Monday, July 6, 2015

12 byte code cave inside an elf header

So I was playing around with minimalism, and I like to get pretty dirty when this happens. So i started seeing what i could corrupt in an elf header until Linux refused the binary. I found that I could corrupt the twelve bytes directly following the magic sequence. This has some interesting side effects. The first being that all debugging software I attempted to run this in refused to acknowledge that it was even an executable lol. readelf was able to see that there was in fact an elf header, but gave back false information. The GNU file command can see that it is in fact an elf, but doesn't recognize anything other than that, given that most of that information was defaced. The incredibly scary bit is that Linux is able to in fact run this file without any issue lol.

No comments :

Post a Comment