 |
 |
 |
 |
|
|
|
In this text we describe how to write a shellcode for new JIT-Spray attacks and make universal
STAGE 0 shellcode that gives control to any common shellcode from MetaSploit, for example.
Author: Alexey Sintsov
|
Attacks on clients’ browsers have always been the real threat for everyone. And here
vulnerabilities have been not only in the browser but also in plug-ins. Bank-clients, business
software, antivirus software – all of them use ActiveX (for IE) for clients and here have been and
are still many vulnerabilities. Vendors make steps to defend us from it. Software vendors patch
vulnerabilities and OS vendors use new mechanisms to prevent attacks at all. But security
researchers are trying to find way to bypass these mechanisms. The new versions of browsers
(Internet Explorer 8 and FireFox 3.5) use permanent DEP. And the new versions of OS use the
ASLR mechanism. All this makes the old methods of attacks impossible. But on BlackHat DC
2010 the interesting way to bypass DEP and ASLR in browsers (not only) and Just-In-Time
compilers was presented. This method is called JIT-SPRAY. But here was no one public PoC untill now.
Writing JIT-Spray Shellcode for fun and profit.pdf, 465 KB
|
|
 |
 |
 |
 |
|
|
|
