Chapter 23. Writing Exploits that Work in the Wild

Every bug has a story. A bug is born, lives, and then dies, often without ever being discovered or exploited. For a hacker, each bug is a golden opportunity to create an exploit, a magic spell that turns any vulnerable wall into a door. But it's one thing to create a spell that works in the lab and a completely different thing to create one that works in the electric jungle that is the modern Internet. This chapter focuses on creating exploits that can be used successfully in the wild.

Factors in Unreliability

This section of the chapter covers the various reasons your exploit may not work reliably in the wild. Keep in mind that although there are many reasons for your exploit not to work, as Anakata says, "even a blind chicken finds a seed occasionally."

Magic Numbers

Some vulnerabilities, such as the RealServer stack overflow described in Chapter 17, lend themselves to reliable exploitation. Others, such as the dtlogin heap double-free, are nearly impossible to reliably exploit. However, it's impossible to know how reliable you can make a given exploit until you try it. In addition, exploiting more and more difficult vulnerabilities is the only way in which to learn new techniques. Merely reading about a technique will never truly give you the essential knowledge of how to use that technique. For these reasons, you should always make the extra effort to make your exploits as reliable as possible. In some instances, you'll have a perfectly ...

Get The Shellcoder's Handbook: Discovering and Exploiting Security Holes, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.