2. Disclaimer
Dilarang merubah isi modul dan menggandakan
modul ini tanpa seijin penulis
Copyright By Hatsecure
Copyright By Hatsecure Advanced Exploit Development
3. Table of Contents
Introduction......................................................................................................... 1
0x01 Classic stack overflow....................................................................... 2
Objective................................................................................................ 2
Overview.................................................................................................... 2
Exercise....................................................................................................... 2
Free float FTP Vulnerability................................................................... 3
Fuzzing : Crash the service............................................................... 3
Fuzzing : Finding the Right Offset to EIP.......................................... 3
Controlling the EIP........................................................................... 3
Take over the victim.......................................................................... 3
Conclusion.............................................................................................. 3
0x02 Bypassing Structured Exception Handling.................................. 3
Objective................................................................................................ 3
Overview........................................................................................... 3
Structured Exception Handling......................................................... 3
SEH / Safe SEH Bypassing Theory.................................................... 3
Testing SEH / SafeSEH protection.................................................... 3
Exercise............................................................................................. 3
All Media Server Vulnerability................................................................ 3
Module intruction mapping................................................................ 3
Returning into our shellcode............................................................. 3
Conclusion.............................................................................................. 3
0x03 Bypassing Data Exception Prevention.......................................... 3
Objective................................................................................................ 3
Overview........................................................................................... 3
Copyright By Hatsecure Advanced Exploit Development
4. Data Exception Prevention................................................................ 3
DEP Bypassing theory....................................................................... 3
Testing DEP Protection..................................................................... 3
Case Of study : Sami FTP Vulnerability................................................. 3
Return Oriented Programming.......................................................... 3
Defeating DEP with ROP.................................................................. 3
Returning into our shellcode............................................................. 3
Conclusion.............................................................................................. 3
0x03 Bypassing ASLR in windows 7......................................................... 3
Objective................................................................................................ 3
Overview........................................................................................... 3
Address Space Layout Randomization.............................................. 3
ASLR bypass theory.......................................................................... 3
0x04 Heap Memory Exploitation............................................................... 3
Objective................................................................................................ 3
Overview........................................................................................... 3
Heap Memory Layout........................................................................ 3
Case Of Study : Heap Spraying Internet Explorer................................. 3
Heap Spray Technique....................................................................... 3
Triggering Vulnerability..................................................................... 3
Returning into heap buffer................................................................ 3
Conclusion.............................................................................................. 3
0x05 Metasploit Module Development................................................... 3
Objective................................................................................................ 3
Overview........................................................................................... 3
Convert your exploit to metasploit module...................................... 3
Copyright By Hatsecure Advanced Exploit Development
5. 0x06 Shellcode Development..................................................................... 3
Objective................................................................................................ 3
Overview........................................................................................... 3
Software Required............................................................................ 3
Windows API.................................................................................... 3
Static Shellcode Writing......................................................................... 3
Message Box..................................................................................... 3
Windows Execute............................................................................. 3
Combination shellcode...................................................................... 3
Convert your shellcode to metasploit module................................. 3
Shellcode Injection with metasploit....................................................... 3
Reporting................................................................................................ 3
Copyright By Hatsecure Advanced Exploit Development
6. Introduction
Exploit adalah suatu script yang menyerang melalui celah keamanan komputer
secara spesifik. Dalam exploit terkadang ditemukan suatu shellcode, shellcode
inilah yang menjadi suatu amunisi dari tool exploit.
Tool exploit bukan hal yang asing oleh seseorang yang menjadi praktisi
keamanan. Tool ini bisa digunakan untuk menguji keamanan secara legal.
Pada training “advanced exploit development” ini kita akan membahas dan
mengupas bagaimana seorang praktisi keamanan mencari celah keamanan,
membuat dan mengembangkan exploit.
Copyright By Hatsecure Advanced Exploit Development
7. 0x01 Classic Stack Overflow
Objective
• Memahami konsep stack overflow
• Memahami metode debugging
• Memahami metode fuzzing atau fuzz testing
• Mampu mengeksploitasi celah stack overflow
Overview
Celah basis stack overflow terjadi ketika software melakukan penulisan data
melebihi kapasitas buffer. Sehingga data yang melebihi tersebut akan merubah
nilai yang ada dalam register memory.
Contoh source code yang memiliki celah stack overflow :
Source code diatas ketika kita kompilasi dan eksekusi.Kita hanya dapat mengisi
data maksimal 20 karakter dan apabila lebih dari 20 karakter, data yang kita
masukkan akan merubah nilai yang ada dalam register memory.
Exercise
Cobalah untuk mengulang hingga memahami konsep dan eksploitasi stack
overflow
Copyright By Hatsecure Advanced Exploit Development
#include <stdio.h>
int main(){
char data[20];
printf(“Masukkan data : “);
gets(data);
return 0;
}