SlideShare ist ein Scribd-Unternehmen logo

Syllabus Advanced Exploit Development 22-23 June 2013

Dan H
Dan H

Syllabus advanced exploit development 22-23 June 2013 - Fuzzing - Direct Return - Smashing Stack - Bypass mitigation 1. ASLR (Address space layout randomization) 2. SEH (Structured Exception Handling) 3. Safe SEH (Safe Structured Exception Handling) 4. DEP (Data Execution Prevention) Hari kedua (windows exploit) lebih mantab bro - Heap spray - Web browser exploitation (exploit writing for web browser) - Metasploit Module Development - Denial Of Service using buffer overflow vulnerability - Shellcode Development - Shellcode Injection - Reporting www.hatsecure.com

Technologie
1 von 7
Downloaden Sie, um offline zu lesen
HATSECURE TRAINING #SESSION-1 ADVANCED EXPLOIT DEVELOPMENT Danang Heriyadi danang@hatsecure.com Copyright By Hatsecure Advanced Exploit Development
Disclaimer Dilarang merubah isi modul dan menggandakan modul ini tanpa seijin penulis Copyright By Hatsecure Copyright By Hatsecure Advanced Exploit Development
Table of Contents Introduction......................................................................................................... 1 0x01 Classic stack overflow....................................................................... 2 Objective................................................................................................ 2 Overview.................................................................................................... 2 Exercise....................................................................................................... 2 Free float FTP Vulnerability................................................................... 3 Fuzzing : Crash the service............................................................... 3 Fuzzing : Finding the Right Offset to EIP.......................................... 3 Controlling the EIP........................................................................... 3 Take over the victim.......................................................................... 3 Conclusion.............................................................................................. 3 0x02 Bypassing Structured Exception Handling.................................. 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Structured Exception Handling......................................................... 3 SEH / Safe SEH Bypassing Theory.................................................... 3 Testing SEH / SafeSEH protection.................................................... 3 Exercise............................................................................................. 3 All Media Server Vulnerability................................................................ 3 Module intruction mapping................................................................ 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing Data Exception Prevention.......................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Copyright By Hatsecure Advanced Exploit Development
Data Exception Prevention................................................................ 3 DEP Bypassing theory....................................................................... 3 Testing DEP Protection..................................................................... 3 Case Of study : Sami FTP Vulnerability................................................. 3 Return Oriented Programming.......................................................... 3 Defeating DEP with ROP.................................................................. 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing ASLR in windows 7......................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Address Space Layout Randomization.............................................. 3 ASLR bypass theory.......................................................................... 3 0x04 Heap Memory Exploitation............................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Heap Memory Layout........................................................................ 3 Case Of Study : Heap Spraying Internet Explorer................................. 3 Heap Spray Technique....................................................................... 3 Triggering Vulnerability..................................................................... 3 Returning into heap buffer................................................................ 3 Conclusion.............................................................................................. 3 0x05 Metasploit Module Development................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Convert your exploit to metasploit module...................................... 3 Copyright By Hatsecure Advanced Exploit Development
0x06 Shellcode Development..................................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Software Required............................................................................ 3 Windows API.................................................................................... 3 Static Shellcode Writing......................................................................... 3 Message Box..................................................................................... 3 Windows Execute............................................................................. 3 Combination shellcode...................................................................... 3 Convert your shellcode to metasploit module................................. 3 Shellcode Injection with metasploit....................................................... 3 Reporting................................................................................................ 3 Copyright By Hatsecure Advanced Exploit Development
Introduction Exploit adalah suatu script yang menyerang melalui celah keamanan komputer secara spesifik. Dalam exploit terkadang ditemukan suatu shellcode, shellcode inilah yang menjadi suatu amunisi dari tool exploit. Tool exploit bukan hal yang asing oleh seseorang yang menjadi praktisi keamanan. Tool ini bisa digunakan untuk menguji keamanan secara legal. Pada training “advanced exploit development” ini kita akan membahas dan mengupas bagaimana seorang praktisi keamanan mencari celah keamanan, membuat dan mengembangkan exploit. Copyright By Hatsecure Advanced Exploit Development
0x01 Classic Stack Overflow Objective • Memahami konsep stack overflow • Memahami metode debugging • Memahami metode fuzzing atau fuzz testing • Mampu mengeksploitasi celah stack overflow Overview Celah basis stack overflow terjadi ketika software melakukan penulisan data melebihi kapasitas buffer. Sehingga data yang melebihi tersebut akan merubah nilai yang ada dalam register memory. Contoh source code yang memiliki celah stack overflow : Source code diatas ketika kita kompilasi dan eksekusi.Kita hanya dapat mengisi data maksimal 20 karakter dan apabila lebih dari 20 karakter, data yang kita masukkan akan merubah nilai yang ada dalam register memory. Exercise Cobalah untuk mengulang hingga memahami konsep dan eksploitasi stack overflow Copyright By Hatsecure Advanced Exploit Development #include <stdio.h> int main(){ char data[20]; printf(“Masukkan data : “); gets(data); return 0; }

Empfohlen

Linux 101-hacks
Linux 101-hacksLinux 101-hacks
Linux 101-hacks
shekarkcb
 
Cisco routers for the small business a practical guide for it professionals...
Cisco routers for the small business a practical guide for it professionals...Cisco routers for the small business a practical guide for it professionals...
Cisco routers for the small business a practical guide for it professionals...
Mark Smith
 
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdfBlack_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Boucif David
 
Sqlmap readme
Sqlmap readmeSqlmap readme
Sqlmap readme
fangjiafu
 
Crypto101
Crypto101Crypto101
Crypto101
mustafa sarac
 
Www.dedoimedo.com crash-book
Www.dedoimedo.com crash-bookWww.dedoimedo.com crash-book
Www.dedoimedo.com crash-book
Susant Sahani
 
digital marketing training in bangalore
digital marketing training in bangaloredigital marketing training in bangalore
digital marketing training in bangalore
Venus Tech Inc.
 
Dgs3612 g cli_dna
Dgs3612 g cli_dnaDgs3612 g cli_dna
Dgs3612 g cli_dna
maqc8321
 

Empfohlen

Linux 101-hacks
Linux 101-hacksLinux 101-hacks
Linux 101-hacks
shekarkcb
 
Cisco routers for the small business a practical guide for it professionals...
Cisco routers for the small business a practical guide for it professionals...Cisco routers for the small business a practical guide for it professionals...
Cisco routers for the small business a practical guide for it professionals...
Mark Smith
 
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdfBlack_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Boucif David
 
Sqlmap readme
Sqlmap readmeSqlmap readme
Sqlmap readme
fangjiafu
 
Crypto101
Crypto101Crypto101
Crypto101
mustafa sarac
 
Www.dedoimedo.com crash-book
Www.dedoimedo.com crash-bookWww.dedoimedo.com crash-book
Www.dedoimedo.com crash-book
Susant Sahani
 
digital marketing training in bangalore
digital marketing training in bangaloredigital marketing training in bangalore
digital marketing training in bangalore
Venus Tech Inc.
 
Dgs3612 g cli_dna
Dgs3612 g cli_dnaDgs3612 g cli_dna
Dgs3612 g cli_dna
maqc8321
 
Odoo development
Odoo developmentOdoo development
Odoo development
Ramzi Hajjaji
 
Understand
UnderstandUnderstand
Understand
Kalimuthu Velappan
 
Windows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamWindows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By Veeam
Kesavan Munuswamy
 
Apache Web server Complete Guide
Apache Web server Complete GuideApache Web server Complete Guide
Apache Web server Complete Guide
webhostingguy
 
D space manual
D space manualD space manual
D space manual
Bibliounivbtn
 
Plesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIXPlesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIX
webhostingguy
 
Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide
aktivfinger
 
Help
HelpHelp
Help
Aline Freitas
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guide
qqlan
 
Novell login documentation and troubleshooting
Novell login documentation and troubleshootingNovell login documentation and troubleshooting
Novell login documentation and troubleshooting
Children's Hospitals and Clinics
 
Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403
SMKF Plus Bani Saleh
 
Ssl2
Ssl2Ssl2
Ssl2
karthickmsit
 
MONGODB
MONGODBMONGODB
MONGODB
Michael Wu
 
Algoritmicx
AlgoritmicxAlgoritmicx
Algoritmicx
nesrine000
 
Manual flacs
Manual flacsManual flacs
Manual flacs
Gustavo Adolfo Tueros Romero
 
Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500
Banking at Ho Chi Minh city
 
Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2
Romildo Silva
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
qqlan
 
Snort manual
Snort manualSnort manual
Snort manual
Miguel A. Gómez Álvarez
 
Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)
Dan H
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit Research
Dan H
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment system
Dan H
 

Weitere ähnliche Inhalte

Was ist angesagt?

Apache Web server Complete Guide
Apache Web server Complete GuideApache Web server Complete Guide
Apache Web server Complete Guide
webhostingguy
 
Plesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIXPlesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIX
webhostingguy
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guide
qqlan
 
Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403
SMKF Plus Bani Saleh
 
Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500
Banking at Ho Chi Minh city
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
qqlan
 

Was ist angesagt? (19)

Odoo development
Odoo developmentOdoo development
Odoo development
 
Understand
UnderstandUnderstand
Understand
 
Windows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamWindows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By Veeam
 
Apache Web server Complete Guide
Apache Web server Complete GuideApache Web server Complete Guide
Apache Web server Complete Guide
 
D space manual
D space manualD space manual
D space manual
 
Plesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIXPlesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIX
 
Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide
 
Help
HelpHelp
Help
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guide
 
Novell login documentation and troubleshooting
Novell login documentation and troubleshootingNovell login documentation and troubleshooting
Novell login documentation and troubleshooting
 
Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403
 
Ssl2
Ssl2Ssl2
Ssl2
 
MONGODB
MONGODBMONGODB
MONGODB
 
Algoritmicx
AlgoritmicxAlgoritmicx
Algoritmicx
 
Manual flacs
Manual flacsManual flacs
Manual flacs
 
Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500
 
Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
 
Snort manual
Snort manualSnort manual
Snort manual
 

Andere mochten auch

Workshop tp link router & open wrt
Workshop tp link router & open wrtWorkshop tp link router & open wrt
Workshop tp link router & open wrt
Dan H
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniques
guest66dc5f
 
Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007
Stephan Chenette
 

Andere mochten auch (20)

Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit Research
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment system
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security Analysis
 
Advanced exploit development
Advanced exploit developmentAdvanced exploit development
Advanced exploit development
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentest
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
Materi Vulnerability Development
Materi Vulnerability DevelopmentMateri Vulnerability Development
Materi Vulnerability Development
 
Workshop 101 - Penetration testing & Vulnerability Assessment
Workshop 101 - Penetration testing & Vulnerability AssessmentWorkshop 101 - Penetration testing & Vulnerability Assessment
Workshop 101 - Penetration testing & Vulnerability Assessment
 
Workshop tp link router & open wrt
Workshop tp link router & open wrtWorkshop tp link router & open wrt
Workshop tp link router & open wrt
 
Exploiting arm linux
Exploiting arm linuxExploiting arm linux
Exploiting arm linux
 
Welcome to the United States: An Acculturation Conversation
Welcome to the United States: An Acculturation ConversationWelcome to the United States: An Acculturation Conversation
Welcome to the United States: An Acculturation Conversation
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined Networks
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniques
 
VMRay intro video
VMRay intro videoVMRay intro video
VMRay intro video
 
Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007
 
Alur attacking web (sisi client)
Alur attacking web (sisi client)Alur attacking web (sisi client)
Alur attacking web (sisi client)
 
Code obfuscation, php shells & more
Code obfuscation, php shells & moreCode obfuscation, php shells & more
Code obfuscation, php shells & more
 

Ähnlich wie Syllabus Advanced Exploit Development 22-23 June 2013

IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM India Smarter Computing
 
Introducing and Implementing IBM FlashSystem V9000
Introducing and Implementing IBM FlashSystem V9000Introducing and Implementing IBM FlashSystem V9000
Introducing and Implementing IBM FlashSystem V9000
Michael Martin
 
Mx Odbc
Mx OdbcMx Odbc
Mx Odbc
fire9
 
IBM Flex System Interoperability Guide
IBM Flex System Interoperability GuideIBM Flex System Interoperability Guide
IBM Flex System Interoperability Guide
IBM India Smarter Computing
 

Ähnlich wie Syllabus Advanced Exploit Development 22-23 June 2013 (20)

Cisco Virtualization Experience Infrastructure
Cisco Virtualization Experience InfrastructureCisco Virtualization Experience Infrastructure
Cisco Virtualization Experience Infrastructure
 
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
 
Introducing and Implementing IBM FlashSystem V9000
Introducing and Implementing IBM FlashSystem V9000Introducing and Implementing IBM FlashSystem V9000
Introducing and Implementing IBM FlashSystem V9000
 
Red paper
Red paperRed paper
Red paper
 
Ibm power systems e870 and e880 technical overview and introduction
Ibm power systems e870 and e880 technical overview and introductionIbm power systems e870 and e880 technical overview and introduction
Ibm power systems e870 and e880 technical overview and introduction
 
redp5222.pdf
redp5222.pdfredp5222.pdf
redp5222.pdf
 
Intel добавит в CPU инструкции для глубинного обучения
Intel добавит в CPU инструкции для глубинного обученияIntel добавит в CPU инструкции для глубинного обучения
Intel добавит в CPU инструкции для глубинного обучения
 
AIX 5L Differences Guide Version 5.3 Edition
AIX 5L Differences Guide Version 5.3 EditionAIX 5L Differences Guide Version 5.3 Edition
AIX 5L Differences Guide Version 5.3 Edition
 
IBM Power 770 and 780 Technical Overview and Introduction
IBM Power 770 and 780 Technical Overview and IntroductionIBM Power 770 and 780 Technical Overview and Introduction
IBM Power 770 and 780 Technical Overview and Introduction
 
sg246506
sg246506sg246506
sg246506
 
Java web programming
Java web programmingJava web programming
Java web programming
 
IBM BladeCenter Products and Technology
IBM BladeCenter Products and TechnologyIBM BladeCenter Products and Technology
IBM BladeCenter Products and Technology
 
java web_programming
java web_programmingjava web_programming
java web_programming
 
IBM zEnterprise 114 Technical Guide
IBM zEnterprise 114 Technical GuideIBM zEnterprise 114 Technical Guide
IBM zEnterprise 114 Technical Guide
 
Mx Odbc
Mx OdbcMx Odbc
Mx Odbc
 
Sg248107 Implementing the IBM Storwize V3700
Sg248107 Implementing the IBM Storwize V3700Sg248107 Implementing the IBM Storwize V3700
Sg248107 Implementing the IBM Storwize V3700
 
Implementing the ibm storwize v3700
Implementing the ibm storwize v3700Implementing the ibm storwize v3700
Implementing the ibm storwize v3700
 
IBM Power 750 and 760 Technical Overview and Introduction
IBM Power 750 and 760 Technical Overview and IntroductionIBM Power 750 and 760 Technical Overview and Introduction
IBM Power 750 and 760 Technical Overview and Introduction
 
IBM Flex System Interoperability Guide
IBM Flex System Interoperability GuideIBM Flex System Interoperability Guide
IBM Flex System Interoperability Guide
 
C++ annotations version
C++ annotations versionC++ annotations version
C++ annotations version
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Kürzlich hochgeladen (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Syllabus Advanced Exploit Development 22-23 June 2013

  • 1. HATSECURE TRAINING #SESSION-1 ADVANCED EXPLOIT DEVELOPMENT Danang Heriyadi danang@hatsecure.com Copyright By Hatsecure Advanced Exploit Development
  • 2. Disclaimer Dilarang merubah isi modul dan menggandakan modul ini tanpa seijin penulis Copyright By Hatsecure Copyright By Hatsecure Advanced Exploit Development
  • 3. Table of Contents Introduction......................................................................................................... 1 0x01 Classic stack overflow....................................................................... 2 Objective................................................................................................ 2 Overview.................................................................................................... 2 Exercise....................................................................................................... 2 Free float FTP Vulnerability................................................................... 3 Fuzzing : Crash the service............................................................... 3 Fuzzing : Finding the Right Offset to EIP.......................................... 3 Controlling the EIP........................................................................... 3 Take over the victim.......................................................................... 3 Conclusion.............................................................................................. 3 0x02 Bypassing Structured Exception Handling.................................. 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Structured Exception Handling......................................................... 3 SEH / Safe SEH Bypassing Theory.................................................... 3 Testing SEH / SafeSEH protection.................................................... 3 Exercise............................................................................................. 3 All Media Server Vulnerability................................................................ 3 Module intruction mapping................................................................ 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing Data Exception Prevention.......................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Copyright By Hatsecure Advanced Exploit Development
  • 4. Data Exception Prevention................................................................ 3 DEP Bypassing theory....................................................................... 3 Testing DEP Protection..................................................................... 3 Case Of study : Sami FTP Vulnerability................................................. 3 Return Oriented Programming.......................................................... 3 Defeating DEP with ROP.................................................................. 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing ASLR in windows 7......................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Address Space Layout Randomization.............................................. 3 ASLR bypass theory.......................................................................... 3 0x04 Heap Memory Exploitation............................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Heap Memory Layout........................................................................ 3 Case Of Study : Heap Spraying Internet Explorer................................. 3 Heap Spray Technique....................................................................... 3 Triggering Vulnerability..................................................................... 3 Returning into heap buffer................................................................ 3 Conclusion.............................................................................................. 3 0x05 Metasploit Module Development................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Convert your exploit to metasploit module...................................... 3 Copyright By Hatsecure Advanced Exploit Development
  • 5. 0x06 Shellcode Development..................................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Software Required............................................................................ 3 Windows API.................................................................................... 3 Static Shellcode Writing......................................................................... 3 Message Box..................................................................................... 3 Windows Execute............................................................................. 3 Combination shellcode...................................................................... 3 Convert your shellcode to metasploit module................................. 3 Shellcode Injection with metasploit....................................................... 3 Reporting................................................................................................ 3 Copyright By Hatsecure Advanced Exploit Development
  • 6. Introduction Exploit adalah suatu script yang menyerang melalui celah keamanan komputer secara spesifik. Dalam exploit terkadang ditemukan suatu shellcode, shellcode inilah yang menjadi suatu amunisi dari tool exploit. Tool exploit bukan hal yang asing oleh seseorang yang menjadi praktisi keamanan. Tool ini bisa digunakan untuk menguji keamanan secara legal. Pada training “advanced exploit development” ini kita akan membahas dan mengupas bagaimana seorang praktisi keamanan mencari celah keamanan, membuat dan mengembangkan exploit. Copyright By Hatsecure Advanced Exploit Development
  • 7. 0x01 Classic Stack Overflow Objective • Memahami konsep stack overflow • Memahami metode debugging • Memahami metode fuzzing atau fuzz testing • Mampu mengeksploitasi celah stack overflow Overview Celah basis stack overflow terjadi ketika software melakukan penulisan data melebihi kapasitas buffer. Sehingga data yang melebihi tersebut akan merubah nilai yang ada dalam register memory. Contoh source code yang memiliki celah stack overflow : Source code diatas ketika kita kompilasi dan eksekusi.Kita hanya dapat mengisi data maksimal 20 karakter dan apabila lebih dari 20 karakter, data yang kita masukkan akan merubah nilai yang ada dalam register memory. Exercise Cobalah untuk mengulang hingga memahami konsep dan eksploitasi stack overflow Copyright By Hatsecure Advanced Exploit Development #include <stdio.h> int main(){ char data[20]; printf(“Masukkan data : “); gets(data); return 0; }