Syllabus Advanced Exploit Development 22-23 June 2013

1,623
-1

Published on

Syllabus advanced exploit development
22-23 June 2013

- Fuzzing
- Direct Return
- Smashing Stack
- Bypass mitigation
1. ASLR (Address space layout randomization)
2. SEH (Structured Exception Handling)
3. Safe SEH (Safe Structured Exception Handling)
4. DEP (Data Execution Prevention)

Hari kedua (windows exploit) lebih mantab bro
- Heap spray
- Web browser exploitation (exploit writing for web browser)
- Metasploit Module Development
- Denial Of Service using buffer overflow vulnerability
- Shellcode Development
- Shellcode Injection
- Reporting

www.hatsecure.com

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,623
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
93
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Syllabus Advanced Exploit Development 22-23 June 2013

  1. 1. HATSECURE TRAINING#SESSION-1ADVANCEDEXPLOIT DEVELOPMENTDanang Heriyadidanang@hatsecure.comCopyright By Hatsecure Advanced Exploit Development
  2. 2. DisclaimerDilarang merubah isi modul dan menggandakanmodul ini tanpa seijin penulisCopyright By HatsecureCopyright By Hatsecure Advanced Exploit Development
  3. 3. Table of ContentsIntroduction......................................................................................................... 10x01 Classic stack overflow....................................................................... 2Objective................................................................................................ 2Overview.................................................................................................... 2Exercise....................................................................................................... 2Free float FTP Vulnerability................................................................... 3Fuzzing : Crash the service............................................................... 3Fuzzing : Finding the Right Offset to EIP.......................................... 3Controlling the EIP........................................................................... 3Take over the victim.......................................................................... 3Conclusion.............................................................................................. 30x02 Bypassing Structured Exception Handling.................................. 3Objective................................................................................................ 3Overview........................................................................................... 3Structured Exception Handling......................................................... 3SEH / Safe SEH Bypassing Theory.................................................... 3Testing SEH / SafeSEH protection.................................................... 3Exercise............................................................................................. 3All Media Server Vulnerability................................................................ 3Module intruction mapping................................................................ 3Returning into our shellcode............................................................. 3Conclusion.............................................................................................. 30x03 Bypassing Data Exception Prevention.......................................... 3Objective................................................................................................ 3Overview........................................................................................... 3Copyright By Hatsecure Advanced Exploit Development
  4. 4. Data Exception Prevention................................................................ 3DEP Bypassing theory....................................................................... 3Testing DEP Protection..................................................................... 3Case Of study : Sami FTP Vulnerability................................................. 3Return Oriented Programming.......................................................... 3Defeating DEP with ROP.................................................................. 3Returning into our shellcode............................................................. 3Conclusion.............................................................................................. 30x03 Bypassing ASLR in windows 7......................................................... 3Objective................................................................................................ 3Overview........................................................................................... 3Address Space Layout Randomization.............................................. 3ASLR bypass theory.......................................................................... 30x04 Heap Memory Exploitation............................................................... 3Objective................................................................................................ 3Overview........................................................................................... 3Heap Memory Layout........................................................................ 3Case Of Study : Heap Spraying Internet Explorer................................. 3Heap Spray Technique....................................................................... 3Triggering Vulnerability..................................................................... 3Returning into heap buffer................................................................ 3Conclusion.............................................................................................. 30x05 Metasploit Module Development................................................... 3Objective................................................................................................ 3Overview........................................................................................... 3Convert your exploit to metasploit module...................................... 3Copyright By Hatsecure Advanced Exploit Development
  5. 5. 0x06 Shellcode Development..................................................................... 3Objective................................................................................................ 3Overview........................................................................................... 3Software Required............................................................................ 3Windows API.................................................................................... 3Static Shellcode Writing......................................................................... 3Message Box..................................................................................... 3Windows Execute............................................................................. 3Combination shellcode...................................................................... 3Convert your shellcode to metasploit module................................. 3Shellcode Injection with metasploit....................................................... 3Reporting................................................................................................ 3Copyright By Hatsecure Advanced Exploit Development
  6. 6. IntroductionExploit adalah suatu script yang menyerang melalui celah keamanan komputersecara spesifik. Dalam exploit terkadang ditemukan suatu shellcode, shellcodeinilah yang menjadi suatu amunisi dari tool exploit.Tool exploit bukan hal yang asing oleh seseorang yang menjadi praktisikeamanan. Tool ini bisa digunakan untuk menguji keamanan secara legal.Pada training “advanced exploit development” ini kita akan membahas danmengupas bagaimana seorang praktisi keamanan mencari celah keamanan,membuat dan mengembangkan exploit.Copyright By Hatsecure Advanced Exploit Development
  7. 7. 0x01 Classic Stack OverflowObjective• Memahami konsep stack overflow• Memahami metode debugging• Memahami metode fuzzing atau fuzz testing• Mampu mengeksploitasi celah stack overflowOverviewCelah basis stack overflow terjadi ketika software melakukan penulisan datamelebihi kapasitas buffer. Sehingga data yang melebihi tersebut akan merubahnilai yang ada dalam register memory.Contoh source code yang memiliki celah stack overflow :Source code diatas ketika kita kompilasi dan eksekusi.Kita hanya dapat mengisidata maksimal 20 karakter dan apabila lebih dari 20 karakter, data yang kitamasukkan akan merubah nilai yang ada dalam register memory.ExerciseCobalah untuk mengulang hingga memahami konsep dan eksploitasi stackoverflowCopyright By Hatsecure Advanced Exploit Development#include <stdio.h>int main(){char data[20];printf(“Masukkan data : “);gets(data);return 0;}

×