Hacker Bypasses Windows 7/8 Address Space Layout Randomization

Security Leave a comment

Going by the name KingCope, the hacker who released a dozen exploits targeting MySQL, SSH last December, has detailed a mechanism through which ASLR of Windows 7, Windows 8 and probably other operating systems can be bypassed to load a DLL file with malicious instructions to a known address space. KingCope has explained the method in a blog post along with a PoC.

The method includes filling up of system’s entire memory through execution of JavaScript following which the memory can be freed block by block up until just enough memory is available to load a desired DLL. The address space of the freed up memory would thus be known thereby facilitating the hacker with a known jump to address.

Once done, the rest of the memory, which was filled up earlier, can be freed and known exploit methods of spraying the heap and heap corruption can be used to exploit the system.

Ravi is the founder of Parity Media and currently acting as an editor of ParityNews.com. He is a technology enthusiast with keen interest in information security. Ravi has over 6 years of experience and is keen on raising general awareness about technology in society.