Understanding the exact input sequences that trigger
a vulnerability is also an important factor in building the most reliable exploit
possible; you need some degree of certainty that you are triggering the same program
flow each time you run your exploit.
Preconditions and Postconditions
Preconditions are those conditions that must be satisfied in order to properly inject your
shellcode into a vulnerable application. Postconditions are the things that must take place
to trigger execution of your code once it is in place. The distinction is an important one
though not always a clear one. In particular, when relying on fuzzing as a discovery
mechanism, the distinction between the two becomes quite blurred. This is because all
you learn is that you triggered a crash; you don??™t learn what portion of your input caused
the problem, and you don??™t understand how long the program may have executed after
your input was consumed. Static analysis tends to provide the best picture of what conditions
must be met in order to reach the vulnerable program location, and what conditions
must be further met to trigger an exploit. This is because it is common in static
analysis to first locate an exploitable sequence of code, and then work backward to
understand exactly how to reach it and work forward to understand exactly how to trigger
it.
Pages:
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816