Infoz
|
Who:
|
Hackers like you.
|
What:
|
ToorCon 9
|
When:
|
October 19th-21st, 2007
|
Where:
|
San Diego Convention Center
|
Why:
|
What could possibly go wrong?
|
|
|
|
Speeding up the exploits' development process
Jerome Athias
Exploit writers have basically always to deal with the same scenario. The exploit development process includes the following tasks:
1) Finding the bug (nowadays it is often done using a fuzzer)
2) Analyzing the bug (commonly done using a debugger, except for some vulnerabilities like XSS or SQL injection, etc)
3) Writing the PoC (people will use their preferred language: C, Perl, Python... )
It introduces some tasks like:
- Writing shellcodes
- Debugging / Reverse engineering / Dead listing
- Finding the space available for the shellcode
- Dealing with badchars
- Finding a return address
- Evasive techniques / Polymorphism
4) Writing the exploit
Making it reliable, with various targets support, etc
Problems:
To accomplish this process, an exploit writer will use various tools (softwares, scripts, pieces of code,...) and will often have to repeatedly do the same tasks, again and again... to obtain a nice and reliable exploit.
Each writer will use his preferred coding language; resulting to anarchy in the exploits directory of the pentester. The parameters having to be passed to the exploits, the name of the variables used, the design of the code, the details provided with the exploit, etc – all of this will vary from an exploit to another. Hopefully, some guys think about it. It's the case for the Metasploit team.
*Description:*
The Metasploit framework includes a lot of tools for the exploits development process and is designed for reusability of the pieces of code commonly used in exploits. By the way, there is globally a lack of all-in-one package for the exploit development process, coming with a GUI and special built-in features to speed up the exploit development.
Today, my goal is to show you my answer to this. Its codename is: MSF eXploit Builder, aka MSF-XB, or the « Exploits Development Wizard »
==> This tool includes a lot of functionalities to speed up the exploit development process, to build reliable exploits and generate Metasploit framework compliant exploits modules.
A live demo of how to use MSF-XB to write some exploits will be done.
|
