OWASP Malta Chapter Meeting, April, 2018

Title: Porting a Proof of Concept C code into universal python exploit (OpenSSH).

When: Thursday 19th April 2018 at 18:30


OpenSSH lets you grant SFTP access to users without allowing full command execution using “ForceCommand internal-sftp”. However, if you misconfigure the server and don’t use ChrootDirectory, the user will be able to access all parts of the filesystem that he has access to – including procfs. On modern Linux kernels (>=2.6.39, I think), /proc/self/maps reveals the memory layout and /proc/self/mem lets you write to arbitrary memory positions.

This talk will provide an overview of the exploitation process for the OpenSSH vulnerability and the challenges and techniques used to create a universal exploit for 32 and 64 bit architectures.

Where: MCAST IICT – MCAST Main Campus, Triq Kordin, Paola PLA 9032

Map: https://goo.gl/maps/W6gUjDb19xo

More Information: https://www.owasp.org/index.php/Malta