Freebsd kernel remote code execution [RCE]: Introduction

Hello.

Kernel exploitation has been a very interesting subject.
It's the central core of the OS. Consequence, it's offer a huge amount  attack surface. You got a lot of fun in the way of exploring it.

In this blog series, I'll share a general techniques that can be applied for a stack based kernel remote buffer overflow in the context of FreeBSD operating system.

My main goal while doing this was to practice the exploitation of a remote kernel bug. Even if it's not a real world bug, the techniques applied will be the same. Generally, you can apply all the techniques here to exploit a remote stack buffer overflow bug in kernel space.

Some techniques is not new at all, these has been used on Linux kernel and others kernel, but not for FreeBSD publicly as far as i know. So again one reason i choose to do this on FreeBSD.

The series will be broken into 4 parts:
- First part: Setting up environment: Freebsd kernel remote debugging.
- Secd part: Freebsd kernel stack unrolling and safe return.
- Third part: Freebsd kernel backdoor deployment.
- Fourth part: Freebsd kernel payload installation and process hijacking.

See you soon.

Comments

Post a Comment