Pbaeg: Combine-Vulnerabilities Aeg to Defeat Protection Mechanisms

Yu Wang,You Zhai,Zhoujun Li,Yipeng Zhang
DOI: https://doi.org/10.2139/ssrn.4632938
2023-01-01
Abstract:Automatic exploit generation (AEG) refers to the process of automatically finding the path in the program that can trigger vulnerabilities and generate exploits. The existing AEG usually sets the preset environment ideally, which does not enable all protection mechanisms. In response to this situation, we propose an exploit generation system Protection Bypass Automatic Exploit Generator (PBAEG) which automatically detects stack overflow vulnerabilities and format string vulnerabilities. Then PBAEG combines the above two vulnerabilities to generate exploits. PBAEG uses symbolic execution and dynamic binary analysis to find the above two vulnerabilities, adopts different exploit generation strategies for different protection mechanisms, and defeats Non-Executable (NX), Position-Independent Executable (PIE), Canary, and Address Space Layout Randomization (ASLR) protection mechanisms. At the same time, for some difficult-to-exploit situations, advanced stack overflow exploitation methods are applied to generate exploits. Finally, we also use docker to simulate the remote environment to test the ability of PBAEG to attack the remote environment. Experiments show that PBAEG can complete the vulnerability detection and exploitation generation of 124 binary files, 22 capture-the-flag (CTF) binary files, and 10 public softwares, which takes a shorter time than the existing AEG and covers more types of vulnerabilities.
What problem does this paper attempt to address?