Bestand wählen
Merken

Runtime Process Infection (part 2)

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
on so because I'm running as a different
user action have to use pseudo or you know after getting route In order to do this if I were running as the dub dub dub USA as the same user as engine axis is running I would have to do that because I'm targeting genetic so of the
here it is 10
25 so what this commanders in checks shared object on test it's the name of
my shellcode my shellcode file and this is the path
to the malicious shared
object that I'm going to reject inject and we see is the function I'm going to hold I we Oh yes
actually along yeah because I have to be of the if quite a
bit no yes I do but so you
see that it's got you know engine exploded and there's probably
that's probably the top line now is probably the heat and then it's got the run-time linker loaded and all the stuff for
credits and PCR and I and hashing libraries and and let's see you have start let's see and with thread the actually what we have to do is we don't know what the run-time linker usually does is in its default configuration it does lady lazy on resolving of functions so the very 1st time you run the very 1st time you run a function you you call a function its address it's not actually not in the GOT it's at the address that's in the GOT is a is a stub address for that points around link and then the run-time linker actually goes and resolves and replaces the GOT addressed the we with that with that country with the with the result that so reduce can connect and medical
received and now we'll do
our injections that some
debugging output there and actually I need to sure goes there that's so I just
restarted and genetics because the already injected the stuff so I need to show show you guys
that when I enter my custom string isn't it doesn't drop me into a shell so now I am going to for in the are going to
inject into the process and now we're
dropped into shell crazy
thank good you thing about the so that is
the presentation does anyone
have any further questions the
Resultante
Stellenring
Punkt
Nabel <Mathematik>
Adressraum
Kartesische Koordinaten
Extrempunkt
Computeranimation
Gruppentheorie
Kommandosprache
Klon <Mathematik>
Gasdruck
Tropfen
System-on-Chip
Default
Gerade
Funktion <Mathematik>
Softwaretest
Lineares Funktional
Gruppe <Mathematik>
Kryptologie
Natürliche Sprache
Stochastischer Prozess
Suite <Programmpaket>
Funktion <Mathematik>
Einheit <Mathematik>
Wurzel <Mathematik>
ATM
Hauptidealring
Dynamisches RAM
Ordnung <Mathematik>
Zeichenkette
Arithmetisches Mittel
Spyware
Stochastischer Prozess
Gruppenoperation
Dezimalbruch
Kombinatorische Gruppentheorie
W3C-Standard
Fermatsche Vermutung
Thread
Gammafunktion
Elektronische Publikation
Konvexe Hülle
Konfigurationsraum
Routing
Elektronische Publikation
Binder <Informatik>
Nabel <Mathematik>
Objekt <Kategorie>
Witt-Algebra
Injektivität
Fibonacci-Folge
Manufacturing Execution System

Metadaten

Formale Metadaten

Titel Runtime Process Infection (part 2)
Serientitel The Technical BSD Conference 2013
Autor Webb, Shawn
Lizenz CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/19177
Herausgeber Berkeley System Distribution (BSD), Andrea Ross
Erscheinungsjahr 2013
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract This presentation will instruct participants on how to inject arbitrary code into a process during runtime. Writing malware on Linux isn't an easy task. Anonymously injecting shared objects has been a frightful task that no one has publicly implemented. This presentation will show how and why malware authors can inject shared objects anonymously in 32bit and 64bit linux and 64bit FreeBSD. The presenter will be releasing a new version of a tool called libhijack. libhijack aims to make injection of arbitrary code and shared objects extremely easy. There will be a live demo injecting a root shell backdoor into multiple programs during runtime.

Ähnliche Filme

Loading...
Feedback