Learn, hack!

URL

http://dewy.fem.tu-ilmenau.de/CCC/22C3/audio/mp3/22C3-553-en-syscall_proxying.mp3

File name

22C3-553-en-syscall_proxying.mp3

File size

22.3 MB

MD5

c0db44bbeb2bbd9deb7d8530987a400a

SHA1

a0e865be32f253124fb593b2f59a3f5d0b00498f

This talk is about how using syscall proxying technique for envolved attacks or other distributed applications. It includes source code examples like shellcodes, tools and a poc rootkit using this technique. This talk will be submited first at 0sec, a private security event we organize in switzerland in october. Since long time hackers are searching way to execute code on hosts through different types of vulnerabilities. The shellcode is one of the master part of a successfull exploitation. Making reliable exploit working in the wild with "universal" payload is the goal of every exploit writer. Syscall proxying is a technique which was introduced by Maximiliano Caceres (CORE SDI) which can provide a real remote interface to the host's kernel. The goal is writing universal "agents" to create all you can imagine locally but running it remotly. The best part of the syscall proxying technique is the attacker tools are locally stored but remotely executed through the payload. During this talk Casek will introduce this technique and his own implementation of syscall proxy shellcodes and tools. Different type of payloads, a library, tools and a proof of concept lightweight rootkit will be presented. He will discuss exploiting vulnerabilities with this goal: exploiting, privilege escalation if needed, rootkiting (remotly infecting processes or patching on the fly the kernel), covering traces etc... all in one time.