• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Making an exploit for dep protected app

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
inform45
Just Arrived
Just Arrived


Joined: 18 Dec 2010
Posts: 0


Offline

PostPosted: Sat Dec 18, 2010 11:16 pm    Post subject: Making an exploit for dep protected app Reply with quote

Hello everyone!

Recently I've been learning about vulnerability assessment and finding exploits on Windows systems (I'm very new and inexperienced in the subject). I've been working on small open-source application in which I found a buffer overflow. I've written an exploit which works great in a debugger, but when I executed it in the application outside of the debugger environment it shut down and informed me about the exception in the usual Windows way (no exploit execution). In this first attempt I was able to use EDI pointer to locate the beginning of my exploit so that I don't need to deal with ASLR. EDI pointed to a place in my buffer on a page marked private and non executable (the space was reserved with malloc). After this failed, I managed to influence my ESP pointer to point to the code on the stack (there were only a couple of useful bytes overflowing after the EIP) using return oriented programming. This time, the exploit worked well in the debugger (again) but outside, the application just shut down, no errors no nothing. So I'd like to ask if someone knows if this is actually a DEP behavior and why the thing works in a debugger and not outside it. The next thing I'll try is return-to-lib. Maybe that'll work.

There's one more interesting thing I saw happen for the first time in the debugger. While I was reversing and testing, I've set some breakpoints and ran the program to reach them. The interesting thing was that the program stopped a couple of times on an INT3 instruction (yeah, breakpoint) during the execution. So, does anyone know for what reason might the hardcoded breakpoints in the app be used?

Any and all info or reading material will be greatly appreciated. Thanks.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register