Technical paper: Linux exploit development part 3 - ret2libc
Demo paper: Linux exploit development part 3 (rev 2) - Real app demo ret2libc
Video demo:
Linux exploit development part 3 (rev 2) - Real app demo from sickness on Vimeo.
Saturday, April 23, 2011
Linux exploit development part 3 (rev 2) - Real app demo ret2libc
As you have probably expected this is the real application demo + video demo of my part 3 of the Linux exploit development series.
Technical paper: Linux exploit development part 3 - ret2libc
Demo paper: Linux exploit development part 3 (rev 2) - Real app demo ret2libc
Video demo:
Technical paper: Linux exploit development part 3 - ret2libc
Demo paper: Linux exploit development part 3 (rev 2) - Real app demo ret2libc
Video demo:
Tuesday, April 12, 2011
Linux Exploit Development Pt 2 (rev 2) - Real App Demo (part 2)
Question:
In short why another part 2 if we already have one?
Answer:
Recently I've been receiving feedback from people who have read the papers and amongst those _sinn3r and corelanc0d3r actually recommended I should also give examples using real vulnerable application.
About the paper:
I will not be repeating myself, this paper does not contain any theory in it. If you do not have the required knowledge I suggest you first read my part 2 paper before trying this: Linux Exploit Writing Tutorial Pt 2 - Stack Overflow ASLR bypass Using ret2reg
The paper can be found here and long with the paper I've also made a quick video demonstration:
Hope you enjoy it and have fun :)
In short why another part 2 if we already have one?
Answer:
Recently I've been receiving feedback from people who have read the papers and amongst those _sinn3r and corelanc0d3r actually recommended I should also give examples using real vulnerable application.
About the paper:
I will not be repeating myself, this paper does not contain any theory in it. If you do not have the required knowledge I suggest you first read my part 2 paper before trying this: Linux Exploit Writing Tutorial Pt 2 - Stack Overflow ASLR bypass Using ret2reg
The paper can be found here and long with the paper I've also made a quick video demonstration:
Linux exploit development part 2 (rev 2) - Demo from sickness on Vimeo.
Hope you enjoy it and have fun :)
Friday, April 8, 2011
Linux exploit development part 3 - ret2libc
I'm not going to repeat myself from the paper, this will just be a short description of what the paper contains.
So in the previous tutorials our exploits were made on Backtrack 4 R2 now we are going to make them on Debian Squeeze (latest) because Backtrack does not have DEP enabled by default (PAE enabled kernel on 32 bits).
In short terms DEP or NX prevents some stack or heap memory spaces from being executed, it also prevents executable memory from being writable. This is very effective against buffer overflows that inject and execute malicious code. (More about NX here)
How to bypass this !? ... -> Linux exploit development part 3 - ret2libc.pdf
So in the previous tutorials our exploits were made on Backtrack 4 R2 now we are going to make them on Debian Squeeze (latest) because Backtrack does not have DEP enabled by default (PAE enabled kernel on 32 bits).
In short terms DEP or NX prevents some stack or heap memory spaces from being executed, it also prevents executable memory from being writable. This is very effective against buffer overflows that inject and execute malicious code. (More about NX here)
How to bypass this !? ... -> Linux exploit development part 3 - ret2libc.pdf
Subscribe to:
Posts (Atom)