GrrCON 2012 – Alexander Chaveriat – I Think Therefore I PwN

Description: Synopsis: This talk will cover a wide range of skills targeted toward a specific purpose… to hack software. The talk will cover from concept to creation (bug to exploit) it will also cover the steps and mindset needed to overcome obstacles when exploiting software. The presentation will include LIVE demo (with pre-recorded videos as backup). The presentation will include the following: Discover and identify a suspect service (Example for this talk will be a propriety TFTP service I found during a penetration test). We will touch on what hints to look for to identify potential vulnerable services (custom code, in-house built apps, etc) •Research the protocol and data schema of identified service •Fuzz the service/protocol to create a crash while observing the service in a debugger (using Spike/ollydbg) •Observe the crash, identify what the crash means to us as an attacker and create a plan for next steps This will talk through the assembly registers and how they work (little 101 on asm) •Next write a skeleton script that will crash the service and give us more information (like what bytes control EIP) •Overcome the issue of having a small buffer (think outside the box) •Basic metasploit payload generation and integrate it with our python script •Successful exploit and bind shell … profit There will also be a “PwN” package that will be available .


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s