Jieun Song 2014.12.04 Port-Binding & Connect-Back Shellcode.

Slides:



Advertisements
Similar presentations
Sockets: Network IPC Internet Socket UNIX Domain Socket.
Advertisements

Networked Graphics Building Networked Virtual Environments and Networked Games Distributed Objects, Exchange of Information, Socket Programming.
Today’s topic: Basic TCP API –Socket –Bind –Listen –Connect –Accept –Read –Write –Close.
Networks: TCP/IP Socket Calls1 Elementary TCP Sockets Chapter 4 UNIX Network Programming Vol. 1, Second Ed. Stevens.
Elementary TCP Sockets Chapter 4 UNIX Network Programming Vol. 1, Second Ed. Stevens.
Quick Overview. 2 ISO/OSI Reference Model Application Application Presentation Presentation Session Session Transport Transport Network Network Data Link.
1 Netcomm Recitation 1: Sockets Communication Networks Recitation 1.
1 Netcomm Sockets Communication Networks Recitation 1.
Windows Sockets Purpose Windows Sockets 2 (Winsock) enables programmers to create advanced internet, intranet, and other network-capable applications to.
1 Socket Interfaces Professor Jinhua Guo CIS527 Fall 2003.
Tutorial 8 Socket Programming
UDP: User Datagram Protocol. UDP: User Datagram Protocol [RFC 768] r “bare bones”, “best effort” transport protocol r connectionless: m no handshaking.
CS 311 – Lecture 18 Outline IPC via Sockets – Server side socket() bind() accept() listen() – Client side connect() Lecture 181CS Operating Systems.
Socket Addresses. Domains Internet domains –familiar with these Unix domains –for processes communicating on the same hosts –not sure of widespread use.
ISP – 9 th Recitation Socket programming – Client side.
UNIX Sockets COS 461 Precept 1. Clients and Servers Client program – Running on end host – Requests service – E.g., Web browser Server program – Running.
1 Tutorial on Socket Programming Computer Networks - CSC 458 Department of Computer Science Yukun Zhu (Slides are mainly from Monia Ghobadi, and Amin Tootoonchian,
Basic Socket Programming TCP/IP overview. TCP interface Reference: –UNIX Network Programming, by Richard Stevens. –UNIX man page.
Socket Programming Based on tutorial prepared by EUISOK CHUNG CS3320 Spring2008.
TCP Socket Programming. r An abstract interface provided to the application programmer  File descriptor, allows apps to read/write to the network r Allows.
ECE 4110 – Internetwork Programming Client-Server Model.
1 Networking (Stack and Sockets API). 2 Topic Overview Introduction –Protocol Models –Linux Kernel Support TCP/IP Sockets –Usage –Attributes –Example.
TCP/IP Protocol Stack IP Device Drivers TCPUDP Application Sockets (Gate to network) TCP: –Establish connection –Maintain connection during the communication.
Assignment 3 A Client/Server Application: Chatroom.
Network Programming Tutorial #9 CPSC 261. A socket is one end of a virtual communication channel Provides network connectivity to any other socket anywhere.
Socket Programming. Introduction Sockets are a protocol independent method of creating a connection between processes. Sockets can be either – Connection.
Zhu Reference: Daniel Spangenberger Computer Networks, Fall 2007 PPT-4 Socket Programming.
CS345 Operating Systems Φροντιστήριο Άσκησης 2. Inter-process communication Exchange data among processes Methods –Signal –Pipe –Sockets.
IT1352-NETWORK PROGRAMMING AND MANAGEMENT
Sirak Kaewjamnong Computer Network Systems
Server Sockets: A server socket listens on a given port Many different clients may be connecting to that port Ideally, you would like a separate file descriptor.
CS162B: IPv4 Socketing Jacob T. Chan. Socketing in the Real World  Most computer games are multiplayer in nature or have multiplayer components  DotA,
Sockets API Overview Sockets with UDP Sockets with TCP Fast Sockets (Fast UDP) IP Multicasting.
 Wind River Systems, Inc Chapter - 13 Network Programming.
Remote Shell CS230 Project #4 Assigned : Due date :
Networking Tutorial Special Interest Group for Software Engineering Luke Rajlich.
CS 158A1 1.4 Implementing Network Software Phenomenal success of the Internet: – Computer # connected doubled every year since 1981, now approaching 200.
1 Computer Networks An Introduction to Computer Networks University of Tehran Dept. of EE and Computer Engineering By: Dr. Nasser Yazdani Lecture 3: Sockets.
TELE202 Lecture 15 Socket programming 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »TCP/UDP (2) »Source: chapter 17 ¥This Lecture »Socket programming.
University of Calgary – CPSC 441.  A socket is an interface between the application and the network (the lower levels of the protocol stack)  The application.
Introduction to Socket
Socket Programming Tutorial Department of Computer Science Southern Illinois University Edwardsville Fall, 2015 Dr. Hiroshi Fujinoki
Socket Programming Lab 1 1CS Computer Networks.
CSCI 330 UNIX and Network Programming Unit XV: Transmission Control Protocol.
S OCKET P ROGRAMMING IN C Professor: Dr. Shu-Ching Chen TA: HsinYu Ha.
Intro to Socket Programming CS 360. Page 2 CS 360, WSU Vancouver Two views: Server vs. Client Servers LISTEN for a connection and respond when one is.
Introduction to Sockets
S OCKET P ROGRAMMING IN C Professor: Dr. Shu-Ching Chen TA: Hsin-Yu Ha.
CSCI 330 UNIX and Network Programming Unit XIV: User Datagram Protocol.
回到第一頁 Client/sever model n Client asks (request) – server provides (response) n Typically: single server - multiple clients n The server does not need.
UNIX Sockets Outline UNIX sockets CS 640.
1 Spring Semester 2008, Dept. of Computer Science, Technion Internet Networking recitation #7 Socket Programming.
Carnegie Mellon Proxy & Networking : Introduction to Computer Systems – Recitation H April 11, 2011.
Lecture 15 Socket Programming CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.
Socket Programming in C CS587x Lecture 3 Department of Computer Science Iowa State University.
1 Socket Interface. 2 Client-Server Architecture The client is the one who speaks first Typical client-server situations  Client and server on the same.
Socket Programming(1/2). Outline  1. Introduction to Network Programming  2. Network Architecture – Client/Server Model  3. TCP Socket Programming.
1 Socket Interface. 2 Basic Sockets API Review Socket Library TCPUDP IP EthernetPPP ARP DHCP, Mail, WWW, TELNET, FTP... Network cardCom Layer 4 / Transport.
SOCKET PROGRAMMING Presented By : Divya Sharma.
Assignment 3 A Client/Server Application: Chatroom
Socket Programming in C
Transport layer API: Socket Programming
Socket Programming in C
TCP Sockets Programming
Advanced Network Programming spring 2007
Socket Programming(1/2)
Sockets Programming Socket to me!.
Sockets Programming Socket to me!.
Internet Networking recitation #8
Sockets.
Presentation transcript:

Jieun Song Port-Binding & Connect-Back Shellcode

Port Binding and Connect-back Shellcode 2 Limitation of the Local Shellcodes –When exploiting a remote program, the local shell-code cannot open the shell to the attacker on a remote place –The injected shellcode needs to communicate over the network to deliver an interactive root prompt Port-binding Shellcode and Connect-back Shellcode –The shellcodes work as a network server / a network client –An attacker can use a shell at a remote place through a network connection

Contents Basic of Socket Programming and Network Connection Server side For better understanding of Port-binding Shellcode Client side For better understanding of Connect-back Shellcode Socket Programming in AssemblyHow to make a Port-binding ShellcodeDifference between Port-binding and Connect-backHow to make a Connect-back ShellcodeDemonstration 3

Socket Programming A.k.a Network Programming –Making a program which has network communication capability Socket –An interface, a data structure, and a descriptor –Commonly used at both of server and client side End-to-end Interface –Working on the transportation level (L4) 4

Socket Communication Mechanism Brief Work Flow of Socket Programming 5

Server Side Socket Programming (1/6) Socket Creation: ‘socket()’ -Socket constructor for a server or a client -Parameters -af : Address Family -AF_INET : IPv4 -AF_INET6 : IPv6 -AF_UNSPEC : Unspecified -type : Socket Type -SOCK_STREAM : TCP Stream -SOCK_DGRAM : UDP Datagram -protocol : ICMP, IGMP, TCP, UDP, and etc. 6

Server Side Socket Programming (2/6) Binding a Socket to a Port : ‘bind()’ -Parameters -s : a socket created by socket() -name : a pointer of socket address structure (sockaddr) -namelen : length of the socketaddr structure -Return -Error code 7

Server Side Socket Programming (3/6) Socket Address Structure : ‘sockaddr’ & ‘sockaddr_in’ Sockaddr : General address structure –sa_family : Socket address family –sa_data[14] : Addresses data in various formats sockaddr_in : Only for IPv4 Addresses –sin_family : Should be AF_INET (IPv4 Address family) –sin_port : TCP/UDP Port number –sin_addr : 32 bits IPv4 address 8

Server Side Socket Programming (4/6) Open Listen Port : ‘listen()’ –Now this socket and the bound port work as a server Parameters –s : a Socket used for listen the incoming connections –backlog : the maximum queue size for connection requests Return –Error code 9

Server Side Socket Programming (5/6) Accept an Incoming Connection: ‘accept()’ –‘Accept’ makes a communication socket newly with a new port –The ‘listen’ socket and port are not the communication socket Parameters –s : Listen socket (Input) –addr : Address of the accepted client (Output) –addrlen : Length of available(Input), and returned (Output) address structure Return –Communication socket 10

Server Side Socket Programming (6/6) Data Communication : ‘read()’ and ‘write()’ –send() and receive() in some system calls Disconnection : ‘shutdown()’ and ‘close()’ –shutdown send the disconnection message to the other side It declares that the socket will not send/receive the data anymore Shutdowned socket waits to the ‘FIN_ACK’ from the other side –Close blocks the every functionality and resources of the socket Close without clear shutdown makes ‘dirty closed’ sockets 11

Client Side Socket Programming Socket Creation, Communication, and Disconnection –Identical to the server side socket Connection : ‘connect()’ Parameters -s : Socket for communication -name : Pointer of the server address structure -namelen : Length of the server address structure 12

Socket Programming in Assembly (1/2) These socket functions can all be accessed with a single Linux system call, aptly named socketcall() 13 Syscall number : 102 Socket(), bind(), listen(), and accept() can be called with syscall 102 Syscall 102 with ebx ebx = 1(Constructor) ebx = 2(SYS_BIND) ebx = 3(SYS_CONNECT) ebx = 4(SYS_LISTEN) ebx = 5(SYS_ACCEPT) -How to use a system call -mov BYTE al, 0x66 ; System call number in eax, 0x66 = 102 -mov ebx 0x01 ; Function code for Constructor 0x01 in ebx -… push parameters in the stack … -int 0x80 ; System call interrupt 0x80

Socket Programming in Assembly (2/2) How to send a command and get result of a shell through a socket? –A socket is also a File Descriptor(FD) Copy Standard FD to a Socket FD –Make a shell enable to write the command and read the result on the socket –A console input as a socket input –A console output as a socket output Dup2( oldfd, newfd) –Systemcall to Set a newfd to a oldfd –Systemcall number : 63 –FD: 0 (StdInput), 1(StdOutput), 2(StdErr) 14 How to call the Dup2() eax : 0x3F ; systemcall number 63 ebx : old Socket FD ecx : new FD int 0x80 ; Systemcall interrupt

How to Make a Port-binding Shellcode 15 ; “Socket Creation“ ; “socket = socket(AF_INET, SOCK_STRAM, 0)”

How to Make a Port-binding Shellcode 16 ; “Binding a port to the created socket“ ; “bind(sock, (struct sockaddr *)&&host_addr, sizeof(struct sockaddr))”

How to Make a Port-binding Shellcode 17 ; “Request to the kernel to use the socket for listening the connection“ ; “listen(sock, 4)”

How to Make a Port-binding Shellcode 18 ; “Accept and make a connection with a client“ ; “accept(sock, NULL, 0)”

How to Make a Port-binding Shellcode 19 ; “dup2“ ; “Set StdInput(0), StdOutput(1), StdErr(2) to the Socket FD”

How to Make a Port-binding Shellcode 20 Making a Shellcode Get a machine language by compiling a shellcode Lastly, we’ve got a 92 Bytes of port-binding shellcode

Port-binding Shell-code vs Connect-Back Shell-code P P ② Server Port Open and Listen ② Server Port Open and Listen Port-binding Shell-code Attacker Victim ① Port-binding Shell-code Infection ① Port-binding Shell-code Infection ③ Connection from Attacker ④ Shell Open Connect-back Shell-code P P ② Client Port Open and Connect ② Client Port Open and Connect Attacker Victim ① Connect-back Shell-code Infection ① Connect-back Shell-code Infection ③ Connect-back from Shell-code ④ Shell Open

Port-binding vs Connect-back Difference in Codes Shell Open execve(“/bin//sh”) File Descriptor Duplication dup2() Connection Establishment accept() Waiting for Connection listen() Port Binding bind() Socket Creation socket() Port-binding Connect-back Different Identical

Connect-back Shell-code Pros-and-Cons Pros –Firewall evasion No inbound connection Cons –Pre-defined Connect-back Address Attacker’s IP addresses can be revealed Disable to change server IP addresses –Domain names are utilizable but still risky to the attacker –No time-on-demand shell Attackers must wait the incoming connection

Connect-back Shell-code In-a-Nutshell Connecting IP address : (attacker’s ip)

DEMO 25

Thank you! 26

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.