Dobin 0x02_Intro-Technical.pdf

There is no difference between data and code.

It is possible to create an image which executes code:

• If this is intentional, it's a feature
• If this is not intentional, the picture is an exploit (exploiting a bug/vulnerability)

How:

• M ake the orignal program (code) execute our (the attackers) own code (data) by writing into memory locations at runtime which influence where code is being read from.

Vulnerability types:

• Memory corruption
• Authentication
• Authorization
• Configuration error
• Input validation
• Logic error
• Sensitive data protection
• Session management
• Encoding Error
• Cryptographic Errors
• Permission Problems
• ...

Memory corruption occours in a computer program when the contents of a memory location are unintentionally modified due to programming errors; this is termed violation memory safety. When the corrupted memoryn contents are used later in that program, it lead either to a program crash or th strange and bizarre program behavior.

Simple definition of exploit:

• to get value or use from (something)
• to us (someone or something) in a way that helps you unfairly

Full definition of exploit

• to make productive use of : utilize
  • <exploiting your talents><exploit your opponent's weakness>
• to make use of meanly or unfairly for one's own advantage
  • <exploiting migrant farm workers>

• to exploit (verb): To take advantage of a vulnerability so that the target system reacts in a manner other than which the designer intended.
• the exploit (noun): the tool, set of instructions, or code that is used to take advantage of a vulnerability.

• Local 
• Server-side
• Client-side
• Remote

Local Exploit:

• Attacker is already on a host
• Wants to execute his code with higher privileges
• "privilege escalation"

Linux:

• User -> root
• E.g.: www-data -> root

Windows:

• User -> Local Admin (-> System)

Remote Exploit 

• Attacker can directly talk with a server software on a host
• Attacker whants to execute his code on the remote host

Client Exploit:

• Attacker can influnce data which a client recieves
• Wants to execute his code on the client host

Examples:

• Browser
  • Flash
  • Java
  • Image Viewer
• Word
• Putty
• Git

Software that is developed in unsafe programming langues is vulnerable against memory corruption.

Unsafe programming languages:

• (ASM)
• C
• C++
• Fortran

Applications written in C/C++

• IE, Chrome, Firefox
• Apache / IIS
• Postfix, Sendmail
• BIND
• MS Office / LibreOffice
• Antivirus
• Other "Security" Software

Not affected:

Software written in interpreted languages

• PHP
• Perl
• Ruby
• Bash
• Python
• JavaScript

Languages with strict bound checking

• Rust
• C#
• Java
• Go

Exceptions: Native calls

"A program is a set of instructions which is controlled by data"

In other words:

"Data is manipulating the program instruction flow of a program, not the other way around."

In computer security, the wied machine is a computational artifact where additional code execution can happen outside the original specification of the program.

It is closely related to the concepts of weird instructions, which are the building blocks of an exploit based on crafted input data.

Dain very detailed understanding of:

• Program logic
• Implementation of "hidden machanics"
  • Stack, Heap etc...
• Error conditions

This leads from:

• These bugs randomly crashes my program

To:

• These bugs let me reliably execute arbitrary code