IT Security - think like a hacker: December 2013

I will show how simple the basics of exploitation are. And I mean it's really simple.
We will illustrate what happens when program takes user input, what happens when a buffer is overflowed and take control of the execution of the program and redirect it to an area you do not have access.

Now this program reads user input into a buffer and then outputs it. Then there is this other function that says you exploited a vulnerability. In theory you can never get that function to run. "i" is set to 0 and need to equal 1. Go ahead and try it. only the return_input function works.
here's a first try:

I wrote 10 A's and it wrote back 10 A's on the screen.
What if I try more A's:

Thats what we want! Lets take a look in a debugger:

Lets crash it and check the registers. Remember, the eip is what will give you control of the program. If we can overwrite that register, we can gain control of execution. Lets try:

yes! We overwrote the eip register with 43s (i.e. D). We need to overwrite exactly the 4bytes of eip. lets try:

Bingo! we overwrote the eip with our 4 As. Now we couold replace the 4 As with an actual address, but what? Sometimes it is enough to access an unauthorized part of a program rather than have a shell, so lets keep it simple and try that. Let's see what the program looks like with [disas main] and find where we want to go:

At address 0x08048463, it calls the bingo function, a function I cannot access. (you could pretend it's authentication etc.)
Well we have our address, lets quit the debugger and exploit the program. Remember, we have to reverse the bytes!

Voila, we got the program to access a function that we had no access to!
See, the underlying basics of exploitation are really simple.
“In the midst of chaos, there is also opportunity” ― Sun-Tzu

IT Security - think like a hacker

Tuesday 31 December 2013

Introduction to exploitation

Monday 30 December 2013

t3h l33t 5cr1pt, where you can speak like a leet faster than your shadow