About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

CVE-2017-12542: iLO Auth Bypass- 345

Fabien Perigaud - SynackTIVPosted 5 Years Ago
  • Most of the time, buffer overflows are exploited by using memory corruption primitives. With these cases, people will report a buffer overflow in some IoT device processing but a good chunk of these are not actually exploitable. For instance, you might need to brute force a stack cookie and defeat ASLR. So, no POC ever surfaces.
  • In this case, a handler of the Connection header had a heap based buffer overflow in it. But, instead of leaving this as is, they went deeper.
  • It appears that some sort of authorization data is being held near the connection header. Attackers learned that by sending exactly 29 A's that all authorization for all requests on the device were bypassed! Damn, defeating authorization with ONLY A's is awesome.
  • I found interesting because it was a case of a buffer overflow leading to compromise without relying on deeper binary exploitation primitives. In the future, with all of the binary protections, this may be the future.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed