Government Security
Network Security Resources

Jump to content

Photo

Bypassing Stack Cookies, Safeseh, Hw Dep And Aslr

- - - - - windows exploit php shell tutorial
  • Please log in to reply
No replies to this topic

#1 webdevil

webdevil

    Retired GSO General

  • Sergeant Major
  • 1,195 posts

Posted 13 November 2009 - 10:29 PM

This is an article I found very informative.
Should be a good read for exploit writers.

The success of all of these exploits (whether they are based on direct ret overwrite or exception handler structure overwrites) are based on the fact that a reliable return address or pop/pop/ret address must be found, making the application jump to your shellcode. In all of these cases, we were able to find a more or less reliable address in one of the OS dll’s or application dll’s. Even after a reboot, this address stays the same, making the exploit work reliably.

Fortunately for the zillions Windows end-users out there, a number of protection mechanisms have been built-in into the Windows Operating systems.

- Stack cookies (/GS Switch cookie)

- Safeseh (/Safeseh compiler switch)

- Data Execution Prevention (DEP) (software and hardware based)

- Address Space Layout Randomization (ASLR)


http://www.corelan.b...w-dep-and-aslr/





Also tagged with one or more of these keywords: windows, exploit, php, shell, tutorial