Ads Microsoft Windows Heap Based Overflow Exploiting Thursday, 13 October 2005 Summary Presented in this article are several documents discussing Heap based exploitation in Microsoft Windows. The documents present the challenges in heap exploitation and ways to create exploitation more stable. Credit: The original article can be found at: http://www.cybertech.net/~sh0ksh0k/heap/ Details Matt Conover & Oded Horovitz released several documents explaining heap based overflow exploitation in the Microsoft Windows platforms. Heap Based Overflow Exploitation Before Windows XP Service Pack2: Introduction: Heap vulnerabilities become mainstream DCOM (seems to be the inflection point), Messenger, MSMQ, Script Engine. Even experts use some voodoo magic as main ingredient of exploits: * Making a 4-byte overwrite (discussed more later) is a guess work * Failures are not well understood * Available exploits are service pack dependent * Shellcode address is not known, * SEH address varies between service packs * During exception handling, pointer to buffer can be found on the stack (in exception record) * Address of instruction that access the stack is needed, which is SP dependent Findings: * Found several techniques at each stage of a heap overflow that greatly improve reliability * Much greater understanding of the Windows heap internals and its processes. * Determined why existing techniques are unreliable * XP SP2 will greatly improve protection and stop all currently used techniques The full presentation can be found at: http://www.cybertech.net/~sh0ksh0k/heap/CSW04 - Reliable Windows Heap Exploits.ppt Source code accompanying the presentation can be found at: http://www.cybertech.net/~sh0ksh0k/heap/pre_xpsp2.zip Heap Based Overflow Exploitation After Windows XP Service Pack2: Agenda: * Practical Windows heap internals * How to exploit Win2K WinXP SP1 heap overflows * Assessment of WinXP SP2 improvements * How to exploit WinXP SP2 heap overflows The full presentation can be found at: http://www.cybertech.net/~sh0ksh0k/heap/XPSP2 Heap Exploitation.ppt Source code accompanying the presentation can be found at: http://www.cybertech.net/~sh0ksh0k/heap/xpsp2.zip Commented Example: A fully documented example on exploiting a heap overflow can be found at: http://www.cybertech.net/~sh0ksh0k/heap.txt It was originally written for the CanSecWest 2004 presentation. The code will work unchanged on Win2K SP0-SP4 and WinXP SP0-SP1.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.