12
ART OF EXPLOIT WRITING Ashfaq Ansari Security Researcher & Penetration Tester Founder Of: HackSys Team http://hacksys.vfreaks.com/ null Meet @Bangalore – 19 th Jan 2013

Art of Exploit Writing

Embed Size (px)

DESCRIPTION

null Bangalore Chapter, January 2013 Meet

Citation preview

Page 1: Art of Exploit Writing

ART OF EXPLOIT WRITING

Ashfaq Ansari

Security Researcher & Penetration Tester

Founder Of: HackSys Team http://hacksys.vfreaks.com/

null Meet @Bangalore – 19th Jan 2013

Page 2: Art of Exploit Writing

Buffer Overflow • Writing more data into a buffer than the

allocated size.

• Two types:

– Stack Overflow corrupt the execution stack by writing past the end of an array (aka. smashing the stack/ stack overflow)

–Heap Overflow corrupt the heap

Page 3: Art of Exploit Writing

Process Memory Organization

Text

Data

Heap

Stack

Text • Fixed by the program

• Read-only

Data • Initialized & Uninitialized Data

• Static variables are stored here

Stack • Local variables for functions

• Return address and local stack pointer

Page 4: Art of Exploit Writing

The Stack - We Must Know Him

c

b

a

RET

SFP

Buffer 1

Buffer 2

• Stack is LIFO – Last In First Out

• PUSH & POP operation LIFO

• Dynamically allocate local variables used in functions

• Pass parameters to functions, etc.

Used

• Stack Pointer (SP) points to the top of the stack

• Contains return address and local stack pointer

Info

Page 5: Art of Exploit Writing

x86 General Purpose Register

Page 6: Art of Exploit Writing

Fuzzing

Page 7: Art of Exploit Writing

• Black Box software testing technique, which helps in finding implementation bugs using malformed /semi-malformed data injection in an automated fashion

1

• Lazy mans tool 2

Overview

Page 8: Art of Exploit Writing

The Stack - Overflow

AAAA

AAAA

AAAA

DDDD

CCCC

BBBB

BBBB

AAAA

AAAA

AAAA

• Overwritten by A’s & B’s

Buffer 1 & 2

• Overwritten by C’s SFP

• Return Overwritten by D’s RET

Page 9: Art of Exploit Writing

Bad Characters

NULL \x00

\n \x0a

\r \x0d

Page 10: Art of Exploit Writing

DEMO

Page 11: Art of Exploit Writing

Time Spent

Exp

loit

s W

ork

ed O

n

Get Familiar

Achieve Mastery

Work Hard Toward Mastery

Get Experienced

Page 12: Art of Exploit Writing