lab4 - ls The PATH environment variable Debug mode Most...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Injection Mark Shtern
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Example Code from old IRIX login screen: char buf[1024]; snprintf(buf, "system lpr -P %s", user_input, sizeof(buf)- 1); system(buf); Attack: FRED; xterm&
Background image of page 2
Injections Injection problems occur when untrusted data is Placed into trusted data Passed to some sort of compiler or interpreter Treated as something other than data
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Impact Privilege escalation Information Leakage Control of a victim machine Denial of Service Access to victim resources Software unlocking
Background image of page 4
Attack ideas Code injection into script (eval, execv) Module Substitution (DLL injection, Java class injection) System call, external command, environment variable substitution Debug mode
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
DLL injection Linker dynamically load modules Linux LD_PRELOAD="./test.so" prog Windows HKEY_LOCAL_MACHINE\SOFTWARE\Microso ft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
Background image of page 6
Substitute external command Example system(“ls -l”); Execution depends on The binary code associated with
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 8
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 10
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ls The PATH environment variable Debug mode Most industrial applications contain hidden debug hooks They can be used for good or for evil Java class injection Java VM loads classes dynamically Attacker may substitute any Java class Develop new class with the same signature Modify existing class Modify existing class Decompile Java class Modify source code Compile modified source code Overwrite original class Injection Countermeasures Validate user input Do not store confidential information in the source code Deploy obfuscated code Use least privileges design concept Do not pass user input to an interpreter Digitally sign production code Tools Debuggers (gdb, WinDgb) Java decompilers (Jode, JD ) Java code obfuscators (Jode, ProGuard) IDE (Eclipse, Netbeans, Visual Studio 2008/2010)...
View Full Document

This note was uploaded on 02/13/2012 for the course CSE 1520 taught by Professor Kemeny during the Fall '08 term at York University.

Page1 / 12

lab4 - ls The PATH environment variable Debug mode Most...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online