What is the God Mode? This concept is came from yuange, it means if we turn on this God Mode, we can do anything we what. And What the God Mode really is? We know if we want to execute the script code in the browser to create a object like Shell.Application, the script engine will check the SafeMode. if this is set, it will block the code. That is the God Mode. Yuange also call this is DVE(Data Virtual Execution), This is just execute the script, not the binary code. So the ASLR,DEP,EMET,CFI all of the defense technology will be fail. What we are going to do is to clear the SafeMode flag. (Notice: All the following code is …..
Thanks ga1ois give us a very excellent lecture about the Art of Leaks in the consecwest. He found this way can read/write any memory of the process. Cool! And I upload the ppt here!The+Art+of+Leaks+-+read+version+-+Yoyo also you can download the ppt from his github. https://github.com/ga1ois/CanSecWest2014/blob/master/The Art of Leaks – read version – Yoyo.pdf Now I write some demo codes here
Recently I am doing some analysis for the CVE-2013-3893. I found the exploit code from the web, and I replace the original shellcode with my shellcode which could popup a calc.exe. (basically, I use the metasploit to generate the shellcode.) But strange thing happened, it doesn’t work. I laid some nops before the shellcode, it can successfully jump to the nops code, but when finished executing the shellcode, i was surprising that it crashed.
In the blackhat 2013, ZDI publish a paper about the US-13-Gorenc-Java-Every-Days-Exploiting-Software-Running-on-3-Billion-Devices. In this white paper, they mention a new way to exploit the native java vulnerability, which using the Statement Object can easily bypass the DEP and ASLR. But how do they do it. Recently, the Packet Storm Security published two new Native Java Vulnerabilities Exploits using the Statement Class. And we can find the detail from them. I will explain the details for you!