-
Adam Pankow authored81d47bbd
Exploit Development
Rationale
Exploit development is a potential phase or outcome of reverse engineering. When performing exploit development, a Cyber actor actively digs into a target object with the aim of understanding how it works better than its creators. As the Cyber actor gains more understanding of the object, they may find unintended functionality or vulnerabilities that the creators did not mitigate. These unknown vulnerabilities are particularly dangerous as they can be actively exploited by attackers. Alternatively, they can be mitigated by defenders if found before attackers exploit them.
Buffer Overflow Common Terms
-
Heap - memory that can be allocated and deallocated
-
Stack - a contiguous section of memory used for passing arguments
-
Registers - Storage elements as close as possible to the central processing unit (CPU)
-
Instruction Pointer (IP) - AKA Program Counter (PC) contains the address of next instruction to be executed
-
Stack Pointer (SP) - Contains the address of the next available space on the stack
-
Base Pointer (BP) - The base of the stack
-
Function - Code that is separate from the main program that is often used to replace code the repeats in order to make the program smaller and more efficient
-
Shellcode - The code that is executed once an exploit successfully takes advantage of a vulnerability
Buffer Overflow Defenses
-
Non executable (NX) stack
-
Address Space Layout Randomization (ASLR)
-
Data Execution Prevention (DEP)
-
Stack Canaries
-
Position Independent Executable (PIE)
GDB Uses
INSTALL of Peda Plugin
git clone https://github.com/longld/peda.git ~/peda echo "source ~/peda/peda.py" >> ~/.gdbinit
Common Commands
disass <FUNCTION> - Disassemble portion of the program info <...> - Supply info for specific stack areas x/256c $<REGISTER> - Read characters from specific register break <address> - Establish a break point