{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

lab4 - ls – The PATH environment variable Debug mode •...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Injection Mark Shtern
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Example Code from old IRIX login screen: char buf[1024]; snprintf(buf, "system lpr -P %s", user_input, sizeof(buf)- 1); system(buf); Attack: FRED; xterm&
Background image of page 2
Injections Injection problems occur when untrusted data is Placed into trusted data Passed to some sort of compiler or interpreter Treated as something other than data
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Impact Privilege escalation Information Leakage Control of a victim machine Denial of Service Access to victim resources Software unlocking
Background image of page 4
Attack ideas Code injection into script (eval, execv) Module Substitution (DLL injection, Java class injection) System call, external command, environment variable substitution Debug mode
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
DLL injection Linker dynamically load modules Linux LD_PRELOAD="./test.so" prog Windows HKEY_LOCAL_MACHINE\SOFTWARE\Microso ft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
Background image of page 6
Substitute external command Example system(“ls -l”); Execution depends on The binary code associated with
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 8
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 10
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ls – The PATH environment variable Debug mode • Most industrial applications contain hidden debug hooks • They can be used for good or for evil Java class injection • Java VM loads classes dynamically • Attacker may substitute any Java class – Develop new class with the same signature – Modify existing class Modify existing class • Decompile Java class • Modify source code • Compile modified source code • Overwrite original class Injection Countermeasures • Validate user input • Do not store confidential information in the source code • Deploy obfuscated code • Use least privileges design concept • Do not pass user input to an interpreter • Digitally sign production code Tools • Debuggers (gdb, WinDgb) • Java decompilers (Jode, JD ) • Java code obfuscators (Jode, ProGuard) • IDE (Eclipse, Netbeans, Visual Studio 2008/2010)...
View Full Document

{[ snackBarMessage ]}