Buffer Overflow Attack Pattern

Context

The target application is written in a language that does not provide automated memory management, buffer length checking and array bounds checking. This is most often C/C++ but could include any language that is not type safe.

Problem

How to exploit an unchecked buffer to crash a process or inject and execute malicious code.

Forces

• You want to impact the availability of the process to other users
• You want to execute unauthorized code
• You want to cause availability or integrity damage or escalate privileges

Solution

• Identify entry points that accept string input or input that could be used to calculate the size of an internal buffer.
• Craft attack data for each entry point.
• Place target application under debugger.
• Pass atttack data to each entry point.
• If application crashes look for attack data on stack, heap or in process registers.