed.
While any errors found in database, the entire detail about the database error should not be enclosed (Msdn.microsoft.com, 2017).
References
attacks?, W. (2017). What are the prevention techniques for the Buffer overflow attacks?. [online] Stackoverflow.com. Available at: https://stackoverflow.com/questions/3705547/what-are-the-prevention-techniques-for-the-buffer-overflow-attacks [Accessed 8 Jun. 2017].
Cse.scu.edu. (2017). Buffer Overflow Attack. [online] Available at: https://www.cse.scu.edu/~tschwarz/coen152_05/Lectures/BufferOverflow.html [Accessed 8 Jun. 2017].
Msdn.microsoft.com. (2017). How To: Protect From SQL Injection in ASP.NET. [online] Available at: https://msdn.microsoft.com/en-us/library/ff648339.aspx [Accessed 8 Jun. 2017].
SearchSecurity. (2017). How to stop buffer-overflow attacks and find flaws, vulnerabilities. [online] Available at: https://searchsecurity.techtarget.com/tip/How-to-stop-buffer-overflow-attacks-and-find-flaws-vulnerabilities [Accessed 8 Jun. 2017].
SearchSecurity. (2017). What is buffer overflow? – Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/buffer-overflow [Accessed 8 Jun. 2017].
Sechow.com. (2017). SQL injection | OWASP Bricks Login page #1. [online] Available at: https://sechow.com/bricks/docs/login-1.html [Accessed 8 Jun. 2017].
Securityidiots.com. (2017). Login Bypass Using SQL Injection. [online] Available at: https://securityidiots.com/Web-Pentest/SQL-Injection/bypass-login-using-sql-injection.html [Accessed 8 Jun. 2017].
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download
