The Design And Implementation Of Automatic Exploits Generation

With the popularization of the Internet,information security is facing huge threat nowadays.By attacking software vulnerabilities,one can get the information stored in mobile phones,computers and websites.Attackers and white hat hackers are all trying to find vulnerabilities in software.The former want to attack the systems by utilizing the vulnerabilities while the latter want to defense attacks by fixing the vulnerabilities.To prove a vulnerability is high-risk,the most reliable way is constructing an exploit for it.Therefore,attackers and defenders are both interested in researches on exploits.Usually,it requires rich low-level knowledge to construct exploits,including assembly languages,operating system,CPU architecture,etc.Undoubtedly,it is demanding for the operators.A software system in large scale performs complex calculations and contains a great number of branches.Therefore,it is difficult to analyze the data flow and control flow during manually constructing exploits.This paper presents an algorithm to generate exploits automatically.For a given binary code,the algorithm automatically discovers and analyzes vulnerabilities firstly and then creates well-constructed inputs according to the vulnerabilities.The inputs can be used to trigger vulnerabilities,hijack control flow and execute malicious codes.Firstly,fuzzing technology is used in the algorithm to automatically discover vulnerabilities and record the inputs leading to crash.Secondly,the algorithm performs taint analysis to get information about data flow and control flow.Thirdly,the algorithm analyzes the memory layout of the program to accommodate shellcode and trampoline instructions in memory.Finally,the algorithm modifies specific bytes of the inputs and generates exploits.During the implement of the algorithm,by using a dynamic binary instrumentation framework named Pin,the codes those generated dynamically during running can be analyzed.In addition,the algorithm combines a variety of shellcode and trampoline instructions.On the one hand,it can increase the probability of constructing exploits successfully.On another hand,it can also prevent checks for a specific type of trampoline instruction.The theoretical analysis and experimental results show that the proposed algorithm is effective.