One such payload, called a system
call proxy, was first publicized by Core Technologies (makers of the Core Impact tool) in
2002. A system call proxy is a small piece of shellcode that enables remote access to a target??™s
core operating system functionality without the need to start a new process like a
command interpreter such as /bin/sh. The proxy code executes in a loop that accepts
one request at a time from the attacker, executes that request on the target computer, and
returns the results of the request to the attacker. All the attacker needs to do is package
requests that specify system calls to carry out on the target, and transmit those requests
to the system call proxy. By chaining many requests and their associated results together,
the attacker can leverage the full power of the system call interface on the target computer
to perform virtually any operation. Because the interface to the system call proxy
can be well defined, it is possible to create a library to handle all of the communications
with the proxy, making the attacker??™s life much easier. With a library to handle all of the
communications with the target, the attacker can write code in higher level languages
such as C that effectively, through the proxy, run on the target computer.
Pages:
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395