Ethical Hacking

FH Salzburg
Sommersemester 2025

This is the waiting queue slide. Hit space or right arrow key to jump to cover slide.

Reverse engineering & buffer overflows

FH Salzburg, Sommersemester 2025

jackie / Andrea Ida Malkah Klaura <jackie@tantemalkah.at>

https://tantemalkah.at/2025/ethical-hacking

🌒⇆🌖 Use page style to switch to light mode.

Reverse engineering

definition

Speziell bezogen auf Software wird darunter meistens einer der drei folgenden Vorgänge verstanden:

Die Rückgewinnung des Quellcodes oder einer vergleichbaren Beschreibung aus Maschinencode, z. B. von einem ausführbaren Programm oder einer Programmbibliothek, etwa mit einem Disassembler (kann Teil eines Debuggers sein) oder einem Decompiler.
Die Erschließung der Regeln eines Kommunikationsprotokolls aus der Beobachtung der Kommunikation, z. B. mit einem Sniffer.
Die nachträgliche Erstellung eines Modells, ausgehend von bereits vorliegendem Quellcode, in der objektorientierten Programmierung.

Source: Wikipedia [DE]: Reverse Engineering (2025-06-11)

use cases

Brainstorming @ C3W Cryptpad

(Link als available on Moodle)

essentials ^{(also for buffer overflows)}

how does the CPU work when executing programs?
how does memory work for running programs?
and then a lot of nifty tools, of course

how the cpu works

Lexi Mattick: Putting the “You” in CPU

For a funny take on assembler play the Human Resource Machine.

registers

Source: Wikipedia [EN]: X86, image license: CC-BY-SA 3.0 by Immae

how programs work with memory

Gustavo Dutarte: Anatomy of a Program in Memory ^{(meanwhile an oldie-but-goldie)}

getting started with reversing

reverse engineering is usually something that requires a steady build-up of experience. it isn't something we just quickly do on the side, at least not when we want to reverse binary executables.

for a quick start, here is a guide on how to start with your first reversing challenges: Part : 1 [crackmes.one] — Beginner Friendly Reversing Challenges

https://crackmes.one is a playground similar to hackthebox,
but specifically for reverse engineering

Buffer overflows

when more data is written to a buffer, than the buffer can hold
potentially overwriting other memory in use
can be exploited for arbitrary code execution if either
- the instruction pointer can be overwritten
- or some part of memory that will be executed later

types of buffer overflows

stack overflow: most common form
heap overflow: harder to exploit, but still make code execution possible
integer overflow: exceeding max values through arithmetics
format string overflow: when user input is used as a format string, could lead to arbitrary memory read/writes
unicode overflow: using unicode for input where ascii is expected, potentially causing overflows
... and so much more ... but now for the classic!

stack overflow in action

Computerphile: Running a Buffer Overflow Attack (YouTube, 17min)

Tutorial/Gist based on the above video:
https://gist.github.com/apolloclark/6cffb33f179cc9162d0a

Daniel Slater How to exploit a buffer overflow vulnerability - Practical (YouTube, 10min)

stack structure

CyberPunk: Stack Structure Overview [GDB]
Linux Journal, Gianluca Insolvibile: Stack Backtracing Inside Your Program
And on x86-64 everything is just a bit more complicated ^{(we'll keep focusing on x86)}:
Eli Bendersky: Stack Frame Layout On x86-64

how to find buffer overflows

source code analysis
reverse engineering
fuzzing

how to prevent them

validate input!
and check for the length!
use strncpy instead of strcpy etc.
don't use gets because it is quick and convenient ^{(was replaced in C11 with safer get_s)}

Overflow this!

exploitable_echo.c

Compile and debug this inside you Kali box. You need to turn off ASLR. See the comments in the file. We would not want to do this on our host system.

For show-off effects, change the executable's ownership to root and set the suid bit.