SlideShare a Scribd company logo

Art of Exploit Writing

n|u - The Open Security Community, profile picture
n|u - The Open Security Community

This document discusses the art of exploit writing and penetration testing. It provides an overview of buffer overflow techniques, including stack and heap overflows. It explains the process memory organization and stack structure in computers. The document demonstrates buffer overflow exploits and discusses techniques like fuzzing and avoiding bad characters. The goal is to help security researchers and penetration testers work hard toward mastery of exploit writing through experience over time.

1 of 12
Downloaded 42 times
1
2
3
4
5
6
7
8
9
10
11
12
ART OF EXPLOIT WRITING Ashfaq Ansari Security Researcher & Penetration Tester Founder Of: HackSys Team http://hacksys.vfreaks.com/ null Meet @Bangalore – 19th Jan 2013
Buffer Overflow • Writing more data into a buffer than the allocated size. • Two types: – Stack Overflow corrupt the execution stack by writing past the end of an array (aka. smashing the stack/ stack overflow) – Heap Overflow corrupt the heap
Process Memory Organization • Fixed by the program Text • Read-only Text Data • Initialized & Uninitialized Data • Static variables are stored here Heap Data • Local variables for functions • Return address and local stack pointer Stack Stack
The Stack - We Must Know Him • Stack is LIFO – Last In First LIFO Out • PUSH & POP operation Buffer 2 • Dynamically allocate local Buffer 1 Used variables used in functions • Pass parameters to functions, etc. SFP RET • Stack Pointer (SP) points a Info to the top of the stack • Contains return address and local stack pointer b c
x86 General Purpose Register
Fuzzing
Overview • Black Box software testing technique, which helps in finding implementation 1 bugs using malformed /semi-malformed data injection in an automated fashion 2 • Lazy mans tool
The Stack - Overflow Buffer • Overwritten by A’s & AAAA B’s AAAA 1&2 AAAA BBBB SFP • Overwritten by C’s BBBB CCCC DDDD AAAA • Return Overwritten RET by D’s AAAA AAAA
Bad Characters x00 x0a x0d NULL n r
DEMO
Work Hard Toward Mastery Achieve Mastery Exploits Worked On Get Experienced Get Familiar Time Spent
Art of Exploit Writing

More Related Content

PDF
Practical Cocoapods
Michele Titolo
 
PDF
Combining the strength of erlang and Ruby
Martin Rehfeld
 
ODP
Un tesoro nascosto nella linea di comando
Daniele Albrizio
 
PDF
2 buffer overflows
Karthic Rao
 
PDF
ARM procedure calling conventions and recursion
Stephan Cadene
 
ODP
Emo-Exploitation
w0nd
 
PDF
Presentation buffer overflow attacks and theircountermeasures
tharindunew
 
PDF
Basic buffer overflow part1
Payampardaz
 
Practical Cocoapods
Michele Titolo
 
Combining the strength of erlang and Ruby
Martin Rehfeld
 
Un tesoro nascosto nella linea di comando
Daniele Albrizio
 
2 buffer overflows
Karthic Rao
 
ARM procedure calling conventions and recursion
Stephan Cadene
 
Emo-Exploitation
w0nd
 
Presentation buffer overflow attacks and theircountermeasures
tharindunew
 
Basic buffer overflow part1
Payampardaz
 

Similar to Art of Exploit Writing (20)

PPTX
fjfh mjgkj jkhglkjh jhlkh lhlkkhl kjhjkhjk
ahmed8790
 
PPTX
Stack-Based Buffer Overflows
Daniel Tumser
 
PDF
StackOverflow
Susam Pal
 
PDF
Writing Efficient Code Feb 08
Ganesh Samarthyam
 
PPTX
Buffer overflow – Smashing The Stack
Tomer Zait
 
PPT
Software Exploitation Techniques by Amit Malik
n|u - The Open Security Community
 
DOC
C Languagel Classroom Training
Srihitha Technologies
 
ODP
Local Exploits
Carles Mateu
 
PPT
C for Microcontrollers
LloydMoore
 
PDF
Writing exploits
Security Session
 
PDF
Nethemba - Writing exploits
OWASP (Open Web Application Security Project)
 
PDF
Smashing The Stack
Daniele Bellavista
 
PDF
Fuzzing - Part 1
UTD Computer Security Group
 
ODP
Interview questions slide deck
MikeBegley
 
ODP
Exploiting Memory Overflows
Ankur Tyagi
 
PPTX
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
securityxploded
 
PDF
Buffer Overflow - Smashing the Stack
ironSource
 
PPTX
Light And Dark Side Of Code Instrumentation
Positive Hack Days
 
PPT
Course1
Constantin Nicolae
 
PDF
PPU Optimisation Lesson
slantsixgames
 
fjfh mjgkj jkhglkjh jhlkh lhlkkhl kjhjkhjk
ahmed8790
 
Stack-Based Buffer Overflows
Daniel Tumser
 
StackOverflow
Susam Pal
 
Writing Efficient Code Feb 08
Ganesh Samarthyam
 
Buffer overflow – Smashing The Stack
Tomer Zait
 
Software Exploitation Techniques by Amit Malik
n|u - The Open Security Community
 
C Languagel Classroom Training
Srihitha Technologies
 
Local Exploits
Carles Mateu
 
C for Microcontrollers
LloydMoore
 
Writing exploits
Security Session
 
Nethemba - Writing exploits
OWASP (Open Web Application Security Project)
 
Smashing The Stack
Daniele Bellavista
 
Fuzzing - Part 1
UTD Computer Security Group
 
Interview questions slide deck
MikeBegley
 
Exploiting Memory Overflows
Ankur Tyagi
 
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
securityxploded
 
Buffer Overflow - Smashing the Stack
ironSource
 
Light And Dark Side Of Code Instrumentation
Positive Hack Days
 
Course1
Constantin Nicolae
 
PPU Optimisation Lesson
slantsixgames
 
Ad

More from n|u - The Open Security Community (20)

PDF
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
PDF
Osint primer
n|u - The Open Security Community
 
PPTX
SSRF exploit the trust relationship
n|u - The Open Security Community
 
PPTX
Nmap basics
n|u - The Open Security Community
 
PDF
Metasploit primary
n|u - The Open Security Community
 
PDF
Api security-testing
n|u - The Open Security Community
 
PDF
Introduction to TLS 1.3
n|u - The Open Security Community
 
PDF
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
PDF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
PPTX
Building active directory lab for red teaming
n|u - The Open Security Community
 
PPTX
Owning a company through their logs
n|u - The Open Security Community
 
PPTX
Introduction to shodan
n|u - The Open Security Community
 
PDF
Cloud security
n|u - The Open Security Community
 
PDF
Detecting persistence in windows
n|u - The Open Security Community
 
PPTX
Frida - Objection Tool Usage
n|u - The Open Security Community
 
PDF
OSQuery - Monitoring System Process
n|u - The Open Security Community
 
PDF
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
PDF
Extensible markup language attacks
n|u - The Open Security Community
 
PPTX
Linux for hackers
n|u - The Open Security Community
 
PDF
Android Pentesting
n|u - The Open Security Community
 
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
Osint primer
n|u - The Open Security Community
 
SSRF exploit the trust relationship
n|u - The Open Security Community
 
Nmap basics
n|u - The Open Security Community
 
Metasploit primary
n|u - The Open Security Community
 
Api security-testing
n|u - The Open Security Community
 
Introduction to TLS 1.3
n|u - The Open Security Community
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
Talking About SSRF,CRLF
n|u - The Open Security Community
 
Building active directory lab for red teaming
n|u - The Open Security Community
 
Owning a company through their logs
n|u - The Open Security Community
 
Introduction to shodan
n|u - The Open Security Community
 
Cloud security
n|u - The Open Security Community
 
Detecting persistence in windows
n|u - The Open Security Community
 
Frida - Objection Tool Usage
n|u - The Open Security Community
 
OSQuery - Monitoring System Process
n|u - The Open Security Community
 
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Extensible markup language attacks
n|u - The Open Security Community
 
Linux for hackers
n|u - The Open Security Community
 
Android Pentesting
n|u - The Open Security Community
 
Ad

Art of Exploit Writing

  • 1. ART OF EXPLOIT WRITING Ashfaq Ansari Security Researcher & Penetration Tester Founder Of: HackSys Team http://hacksys.vfreaks.com/ null Meet @Bangalore – 19th Jan 2013
  • 2. Buffer Overflow • Writing more data into a buffer than the allocated size. • Two types: – Stack Overflow corrupt the execution stack by writing past the end of an array (aka. smashing the stack/ stack overflow) – Heap Overflow corrupt the heap
  • 3. Process Memory Organization • Fixed by the program Text • Read-only Text Data • Initialized & Uninitialized Data • Static variables are stored here Heap Data • Local variables for functions • Return address and local stack pointer Stack Stack
  • 4. The Stack - We Must Know Him • Stack is LIFO – Last In First LIFO Out • PUSH & POP operation Buffer 2 • Dynamically allocate local Buffer 1 Used variables used in functions • Pass parameters to functions, etc. SFP RET • Stack Pointer (SP) points a Info to the top of the stack • Contains return address and local stack pointer b c
  • 7. Overview • Black Box software testing technique, which helps in finding implementation 1 bugs using malformed /semi-malformed data injection in an automated fashion 2 • Lazy mans tool
  • 8. The Stack - Overflow Buffer • Overwritten by A’s & AAAA B’s AAAA 1&2 AAAA BBBB SFP • Overwritten by C’s BBBB CCCC DDDD AAAA • Return Overwritten RET by D’s AAAA AAAA
  • 9. Bad Characters x00 x0a x0d NULL n r
  • 10. DEMO
  • 11. Work Hard Toward Mastery Achieve Mastery Exploits Worked On Get Experienced Get Familiar Time Spent