Computer Exploit

Few day ago, I found interesting paper about how beacon/exploit work underlying cobaltstrike/metasploit - A tool for aiding computer exploitation and controling it, which make them become choosen tool for red teaming a.k.a cyberattack.

This field also full with jargon and idiom that kinda confusing to follow but have interesting side to know.

Like exploit and payload, previously I though this on particular program that work out to breach computer vulnerability for sustaining access inorder to control from a far like zombies.

Actulally, that separated entities. Think a watergun, the gun itself is an exploit that carry the attack and the water is payload what need to delivered to the target.

Then, what is exploit?

Exploit is a program/script that intended to take advantage from other program vulnerability to do something for us. Like parasite that invested in plant or animal, also considered as part of malware familia.

The famous example is Eternal Blue exploit that leverage vulnerability of Windows SMB protocol service which allow attacker to do remote code execution in target computer.

The vulnerability know as MS17-010, and also the precursor of the WannaCry ransomware outbreak that use this exploit.

Vulnerable computer? so computer is get sick!

Vulnerablity is a logic weakness or improper computation that cause program behaivour goes of track such error or fault that expose sensitive information.

This can be took analogy as inflamatory, if some wound untreated then it will invite various germ that severing the wound and lead to unreversible thing like dead or premature development.

So does vulnerability, it will smelled by uninvited guest hacker then throw malware that make your computer invetiably sick, or if lucky there a chance person that nicely tell you there a vulnerability.

How vulnerability manifested at first place?

Its depens on the program and cirscuminstance. In here we specifically talk about program vulnerability, that field that known study this is Application Security.

The many type of category of vulnerabilty such Buffer Overflow, SQL Injection and much more. Not all vulnerabilty be able to stage a payload that will cause further security escalation such remote code execution or privilege escalation.

The root of cause is human itself, like have been said by old sage of programming (Alan J. Perlis) : We write program for two thing, the behaviour we wanted and whatnot.

The vulnerability capability have score that determine how severe it was like how far it can dive deep in to system, it called Common Vulnerabilty Scoring System (CVSS).

Payload

Troya horse is good story in military that utilize huge horse statue made of wooden to inflitrate Keep in ancient Greek era. The horse statue is not ordinary statue. The horse is hollow inside that able hidden the assault team in it.

The horse sended to adversary castle. The hourse statue work as diversion to able pass the guard at the gate. After that, the Horse unload it bagage at secure place then the assault team began it job.

It victorious as conquest and one of military briliance in history.

That analogy for the payload. Payload is the assault team in side the Horse statue and the Horse statue is the exploit. To simplify, Exploit host a payload that will executed after the exploit success breach through vulnerability.

Payload is program do what we wish to the targeted computer. Payload either can be backdoor keep the computer in check, wiper to erase all the data, ransomeware to extort people or the other thing which the limit is your mind.

Even, you could exploit to apply the patch that fix the vulnerabilty to prevent futher exploitation, if you want to?

How to create exploit ?

The first thing first, basic understanding of computer and programming itself. Obviously, self-explanatory, if you want to create exploit you need able to create program first and understand how computer works and treat thing inside it.

Second, considerate understanding about cybersecurity (especially application security) and grasp about pattern of common exploit and vulnerability in program. What type of vulnerability likely occur in web app rather desktop? what reverse engineering purpose? that question should we able to answer.

Of course, Can not be say understand if not hands dirty with practice, learn from DVWA could be help for test bed to get first-hand experiences.

This tips maybe oversimplify but that doable.

The last develop your exploit. If you spot some vulnerability, It nice to your create script that able to exploit it automatically or develop exploit workaround that make exploit beable do sophisticated thing such load payload. Again, this last part the limit is your imagination and what computer can do.

Patch-Up!

To prevent vulnerability to be exploited by uninvited guest, you should the first person who notice and make mitigation such disallow certain input that make exploit execution possible at first place.

Giving layer indirection to filter certain input to dispose exploit maybe good option for first mitigation, like putting filter in .htaccess file to tell Apache HTTPD to drop request if the SQL pattern in HTTP Request Or maybe in binary executable form, patching binary assembly could work as temporary work around.

The real patch-up fix is analyze the source code to where point lies vulnerability then fix the logic mistake.