Syllabus Advanced Exploit Development 22-23 June 2013
1 like2,145 views
The document outlines a training module on advanced exploit development by HatSecure, focusing on topics such as stack overflow, bypassing security mechanisms, heap memory exploitation, and shellcode development. It includes detailed objectives, overviews, exercises, and conclusions for each section, emphasizing the importance of understanding and exploiting security vulnerabilities. The training aims to equip security practitioners with skills to identify and exploit security weaknesses effectively.
![0x01 Classic Stack Overflow
Objective
• Memahami konsep stack overflow
• Memahami metode debugging
• Memahami metode fuzzing atau fuzz testing
• Mampu mengeksploitasi celah stack overflow
Overview
Celah basis stack overflow terjadi ketika software melakukan penulisan data
melebihi kapasitas buffer. Sehingga data yang melebihi tersebut akan merubah
nilai yang ada dalam register memory.
Contoh source code yang memiliki celah stack overflow :
Source code diatas ketika kita kompilasi dan eksekusi.Kita hanya dapat mengisi
data maksimal 20 karakter dan apabila lebih dari 20 karakter, data yang kita
masukkan akan merubah nilai yang ada dalam register memory.
Exercise
Cobalah untuk mengulang hingga memahami konsep dan eksploitasi stack
overflow
Copyright By Hatsecure Advanced Exploit Development
#include <stdio.h>
int main(){
char data[20];
printf(“Masukkan data : “);
gets(data);
return 0;
}](https://image.slidesharecdn.com/advancedexploitdevelopment-130620081905-phpapp02/85/Syllabus-Advanced-Exploit-Development-22-23-June-2013-7-320.jpg)
Syllabus Advanced Exploit Development 22-23 June 2013
- 1. HATSECURE TRAINING #SESSION-1 ADVANCED EXPLOIT DEVELOPMENT Danang Heriyadi [email protected] Copyright By Hatsecure Advanced Exploit Development
- 2. Disclaimer Dilarang merubah isi modul dan menggandakan modul ini tanpa seijin penulis Copyright By Hatsecure Copyright By Hatsecure Advanced Exploit Development
- 3. Table of Contents Introduction......................................................................................................... 1 0x01 Classic stack overflow....................................................................... 2 Objective................................................................................................ 2 Overview.................................................................................................... 2 Exercise....................................................................................................... 2 Free float FTP Vulnerability................................................................... 3 Fuzzing : Crash the service............................................................... 3 Fuzzing : Finding the Right Offset to EIP.......................................... 3 Controlling the EIP........................................................................... 3 Take over the victim.......................................................................... 3 Conclusion.............................................................................................. 3 0x02 Bypassing Structured Exception Handling.................................. 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Structured Exception Handling......................................................... 3 SEH / Safe SEH Bypassing Theory.................................................... 3 Testing SEH / SafeSEH protection.................................................... 3 Exercise............................................................................................. 3 All Media Server Vulnerability................................................................ 3 Module intruction mapping................................................................ 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing Data Exception Prevention.......................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Copyright By Hatsecure Advanced Exploit Development
- 4. Data Exception Prevention................................................................ 3 DEP Bypassing theory....................................................................... 3 Testing DEP Protection..................................................................... 3 Case Of study : Sami FTP Vulnerability................................................. 3 Return Oriented Programming.......................................................... 3 Defeating DEP with ROP.................................................................. 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing ASLR in windows 7......................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Address Space Layout Randomization.............................................. 3 ASLR bypass theory.......................................................................... 3 0x04 Heap Memory Exploitation............................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Heap Memory Layout........................................................................ 3 Case Of Study : Heap Spraying Internet Explorer................................. 3 Heap Spray Technique....................................................................... 3 Triggering Vulnerability..................................................................... 3 Returning into heap buffer................................................................ 3 Conclusion.............................................................................................. 3 0x05 Metasploit Module Development................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Convert your exploit to metasploit module...................................... 3 Copyright By Hatsecure Advanced Exploit Development
- 5. 0x06 Shellcode Development..................................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Software Required............................................................................ 3 Windows API.................................................................................... 3 Static Shellcode Writing......................................................................... 3 Message Box..................................................................................... 3 Windows Execute............................................................................. 3 Combination shellcode...................................................................... 3 Convert your shellcode to metasploit module................................. 3 Shellcode Injection with metasploit....................................................... 3 Reporting................................................................................................ 3 Copyright By Hatsecure Advanced Exploit Development
- 6. Introduction Exploit adalah suatu script yang menyerang melalui celah keamanan komputer secara spesifik. Dalam exploit terkadang ditemukan suatu shellcode, shellcode inilah yang menjadi suatu amunisi dari tool exploit. Tool exploit bukan hal yang asing oleh seseorang yang menjadi praktisi keamanan. Tool ini bisa digunakan untuk menguji keamanan secara legal. Pada training “advanced exploit development” ini kita akan membahas dan mengupas bagaimana seorang praktisi keamanan mencari celah keamanan, membuat dan mengembangkan exploit. Copyright By Hatsecure Advanced Exploit Development
- 7. 0x01 Classic Stack Overflow Objective • Memahami konsep stack overflow • Memahami metode debugging • Memahami metode fuzzing atau fuzz testing • Mampu mengeksploitasi celah stack overflow Overview Celah basis stack overflow terjadi ketika software melakukan penulisan data melebihi kapasitas buffer. Sehingga data yang melebihi tersebut akan merubah nilai yang ada dalam register memory. Contoh source code yang memiliki celah stack overflow : Source code diatas ketika kita kompilasi dan eksekusi.Kita hanya dapat mengisi data maksimal 20 karakter dan apabila lebih dari 20 karakter, data yang kita masukkan akan merubah nilai yang ada dalam register memory. Exercise Cobalah untuk mengulang hingga memahami konsep dan eksploitasi stack overflow Copyright By Hatsecure Advanced Exploit Development #include <stdio.h> int main(){ char data[20]; printf(“Masukkan data : “); gets(data); return 0; }