Articles by ‘didn0t’

Alien Invasion Snow Leopard ROP Exploit

6th July 2010

Since I posted my EvoCam exploit I have spotted at least one other OS X exploit that used the same technique for gaining code exec on Leopard. I though it would be useful to take this exploit for UFO: Alien Invasion by dookie and see how easy it would be to modify it to use my technique above to get it to run on Snow Leopard.

(more…)

Tags: , ,

OSX ROP Exploit – EvoCam Case Study

6th July 2010

Introduction

OSX ROP exploit

This post follows on from my previous OS X exploit tutorial which demonstrated finding a buffer overflow in an OS X application and developing a working exploit for it. The technique used in that tutorial only worked on the previous incarnation of Apple’s OS X operating system known as Leopard (10.5.x).


I stupidly mentioned at the end of my previous post that future OS X exploit would likely rely on ROP based techniques in order to bypass non-executable memory protection and achieve code execution. I was then challenged by then Offensive Security team to produce a follow up post, so the obvious next port of call was to get my previous EvoCam exploit working on Snow Leopard.



(more…)