c2b_default

Dobin 0x44_RemoteExploit.pdf

Dobin 0x44_RemoteExploit.pdf

Dobin 0x44_RemoteExploit.pdf

11
0.0 (0)

Set of flashcards Details

Flashcards 11
Language English
Category Computer Science
Level University
Created / Updated 24.06.2019 / 24.06.2019
Weblink
https://card2brain.ch/box/20190624_dobin_0x44remoteexploit_pdf
Embed
<iframe src="https://card2brain.ch/box/20190624_dobin_0x44remoteexploit_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
Study

What is a remote exploit?

Attacking an application on another computer, via the network

In what can local remote payloads be hidden in?

Local: Payloads can be in:

  • Program arguments
  • File
  • Environment variable
  • etc..

Remote:

  • Packatets
  • Data sent to server

How do you establish a direct connection  to an exploited server?

`

Log in to view images.

Log in to view images.

How does a revershell work?

How is connection reuse doen schematic?

Log in to view images.

How does a deamon work?

WTF is this fork()?

  • Create an exact copy of the current process
    • Dublicate memory pages as COW (copy on write)
  • If return value == 0: Your are in child
  • If return value > 0: Your are the parent

WTF are sockets?

  • "Bidirectional pipes"
  • Pipe: read(), write()
  • Or: An integer which represents a pipe
    • Pretty much like file descriptors (read/write into a file)
  • Child processes inherits sockets of parent
  • Processes write/read to socket
    • OS makes sute it transports it to the other sie (TCP/IP and stuff)

What is a zombie process <defunct>?

A zombie is a child, whose parent did not check their status after it died or was killed.

What if the parent of child dies?

When the parent of a child dies, the child gets adopted by init (pid1)

What are the schematics of a remote exploit?

Log in to view images.

What are two tools to interact with a remote server?

  • Telnet
  • Netcat (nc) [is like "telnet" but much simpler

The alow for the sending and receiving of bytes.

How can you debug a remote exploit?

When executing the exploit:

  • GDB will see fork()
  • GDB will detach from parent
  • GDB will attack to child
  • Memory corruption in child -> debug along

If you want to try an improved exploit? attach again:
(gdb) attack <pid>
(gdb) c 

Study