Black Magic Exploit Incantations

Software exploitation is definitely an art. Sometimes to gain control of a system, you need to chain together multiple vulnerabilities, which will eventually lead to some level of winning. Although, lo and behold, there comes a time in every hacker’s life when a vulnerability will present itself that is so simple to exploit that you can win with a single string. One line of input that puts you, the attacker, in control. Here are a few examples of the class of exploits I like to call “incantation exploits” that I could think of; some are classics, others more recent.

SQL Injection

For example, the old authentication bypass method.

admin’ or ‘1’=’1'-—

This method was used for a long time to escape the authentication process by telling the application that 1==1, or in other words, true . This allows the attacker to successfully authenticate without credentials. Woo!

ShellShock (CVE-2014–6271)

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

ShellShock was awesome because it was simple to exploit, locally or remotely, through environment variables. Adding a specially crafted line like the one above into a HTTP Header would execute the command on the right side of the bash -c statement. Fun stuff.

CVE-2017–0290

This one was not as hyped, but it is a critical vulnerability in Windows because it lies within the Microsoft Malware Protection Engine, installed and enabled by default on all recent versions. The vulnerability is particularly effective because it can be exploited through various different venues; basically anything that initiates the MPE, like: emails, SMS messages, files written to disk, etc.

https://twitter.com/natashenka/status/861748397409058816

var e = new Error(); 
http://e.toString.call ({message : 7 })
Vulnerabilities in MsMpEng are among the most severe possible in Windows, due to the privilege, accessibility, and ubiquity of the service.

You can read more about this vulnerability here.


What are some of your favorite exploit incantations?? Let me know in the comments 😈

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.