Results 1 to 2 of 2

Thread: RPC via GDB - a primer/discussion

Hybrid View

  1. #1
    Member
    Join Date
    Jan 2010
    Posts
    70

    Default RPC via GDB - a primer/discussion

    I don't know how useful this might actually be on pentests. It's recently come up a few times in work, and also a few times on IRC, so I thought I'd write a little script and primer on using GDB and bash scripting to invoke remote procedures. In this case, remote is defined as "arbitrary process space," ie: remote is really not inter-system, but rather inter-process. I guess you might call this IPC, but there's almost nothing stopping you from using netcat + gdbserver, etc. You get the idea, I hope.

    Also, this is not exactly *NEW* information, but it's also not widely disseminated information. More precisely, it's one of those techniques which is either 1) completely useless except for as a toy, or 2) incredibly useful and powerful in niche situations. I can't really decide which, at the moment.

    So, without further ado, a resource link:
    http://aconole.brad-x.com/projects/rpc-hack

    What does this technique provide?
    Arbitrary process shell-code injection via gdb + bash, aka a "more pretty interface"

    What does this technique NOT provide?
    Generally speaking, you must already have privileges to debug the process, meaning you are possibly also in a position to stop, modify, and restart the process (but not always).

    Cases where this has been useful?
    - "I forgot to set a shell environment and now must restart a process which has a long (5+ minute) initial startup time"
    - "I ran some non-interactive program in the wrong working directory and need to move cwd"
    - "I need to dump some known internal data structures to the screen, or modify them on the fly without being -too- intrusive"

    -Aaron

  2. #2
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: RPC via GDB - a primer/discussion

    Nice job Orgcandman, good examples and explanation on your blog.
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

Similar Threads

  1. will there be a "new" general IT discussion forum
    By lund99 in forum Beginners Forum
    Replies: 4
    Last Post: 04-15-2010, 05:18 PM
  2. Replies: 2
    Last Post: 06-12-2009, 06:05 PM
  3. Wanted: General Discussion
    By Spyder_Snyper in forum OLD Specialist Topics
    Replies: 13
    Last Post: 06-04-2007, 12:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •