Payload Construction Considerations
Assuming your efforts lead you to construct a proof of concept exploit for the vulnerable condition you have discovered, your final task will be to properly combine various elements into input for the vulnerable program. Your input will generally consist of one or more of the following elements in some order:
Protocol elements to entice the vulnerable application down the appropriate execution path
Padding, NOP or otherwise, used to force specific buffer layouts
Exploit triggering data, such as return addresses or write addresses
Executable code, that is, payload/shellcode
If your input is not properly crafted, your exploit is not likely to work properly. Some things that can go wrong include the following:
Get Gray Hat Hacking, Second Edition, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
