Skip to main content
DEF CON 30 - Martin Doyhenard - Internet Server Error - Exploiting Interprocess Communication
In this talk I will show how to reverse engineer a proprietary HTTP Server in order to leverage memory corruption vulnerabilities using high level HTTP protocol exploitation techniques. To do so, I will present two critical vulnerabilities, CVE-2022-22536 and CVE-2022-22532, which were found in SAP's proprietary HTTP Server, and could be used by a remote unauthenticated attacker to compromise any SAP installation in the world. First, I will explain how to escalate an error in the request handling process to Desynchronize data buffers and hijack every user’s account with Advanced Response Smuggling. Furthermore, as the primitives of this vulnerability do not rely on header parsing errors, I will show a new technique to persist the attack using the first Desync botnet in history. This attack will prove to be effective even in an “impossible to exploit” scenario: without a Proxy! Next I will examine a Use-After-Free in the shared memory used for Inter-Process Communication. By exploiting the incorrect deallocation, I will show how to tamper messages belonging to other TCP connections and take control of all responses using Cache Poisoning and Response Splitting theory. Finally, as the affected buffers could also contain IPC control data, I will explain how to corrupt memory address pointers and end up obtaining RCE.
Hello and welcome to the temple of cybersecurity. Now you are watching DEF CON 30 - Martin Doyhenard - Internet Server Error - Exploiting Interprocess Communication published at October 20, 2022 at 02:39PM.
For more hacking info and free hacking tutorials visit: https://ift.tt/a0WuFiK
follow us on:
Youtube: https://www.youtube.com/channel/UCiu1SUqoBRbnClQ5Zh9-0hQ/
Whatsapp: https://ift.tt/IUvjYTr
Reddit: https://ift.tt/kdgqKhD
Telegram: https://ift.tt/bQKvCq7
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/wKuknQA
Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news
Comments
Post a Comment