What considerations go into building reliable
exploits? Some things that need to be considered include
??? Stack predictability
??? Heap predictability
??? Reliable shellcode placement
??? Application stability following exploitation
We will take a look at some of these issues and discuss ways to address them.
Chapter 18: From Vulnerability to Exploit
467
PART IV
Gray Hat Hacking: The Ethical Hacker??™s Handbook
468
Stack Predictability
Traditional buffer overflows depend on overwriting a saved return address on the program
stack, causing control to transfer to a location of the attacker??™s choosing when the
vulnerable function completes and restores the instruction pointer from the stack. In
these cases, injecting shellcode into the stack is generally less of a problem than determining
a reliable ???return??? address to use when overwriting the saved instruction
pointer. Many attackers have developed a successful exploit and patted themselves on
the back for a job well done, only to find that the same exploit fails when attempted a
second time. In other cases, an exploit may work several times, then stop working for
some time, then resume working with no apparent explanation. Anyone who has written
exploits against software running on recent (later than 2.
Pages:
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819