Archive for July, 2010

Alien Invasion Snow Leopard ROP Exploit

6th July 2010

Since I posted my EvoCam exploit I have spotted at least one other OS X exploit that used the same technique for gaining code exec on Leopard. I though it would be useful to take this exploit for UFO: Alien Invasion by dookie and see how easy it would be to modify it to use my technique above to get it to run on Snow Leopard.

(more…)

Tags: , ,

OSX ROP Exploit – EvoCam Case Study

6th July 2010

Introduction

OSX ROP exploit

This post follows on from my previous OS X exploit tutorial which demonstrated finding a buffer overflow in an OS X application and developing a working exploit for it. The technique used in that tutorial only worked on the previous incarnation of Apple’s OS X operating system known as Leopard (10.5.x).


I stupidly mentioned at the end of my previous post that future OS X exploit would likely rely on ROP based techniques in order to bypass non-executable memory protection and achieve code execution. I was then challenged by then Offensive Security team to produce a follow up post, so the obvious next port of call was to get my previous EvoCam exploit working on Snow Leopard.



(more…)

EDB Submission Guidelines Updates

1st July 2010

As part of our improvements in the Exploit Database, we are streamlining the exploit submission processing. We have slightly amended the Exploit Database Submission Guidelines to help speed up our processing – please check the new guidelines out!