This talk is about how using syscall proxying technique for envolved attacks or other distributed applications. It includes source code examples like shellcodes, tools and a poc rootkit using this technique. This talk will be submited first at 0sec, a private security event we organize in switzerland in october. Since long time hackers are searching way to execute code on hosts through different types of vulnerabilities. The shellcode is one of the master part of a successfull exploitation. Making reliable exploit working in the wild with "universal" payload is the goal of every exploit writer. Syscall proxying is a technique which was introduced by Maximiliano Caceres (CORE SDI) which can provide a real remote interface to the host's kernel. The goal is writing universal "agents" to create all you can imagine locally but running it remotly. The best part of the syscall proxying technique is the attacker tools are locally stored but remotely executed through the payload. During this talk Casek will introduce this technique and his own implementation of syscall proxy shellcodes and tools. Different type of payloads, a library, tools and a proof of concept lightweight rootkit will be presented. He will discuss exploiting vulnerabilities with this goal: exploiting, privilege escalation if needed, rootkiting (remotly infecting processes or patching on the fly the kernel), covering traces etc... all in one time.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.