Time for another weekly round-up of interesting links!
I’ll kick this one off with a very interesting blog about bypassing ASLR on 64 bit systems using ELF auxilliary vectors by Reno Robert. This technique leaks the address of the VDSO (Virtual Dynamic Shared Object). The VDSO can then be used as a source for ROP gadgets. The entire process of writing a functioning exploit is described in great detail, with a proof-of-concept in
python. Furthermore, the author notes that the address of VDSO is not very random, making bruteforcing an option even on 64 bit systems. Very nice read, very detailed!
I’d like to follow up this exploitation goodness with a link to Google’s Project Zero blog: Finding and exploiting ntpd vulnerabilities by Stephen Röttger. This is a really in-depth story about fuzzing the NTPD daemon, coming up with something that barely looks like a vulnerability and through pure persistence, turning it into a full exploit. Amazing stuff!
If you like wargames, this one is sure to get your blood pumping: Drifter over at Overthewire is online! It’s a wargame along the lines of Vortex, which I’ve started playing this week. If you want to learn about binary exploitation, overthewire is the place to start!
The folks over at rapid7 have now officially said farewell to msfpayload & msfencode. These awesome tools are being superseded by
msfvenom. This blog post gives a basic rundown of the new tool and five good examples of it’s usage. Further documentation about
msfvenom can be found on rapid7’s github.
Some things to look forward to in the land of VulnHub VMs: c0ne is currently making a VM focused on binary exploitation. I can say from first hand that these binaries are really fun to exploit! Furthermore, strata’s VM is being beta-tested and is due soon.
Finally, VulnHub’s birthday is coming up. A little mouse told me there might just be a new competition coming…