IJISC
  • Indexed in

  • Latest News

    July 1, 2024
    Volume 13, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 27, 2023
    Volume 12, Issue 2 of the International Journal of Information Security and Cybercrime was published
    June 28, 2023
    Volume 12, Issue 1 of the International Journal of Information Security and Cybercrime was published
  • --- More News ---
  • Popular Articles

  • Buffer Overflow Vulnerability Exploitation Using Open-Source Tools


    Author(s): BARBU, Ionuț-Daniel

    Quick view | Full article | Citations | Views: 1,551


    Author(s) keywords: , , , ,


    Reference keywords: ,


    Abstract:

    The purpose of this article is to present an overview of buffer overflow vulnerabilities. During an exploitation of such vulnerability, the attacker uses basic concepts of programming and networking technology to get access to the target machine. Two aspects are worth mentioning: the first one is that the attack was created for teaching purposes and secondly, perhaps more important, the tools used are free and anyone can access them. Obviously, attacks on computer systems can be very complex but as you will discover this attack can be implemented without much effort. I insist on this idea to show that an attacker does not have to be highly trained. Therefore I want to emphasize the importance of security to all users. As a summary, this demonstrates, that following well-defined steps a malevolent person can exploit vulnerabilities detected. It starts with running a scan for vulnerabilities against the network. Reviewing the report generated, the presence of FTP (File Transfer Protocol) should be noted. Going further, it develops the main attack. The success of the attack is confirmed by access to Command Prompt in Windows operating system of the targeted machine.



    References:

    [1]. Y. Liang, H. V. Poor and L. Ying, "Secure Communications Over Wireless Broadcast Networks: Stability and Utility Maximization," IEEE Trans. Inf. Forensics Security, vol. 6, no. 3, pp. 682-692, 2011.

    [2]. S. Haker et al., "Combining Classifiers Using Their Receiver Operating Characteristics and Maximum Likelihood Estimation," in Proc. Int. Conf. Med. Image Comput. Comput. Assist. Interv., 2010, pp. 506-514

    [3]. Buffer Overflow Vulnerability (2013, Feb. 13) [Online]. Available: http://www. securitatea-informatiilor.ro

    [4]. Open Source (2013, Feb. 13) [Online]. Available: http://www.owasp.org

    [5]. Mitre (2013, Feb. 15) [Online]. Available: http://www.mitre.org

    [6]. A. Yao, "Protocols for secure computations," in Proc. 23rd Ann. IEEE Symp. Foundations of Computer Science, 1992, pp.160-164

    [7]. T. B. Gillete, "A Unique Examination of the Buffer Overflow," 1984.

    [8]. K. Piromsopa, "Buffer Overflow Protection," 2006.

    [9]. Fuzzy Security (2013, Feb. 20) [Online]. Available: http://fuzzysecurity.com

    [10]. Buffer Overflow Tutorial (2013, Feb. 22) [Online]. Available: http://www. hackingtutorial.com



    Additional Information

    English title: Buffer Overflow Vulnerability Exploitation Using Open-Source Tools
    Original title: Exploatarea vulnerabilităților “buffer overflow” folosind instrumente de tip open source
    Author(s): BARBU, Ionuț-Daniel
    Article Language: Romanian
    Date of Publication: 2013-12-28
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2013.02.05
    Issue: Volume 2, Issue 2, Year 2013
    Section: Studies and Analysis of Cybercrime Phenomenon
    Page Range: 43-54 (12 pages)



    Copyright ©2012-2024
    The International Journal of Information Security and Cybercrime (IJISC)

    All rights reserved
    The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.