Exploiting & Defense Day 1 Recap
Exploits and Vulnerabilities A Exploit: Program which exploits a vulnerability Exploit types: Local (Privilege Escalation) Remote (Attack a server / service) Client (Attack a client program) Memory corruption: Exploit memory-unsafe languages (C, C++)
Van Neumann Architecture RAM CPU <magic> Read: Data Instructions Write: Data Instructions
Intel: Little endianness 32 bit = 4 bytes 2864434397 Number in Decimal (10) 0xAABBCCDD Number in Hex (16) DD CC BB AA Little Endian Storage 1 2 3 4
Important Intel Registers 32 64 Acronym Points to? EIP RIP Instruction Pointer Next instruction to be executed ESP RSP Stack Pointer Top of Stack EBP RBP Base Pointer Current Stack Frame (Bottom) Also: EAX, EBX, ECX, EDI, ESI, R8-R12
Process Memory Layout in Linux 0xc0000000 0xbfffffff Stack char array[16]; malloc(16) Heap Code mapping ELF File 0x0804800 0x0000000
Our objective (spoiler alert!)
Stack based buffer overflow exploit 0xAA00 char firstname[64] SIP 0xAA00 CODE CODE CODE CODE CODE AA00 Jump to buffer with shellcode
Stack based buffer overflow exploit 0xFF00 char firstname[64] SIP 0xAA00 CODE CODE CODE CODE CODE AA00 Jump to buffer with shellcode
Defeat Exploit Mitigations So… Intel Architecture Buffer Overflow Memory Layout C Arrays BoF Exploit Assembler Remote Exploit Shellcode Exploit Mitigations Function Calls Defeat Exploit Mitigations Debugging