Windows 7 ASLR+DEP cracked. Crack released

By ilev
in Smart Home, Network & Security

 Share

Recommended Posts

Experienced

ilev

Posted
Posted

Google Researcher Ships Exploit to Defeat ASLR+DEP : http://threatpost.com/en_us/blogs/google-researcher-ships-exploit-defeat-aslrdep-030110?utm_source=Newsletter_030210&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=

A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft's Windows operating system.

The exploit, released by Google security researcher "SkyLined," uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms.

SkyLined (real name Berend-Jan Wever) is best known for introducing heap-spraying in Web browsers, a technique used in exploits to facilitate arbitrary code execution. He previously worked at Microsoft before leaving in 2008 to work on security Google's Chrome browser.

"I am releasing this because I feel it helps explain why ASLR+DEP are not a mitigation to put a lot of faith in, especially on x86 platforms," SkyLined wrote on his blog. "32-bits does not provide sufficient address space to randomize memory to the point where guessing addresses becomes impractical, considering heap spraying can allow an attacker to allocate memory across a considerable chunk of the address space and in a highly predictable location," he added.

The code in this exploit shows how to abuse this to perform a ret-into-libc attack when you can predict or, through information leakage, determine the location of modules (exe, dll) in the process? memory.

Grand Master

XerXis

Posted
Posted

Google Researcher Ships Exploit to Defeat ASLR+DEP : http://threatpost.com/en_us/blogs/google-researcher-ships-exploit-defeat-aslrdep-030110?utm_source=Newsletter_030210&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=

A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft's Windows operating system.

The exploit, released by Google security researcher "SkyLined," uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms.

SkyLined (real name Berend-Jan Wever) is best known for introducing heap-spraying in Web browsers, a technique used in exploits to facilitate arbitrary code execution. He previously worked at Microsoft before leaving in 2008 to work on security Google's Chrome browser.

"I am releasing this because I feel it helps explain why ASLR+DEP are not a mitigation to put a lot of faith in, especially on x86 platforms," SkyLined wrote on his blog. "32-bits does not provide sufficient address space to randomize memory to the point where guessing addresses becomes impractical, considering heap spraying can allow an attacker to allocate memory across a considerable chunk of the address space and in a highly predictable location," he added.

The code in this exploit shows how to abuse this to perform a ret-into-libc attack when you can predict or, through information leakage, determine the location of modules (exe, dll) in the process memory.

so first of all it targets an already patched bug, and secondly, on 64 bit the chances of success are astronomically small. Yeah, i'm not going to loose any sleep over this

Grand Master

zhangm Supervisor

Posted
  • Supervisor
Posted

We'll just take it straight from the original source:

***UPDATE*** It appears that some people need a little more detail to figure out what is going on:

?this exploit targets a bug that was already fixed in MSIE 6.0 in 2005,

?This exploit does not defeat ASLR, it only shows how to defeat DEP if ASLR is disabled or if you can bypass it.

Enthusiast

Xav

Posted
Posted

Why does the title say Windows 7?

Windows 7 doesn't include IE6

ASLR+DEP were introduced in Vista?

The author says it doesn't defeat ASLR, only DEP if ASLR is disabled?

  • this exploit targets a bug that was already fixed in MSIE 6.0 in 2005,
  • This exploit does not defeat ASLR, it only shows how to defeat DEP if ASLR is disabled or if you can bypass it.

I'd consider retracting or at least amending the original post...

http://skypher.com/index.php/2010/03/01/internet-exploiter-2-dep/

Grand Master

XerXis

Posted
Posted

Why does the title say Windows 7?

Windows 7 doesn't include IE6

ASLR+DEP were introduced in Vista?

The author says it doesn't defeat ASLR, only DEP if ASLR is disabled?

I'd consider retracting or at least amending the original post...

http://skypher.com/index.php/2010/03/01/internet-exploiter-2-dep/

yeah, and there is no way to defeat ASLR on a 64 bit system, unless you brute force it, which would take years. This is just a sensational title without any merit to it

Grand Master

hdood

Posted
Posted

Hmmm, all of a sudden I'm a little less concerned about it.

Yes, if the OP had taken time to read before posting, he would see that the guy is just releasing an exploit he wrote back in 2005 and didn't feel was wise to disclose at the time (because it bypassed DEP.) There's nothing new here.

Enthusiast

Xav

Posted
Posted

Yes, if the OP had taken time to read before posting, he would see that the guy is just releasing an exploit he wrote back in 2005 and didn't feel was wise to disclose at the time (because it bypassed DEP.) There's nothing new here.

Looking at his post history the OP has a habit of reposting other peoples news as new threads, I'm not a fan of the spam myself, even less so when it's this misleading.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.