Cargando…
HAEPG: An Automatic Multi-hop Exploitation Generation Framework
Automatic exploit generation for heap vulnerabilities is an open challenge. Current studies require a sensitive pointer on the heap to hijack the control flow and pay little attention to vulnerabilities with limited capabilities. In this paper, we propose HAEPG, an automatic exploit framework that c...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7338205/ http://dx.doi.org/10.1007/978-3-030-52683-2_5 |
| _version_ | 1783554636135792640 |
|---|---|
| author | Zhao, Zixuan Wang, Yan Gong, Xiaorui |
| author_facet | Zhao, Zixuan Wang, Yan Gong, Xiaorui |
| author_sort | Zhao, Zixuan |
| collection | PubMed |
| description | Automatic exploit generation for heap vulnerabilities is an open challenge. Current studies require a sensitive pointer on the heap to hijack the control flow and pay little attention to vulnerabilities with limited capabilities. In this paper, we propose HAEPG, an automatic exploit framework that can utilize known exploitation techniques to guide exploit generation. We implemented a prototype of HAEPG based on the symbolic execution engine S2E [15] and provided four exploitation techniques for it as prior knowledge. HAEPG takes crashing inputs, programs, and prior knowledge as input, and generates exploits for vulnerabilities with limited capabilities by abusing heap allocator’s internal functionalities. We evaluated HAEPG with 24 CTF programs, and the results show that HAEPG is able to accurately reason about the type of vulnerability for 21 (87.5%) of them, and generate exploits that spawn a shell for 16 (66.7%) of them. All the exploits could bypass NX [25] and Full RELRO [28] security mechanisms. |
| format | Online Article Text |
| id | pubmed-7338205 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-73382052020-07-07 HAEPG: An Automatic Multi-hop Exploitation Generation Framework Zhao, Zixuan Wang, Yan Gong, Xiaorui Detection of Intrusions and Malware, and Vulnerability Assessment Article Automatic exploit generation for heap vulnerabilities is an open challenge. Current studies require a sensitive pointer on the heap to hijack the control flow and pay little attention to vulnerabilities with limited capabilities. In this paper, we propose HAEPG, an automatic exploit framework that can utilize known exploitation techniques to guide exploit generation. We implemented a prototype of HAEPG based on the symbolic execution engine S2E [15] and provided four exploitation techniques for it as prior knowledge. HAEPG takes crashing inputs, programs, and prior knowledge as input, and generates exploits for vulnerabilities with limited capabilities by abusing heap allocator’s internal functionalities. We evaluated HAEPG with 24 CTF programs, and the results show that HAEPG is able to accurately reason about the type of vulnerability for 21 (87.5%) of them, and generate exploits that spawn a shell for 16 (66.7%) of them. All the exploits could bypass NX [25] and Full RELRO [28] security mechanisms. 2020-06-11 /pmc/articles/PMC7338205/ http://dx.doi.org/10.1007/978-3-030-52683-2_5 Text en © Springer Nature Switzerland AG 2020 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Zhao, Zixuan Wang, Yan Gong, Xiaorui HAEPG: An Automatic Multi-hop Exploitation Generation Framework |
| title | HAEPG: An Automatic Multi-hop Exploitation Generation Framework |
| title_full | HAEPG: An Automatic Multi-hop Exploitation Generation Framework |
| title_fullStr | HAEPG: An Automatic Multi-hop Exploitation Generation Framework |
| title_full_unstemmed | HAEPG: An Automatic Multi-hop Exploitation Generation Framework |
| title_short | HAEPG: An Automatic Multi-hop Exploitation Generation Framework |
| title_sort | haepg: an automatic multi-hop exploitation generation framework |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7338205/ http://dx.doi.org/10.1007/978-3-030-52683-2_5 |
| work_keys_str_mv | AT zhaozixuan haepganautomaticmultihopexploitationgenerationframework AT wangyan haepganautomaticmultihopexploitationgenerationframework AT gongxiaorui haepganautomaticmultihopexploitationgenerationframework |