rpisec.org/2013/ /exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1
RPISEC - 09/13/2013Intro to Memory Corruption2
The simplest definition – To change data the program uses in ways that were not intended by the programmer So what does this actually mean? And what can we do with it? Let’s take a look at exercise one RPISEC - 09/13/2013Intro to Memory Corruption3
RPISEC - 09/13/2013Intro to Memory Corruption4
You just overflowed your first buffer! But in a controlled manner A more reckless overflow would probably result in the program segfaulting segfault: An error reading/writing to memory RPISEC - 09/13/2013Intro to Memory Corruption5
The stack is how a program maintains variables and their data during execution This is main()’s stack > Omg wut have we done Is_zero == ‘U’ == 85 RPISEC - 09/13/2013Intro to Memory Corruption6
RPISEC - 09/13/2013Intro to Memory Corruption7
What if we overwrote the return address that’s stored further down the stack? The return address tells the program where to go after a completing a function call In this case, we’d segfault… but what if we set it to something more meaningful than AAAA? RPISEC - 09/13/2013Intro to Memory Corruption8
RPISEC - 09/13/2013Intro to Memory Corruption9
RPISEC - 09/13/2013Intro to Memory Corruption10
What we just did was take control of the program’s execution flow, and bend it the way of our will What if this program was running on a server? Or perhaps running under an admin user? Security – To ensure and maintain complete control of the execution flow of your program RPISEC - 09/13/2013Intro to Memory Corruption11
This time, we overwrote the return address, effectively telling the program where it should go next What if we could insert our OWN code into the program, and point the return address towards that? - ‘shellcode’ … Next time ;) RPISEC - 09/13/2013Intro to Memory Corruption12
To really become good at exploitation, you need to have a solid grasp on the low level stuff This means knowing x86 assembly, how the stack works, and how data is typically laid out in memory RPISEC - 09/13/2013Intro to Memory Corruption13
Welcome to real Hacking! Related wargames: – io.smashthestack.org – exploit-exercises.com/protostar Come to our ‘advanced’ meeting, Wednesday! We’ll be rolling our own shellcode :> RPISEC - 09/13/2013Intro to Memory Corruption14