1 / 22

Independent Study End of Semester Presentation

Independent Study End of Semester Presentation. ‘Windows Exploitation’ Spring 2014 By: Markus Gaasedelen. Goals of This Study.

enid
Télécharger la présentation

Independent Study End of Semester Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Independent StudyEnd of Semester Presentation ‘Windows Exploitation’ Spring 2014 By: Markus Gaasedelen Windows Exploitation

  2. Goals of This Study ‘… This course will explore the tools, a number of mitigations, and their associated bypass techniques that are utilized in most modern exploits on the Windows platform. The outcome of this course will leave one with the ability to analyze real world vulnerabilities and develop reliable exploits from end to end for Windows XP – Windows 7 systems.’ -Course Abstract Windows Exploitation

  3. Course Details & Materials • http://gaasedelen.blogspot.com/ • My security related blog • Includes extended homework write-ups • http://security.cs.rpi.edu/~gaasem/winexp/ • Includes my course syllabus & plan of study • graded deliverables for the course Windows Exploitation

  4. Deliverable #4 Real bugs, real crashes Windows Exploitation

  5. Deliverable #4 • ‘Unique Bugs & Crashes’ • Find a piece of shareware, or some other application that you feel should have some bugs that aren’t too crazy to discover and see what you can find. Windows Exploitation

  6. Target: Fortissimo http://www.softpedia.com/get/Multimedia/Audio/Audio-Players/Fortissimo.shtml Windows Exploitation

  7. Attack surface • Media files, .mp3 & .wav files • Playlist files • Media Player skins • … others? Windows Exploitation

  8. Dumb fuzzing for crashes Keep it simple stupid Windows Exploitation

  9. Dumb Fuzzing • Given a sample file, change random data in it • Use corrupted files as input to target • ???? • Repeat Windows Exploitation

  10. Visual Representation Sample.mp3 Fortissimo.exe Sample.mp3 Windows Exploitation

  11. Visual Representation Sample.mp3 MiniFuzz.exe Sample.mp3 Fortissimo.exe Sample.mp3 Excuse me, your file is corrupt. Windows Exploitation

  12. Visual Representation SEGFAULT Sample.mp3 MiniFuzz.exe Sample.mp3 Fortissimo.exe Sample.mp3 Windows Exploitation

  13. Using MiniFuzz to Find Bugs Windows Exploitation

  14. Enhance! Windows Exploitation

  15. MiniFuzz output Windows Exploitation

  16. Closer Look at the Crashes • None in Fortissimo … but id3lib.dll? • Wat • Id3lib.dll is the one .dllthat Fortissimo includes Windows Exploitation

  17. What is id3lib.dll? Windows Exploitation

  18. A Crash Windows Exploitation

  19. Another Crash Windows Exploitation

  20. At the Top Level – Fortissimo.exe We crash in this call (ID3_Tag object initialization) Windows Exploitation

  21. id3lib.dll • There must be issues in id3lib.dll’s ability to parse malformed .MP3 headers • Open source! • Start from the ID3_Tag() initialization routine and work your way down, looking for its parsing calls • … or try static analysis tools! • http://sourceforge.net/projects/id3lib/ Windows Exploitation

  22. Conclusion • Dumb fuzzing works, can be slow • Use targeted fuzzing next time (eg. PeachFuzz) • Fortissimo - • Its basic media handling at least stands up to short term dumb fuzzing • I’m sure there’s bugs in the skin & playlist handling • The id3lib.dll library definitely has issues Windows Exploitation

More Related