If you were to create a socket listening on a different port altogether, it would lose reliability given most targets would typically be behind a firewall. You may be asking - why not just create a new socket? The reason for this, is that a socket is bound to a port - meaning you are not able to create a new socket on a port that is already in use. This is the end goal of a socket reuse exploit.īy identifying the location of a socket, it is possible to listen for more data using the recv function and dump it into an area of memory that it can then be executed from - all with only a handful of instructions that should fit into even small payload spaces. Now, as a socket represents a connection to another host, if you have access to it - you can freely call the corresponding send or recv functions to perform network operations. A socket can then either be passed to a listen function (indicating that it should listen for new connections and accept them), or passed to a connect function (indicating it should connect to another socket that is listening elsewhere) simple stuff. Although the target audience of this post will most likely know this, let’s go over it for completeness sake!īelow is a small diagram (courtesy of Dartmouth) which illustrates the sequence of function calls that will typically be found in a client-server application:Īs you can see, before any connection is made from either the server or client, a socket is first created. What is Socket Reuse?īefore we dive into a practical example, it’s important to cover some basics as to how network based applications work. There are usually a magnitude of ways that you can work around this, one of those ways, which will be demonstrated in this post, is socket reuse. When creating exploits, sometimes you may run into a scenario where your payload space is significantly limited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |