A Format String attack can occur when an input string data is processed by a vulnerable function so that attacker can pass the formats to exploit the stack values with the help of format string functions/printf() family functions
By Format String vulnerability, an attacker can execute code, read the stack values, or cause a segmentation fault in the application
Shellcode is a piece of code performs specific action
Shellcode is written in ASM
Shellcode is architecture specific, so it is non portable between different processor types
Shellcode is typically written to directly manipulate processor registers to set them up for various system calls made with opcodes
When the ASM code has been written to perform the operation desired, it must then be converted to machine code and freed of any “null bytes” , because it must be free of any null bytes because many string operators such as strcpy() terminate when hitting them
System call (commonly abbreviated to syscall)…
A buffer overflow occurs when the size of data exceeds the storage capacity of the memory buffer
As a result, the program will try to write the data to the buffer which overwrites nearer memory locations Instruction Pointer(IP), Base Pointer(BP)
C and C++ are two languages that are highly susceptible to buffer overflow attacks, as they don’t have built-in safeguards against overwriting or accessing data in their memory
Mac OSX, Windows, and Linux all use code written in C and C++.
Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another
Procedure Linkage Table(PLT) is a “read-only” section
It is responsible for calling the dynamic linker during and after the program runtime to resolve the addresses of the requested functions
During compilation we cannot mention these addresses because the function addresses of each system is unknown and shared object is also unavailable
So,PLT plays a vital role in resolving these function addresses during runtime
PLT table is much larger than the GOT table
Each program/binary has its own PLT table which is useful to itself only
When symbol resolution is requested, the request is made to the PLT by the calling…
The term “libc” is commonly used as a shorthand for the “standard C library”, a library of standard functions that can be used by all C programs (and sometimes by programs in other languages).
For more on LIBC
Whenever a function is called by a program, the arguments required for this function are loaded into stack so that it can be pointed by Base Pointer(BP) easily to process the instructions.
We cannot point an arbitraty address into Instruction Pointer (IP) to run our shellcode from that address.
This will fail, because there is no execution of shellcode when NX bit…