Exploits

Definition

Is a piece of software, chunk of data, sequence of commands that take advantage of a vulnerability in an system

Classification

Often classified by their action

• Unauthorized data access
• arbitrary code execution
• denial of service
• privilege escalation

Characterization

• local exploit
• remote exploit
• client-side exploit
  often requires some user action
  drive by attacks trigger fore example by malicious website
• server side exploit
• 0-day exploit

Stack Layout

	CPU Registers
esp	stack pointer points to the top of the stack
ebp	base pointer points to the bottom of the current stack frame (4bytes above ret address)
eip	instruction pointer (points to stack address that is executed next)

Function Calls and Exit

When a Child Function is about to be executed there is a “call” instruction which does the following:

1. create a new stack frame by pushing EIP to the stack (ret address)
   • in case there are parameters, they are pushed to the current stack frame first
   • the address provided to the call instr. is loaded into EIP
2. function prologue is executed
   • pushes the EBP of the current (parent) function to the stack (saved EBP in childs stack frame)
   • current value of ESP is stored in EBP marking the the base of the new stack frame
   • space for local variables is allocated by altering the ESP
3. the function performs it’s job
4. the epilogue of the function is executed
   containes the leave instr. followed by a RET instruction
   • leave:
     ESP = EBP
     POP EBP -> ESP points now to the RET Address
   • ret:
     pops the return address off the stack into EIP > program continues execution just after from where the function called was made