How exploits and payloads work

[ampakine]

The concept of exploits and payloads is confusing me a bit. I know that a vulnerability is an aspect of a program that an attacker can take advantage of but how exactly does that work and in what way does the attacker take advantage of it? From what I read an exploit is a program that uses a vulnerability to gain elevated privileges. Can you gimme an example of how this works?

[r-ID]

Let's speak about BOF, the idea of BOF is to copy some data out of buffer. If memcpy (or any similar function) copies more data then the buffer can hold then other parts of the memory gets overwritten. So you can construct such a data that you override return pointer (return pointer is memory address which gets execution after function returns). When function returns, the data you put on the buffer gets executed as a code. Usually you don't want to crash a program so after your shell-code is executed you return to the memory address in which function was supposed to return, So it looks like nothing happened, except that your code were executed You are not gaining more privileges, you are gaining privileges of the process you are exploiting. If you need more privileges you have to use privilege escalation exploits. Local privilege exploits tries to exploit a process with more privileges, it may use BOF technique or some kind of logic error.

Example of privilege escalation: there is a process with root privileges, it read .commands file and executes it. Unfortunately that file has buggy permissions and everyone can write to that file. So you write to that file a command to run back shell or to create a user with more privileges, anything you can think of, even "rm -rf /"
BOF can be used too.

I hope i was clear enough

[ampakine]

Thanks a lot! I had no idea what a buffer overflow was until now. So in this case is the buffer overflow the exploit and whatever code (which gets executed when the function returns) you write into the excess data the payload? I suppose I need to get experience with programming with a high level language to start gaining a deep understanding of all this. I have a fair bit of experience programming server side scripts but haven't got into programming applications yet.

[mShred]

You might wanna look into mid and maybe even low-level language afterwards, because that's how MOST exploits are written. Nevertheless you could write exploits in any language.

[r-ID]

Looks like you understood basic principles of BOF. The very basic sample i have seen was a simple c program which takes command line argument as a parameter and does only one thing, copy to the buffer your argument (few lines of code). Very easy to understand and very easy to try it yourself. Google for such example. I do recommend to use linux in this case, you can enter your exploit and payload directly from the console as a parameter . It may involve some debugging techniques, so tutorial would be good. I'm too lazy to search for it

Knowledge required: ASM - beginner,
any non interpreted programming language - begginer.

Oh and btw, learn c, a lot of exploits are written in c, and you can do a lot of hacking in c. It's one of the best programming language to understand how programs really work, high level programming languages can't give you that. ASM is even better but it's too far advanced for the beginner.You can learn asm after good knowledge in c. Later, when you need something more advanced learn higher level programming language, because it's the key to make code effective in less time.

Good luck with your learning, don't rush.

[star14]

Hei there,

I just want to share a great book that you could use in your learning process. You might have heard about this book titled "Hacking: The art of exploitation 2nd Edition" by Jon Erickson. This book not only teaches you about various exploitation techniques but also gives you in dept understanding on how the exploit actually work by teaching you how to debug the program/exploit and look at the computer memory. From this book you would expect to learn some degree of programming in C and Assembly (the writer also write a bit on perl), debugging, networking and also cryptology.

In my opinion, this book is great for beginner to gain the basic foundation to become a security professional/hacker as the writer use a hands-on method in teaching the concept to the reader. I am actually using this book as my guideline so that I will not running around listening to all the tutorial i can find without exactly know what I want to know specifically.

You should take a look at the book and have a fun with it. After all, hacking is about gaining the knowledge and apply it in a "different" way that no one has ever expected.

I am here to learn so correct me if I am wrong.

Regards
Star