In this research paper we present a first step towards integrating direct memory attacks (DMA) into exploitation frameworks. We conducted a literature study on existing hardware interfaces and show that some (FireWire, eSATA, Pc Card, Thunderbolt, USB OTG and PCI) are susceptible to DMA attacks. We present a proof of concept which integrates FireWire attacks into Metasploit. The proof of concept demonstrates that we are able to inject basic payloads, like reverse TCP shell, via the FireWire interface. We enhanced the basic exploit with fork capabilities to prevent the system from ”hanging”. This allows an attacker to compromise a computer with a FireWire interface and retain control of the system via the network. We also discuss further improvements related to multi-stager payloads. Furthermore, we present a second proof of concept that shows the possibility of running interactive sessions over the DMA-channel itself.
[1]
No License,et al.
Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1
,
2006
.
[2]
Ulrich Drepper,et al.
What Every Programmer Should Know About Memory
,
2007
.
[3]
Joe Grand,et al.
A hardware-based memory acquisition procedure for digital investigations
,
2004,
Digit. Investig..
[4]
Martin Johns,et al.
USB Device Drivers: A Stepping Stone into Your Kernel
,
2010,
2010 European Conference on Computer Network Defense.
[5]
Freddie Witherden,et al.
Memory Forensics over the IEEE 1394 Interface
,
2010
.
[6]
A. One,et al.
Smashing The Stack For Fun And Profit
,
1996
.