3

A Journey Combining Web Hacking and Binary Exploitation in Real World!

 2 years ago
source link: https://blog.orange.tw/2021/02/a-journey-combining-web-and-binary-exploitation.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

A Journey Combining Web Hacking and Binary Exploitation in Real World!

Hi, this blog post is just a short post to address the technique part in one of my Red Team cases last year. I believe it's worth sharing, so I reproduced this in my lab environment and made this topic. This topic is also presented in RealWorld CTF Live Forum and OWASP Hong Kong 2021 Techday. It's also on YouTube now! Although it is speaking in Mandarin, the slides and subtitles are in English :P

As a result, we combined a type juggling 0day on PHPWind to crack the secret key and PHP Use-After-Free(CVE-2015-0273) on an encrypted PHPWind unserialized() call to pop out shells on our target server. Since the target environment is unknown to us, the hard part is to build all things blindly. Although there is already a famous case about exploiting PHP Use-After-Free on PornHub Bug Bounty, our environment and exploitation steps are different! Here I would also like to thank my colleague Meh Chang for working together. Please check the slides and video for details!


About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK