Reputation: 285
How does the non executeable exploit work?
Hello the question is how works non executable exploit's, when i say non executable i mean those who don't have the file extension .exe, like word exploits .doc or other. How did they make some executable action if they are not compiled?
Upvotes: 0
Views: 512
Answers (2)
Reputation: 3851
That varies from exploit to exploit.
While .doc isn't an executable format it does contain interpreted vba code which is generally where the malicious content was hidden. When you opened the document there would be an onOpen event or some such fired which would execute the malicious payload. Hence why most office installations have macro's disabled by default these days, far too much scope for abuse.
There are also plenty of things that will run on your system without being a .exe for example .com, .vbs, .hta
Then there are formats which have no normal executable content but can be attacked in other ways, usually taking advantage of poorly written routines to load the files which can allow things like buffer overflows
Upvotes: 2
Reputation: 94267
The other way is to exploit bugs in the code that handles those files. Often this will be a 'buffer overflow'. Perhaps the code is expecting a header of 100 bytes, but the malicious file has 120 bytes. That causes the program to overwrite some other data in its memory, and if you can smash the 'stack' with your extra bytes it's possible to redirect the processor to a 'payload' code embedded in your file.
google "buffer overflow exploit" for more.
Upvotes: 1
Related Questions
- Can't understand the buffer overflow example in "The Art of Exploitation"
- Nop Sled, can you explain it to me?
- How can I explain the behavior of the following shellcode exploit?
- Why does it work in PHP?
- How is DEP(Data Execution Prevention) bypassed?
- Purpose of _never_executed()?
- Explain ASLR exploit written in x86 assembly language
- Puzzled by exploit example?
- Why use buffer overflow exploit?
- Why this code is exploitable?