This requires that we understand how child processes inherit their input/
output file descriptors from their parents. Regardless of the operating system that we are
targeting, processes are provided three open files when they start. These files are typically
referred to as the standard input (stdin), standard output (stdout), and standard error
(stderr) files. On Unix systems, these are represented by the integer file descriptors 0, 1,
and 2, respectively. Interactive command shells use stdin, stdout, and stderr to interact
with their users. As an attacker you must ensure that before you create a shell process, you
have properly set up your input/output file descriptor(s) to become the stdin, stdout, and
stderr that will be utilized by the command shell once it is launched.
Port Binding Shellcode
When attacking a vulnerable networked application, it will not always be the case that
simply execing a shell will yield the results we are looking for. If the remote application
closes our network connection before our shell has been spawned, we will lose our
means to transfer data to and from the shell. In other cases we may use UDP datagrams
to perform our initial attack but, due to the nature of UDP sockets, we can??™t use them to
communicate with a shell.
Pages:
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385