Futaba _ Webs πΈπΈππΈπΈ
RCE Binary Injection πΈπΈππΈπΈ
Today, Iβm going to dive further into binary injection exploits, and cover how to exploit them for RCE, remote code execution. Iβm also going to show you how to use one of the most common tools that is used to analyze code flow as well as binary applications overall which is the GDB debugger. Iβll explain a bit about what that is as well.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today, Iβm going to dive further into binary injection exploits, and cover how to exploit them for RCE, remote code execution. Iβm also going to show you how to use one of the most common tools that is used to analyze code flow as well as binary applications overall which is the GDB debugger. Iβll explain a bit about what that is as well.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π Why is RCE with Buffer Overflow Important? π What is the GDB Debugger? You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version
π RCE Binary Injection
Premise πΈπΈππΈπΈ
Last time, I showed you how to exploit vulnerable functions inside of a program via end user input in order to call other functions within the program via memory EVEN if the function is NEVER explicitly called in the program itself. This was to highlight the dangers of leaving vulnerable code within an application and how it can be exploited by threat actors to execute it which can be problematic if youβve left stuff like backdoors in the code that the threat actor can easily piggyback off of to compromise internal infrastructures.
This time around, we are going to take it a step further and exploit the overall application to have it perform ANY form of RCE that we want against a target application whether it be in plain text format or binary format.
This is a CRUCIAL skill to master, as youβll often run into various CTF challenges that require you to know binary exploitation, as well as overall in general if you are running some security tests. It overall comes in handy if youβre just a hacker in general and is a STAPLE skill to master. Youβll go a long way, ESPECIALLY if you plan to do forensic with this skill set.
Why is RCE with Buffer Overflow Important? πΈπΈππΈπΈ
There are situations where web application servers will have a program with a service running binded to a port. When you connect to it, the program will run. In some cases, youβll run into a situation where the program will ask you for user input, which is a common thing. You can fuzz it like how I showed you in previous examples to trigger a segmentation fault which can result in you landing RCE against the server side application, potentially a lot more if you can secure the source code for the application.
To give you a better example of what I mean, run the following command nc canyouhack.us 1985.
THIS IS A CHALLENGE IS FROM βSECURITY INNOVATIONβ THAT HOSTS THE βCANYOUHACK.USβ CHALLENGE WHICH HOSTS A BINARY EXPLOITATION SERVER LEGAL FOR TESTING. YOU CAN LOOK THIS UP BEFORE YOU RUN THE COMMAND
Next, if you run some input youβll notice it will close. You canβt see the end user output from the command due to security, BUT, they leave you the source code for the challenge when you go to it, which you can test against. There are vulnerable sections in the code where you can exploit it to send you the flag to solve the challenge. You have to pipe it over the nc command which you can do with certain tools of course.
What is the GDB Debugger? πΈπΈππΈπΈ
This is one of the most commonly used tools for binary exploitation, whether the code is in direct plain text format, or binary format such as an executable like a .exe file that you commonly see on windows. When you try to open one of those, should you try to do so, youβll notice all the code is garbled and is in what is known as binary format.
Using a debugger you can analyze all the code flow and function calls on a lower lever, in some cases, being able to retrieve the code itself (minus comments as those are removed when the program is compiled), allowing you to find weak points in order to exploit the program.
Iβll be covering some of the basic commands and options, as well as explain what they do.
I RECOMMEND THAT YOU LEARN MORE ABOUT βSTACKSβ AND βREGISTERSβ VIA ASSEMBLY, AS THIS WILL ALLOW YOU TO BETTER UNDERSTAND WHAT IβM TALKING ABOUT ON A LOWER LEVEL.
Iβm still going to explain everything and keep it simple, but if youβre still lost, I recommend that you look this stuff up.
BEFORE WE START, I RECOMMEND YOU COVER MY LAST VIDEO ON THE BASICS OF BINARY EXPLOITATION. WE ARE STICKING WITH 64 BIT AS THIS IS WHAT IS COMMONLY USED TODAY!
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
