Skip to main content
Springer Nature Link
Log in

HackSim: An Automation of Penetration Testing for Remote Buffer Overflow Vulnerabilities

  • Conference paper
Information Networking. Convergence in Broadband and Mobile Networking (ICOIN 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3391))

Included in the following conference series:

  • 1055 Accesses

Abstract

We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Snyder, J.: How Vulnerable? Information Security Magazine (March 2003)

    Google Scholar 

  2. Herzog, P.: Open-Source Security Testing Methodology Manual(OSSTMM) 2.1, Institute for Security and Open Methodologies (2003)

    Google Scholar 

  3. Wood, B.J., Duggan, R.A.: Red Teaming of Advanced Information Assurance Concepts. In: DARPA Information Survivability Conference and Exposition (DISCEX), pp. 112–118 (2000)

    Google Scholar 

  4. Palmer, C.C.: Ethical Hacking. IBM Systems Journal 3, 769–780 (2001)

    Google Scholar 

  5. Wingfield, N.: It Takes a Hacker. Wall Street Journal (March 11 2002)

    Google Scholar 

  6. Skaggs, B., Blackburn, B., Manes, G., Shenoi, S.: Network Vulnerability Analysis. In: IEEE Midwest Symposium on Circuits and Systems, MWSCAS-2002 (2002)

    Google Scholar 

  7. UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes, The Last Stage of Delirium Research Group (2001), http://lsd-pl.net

  8. Scambray, J., McClure, S., Kurtz, G.: Hacking Exposed, 2nd edn., pp. 319–321. McGraw Hill, Osborne (2001)

    Google Scholar 

  9. Aitel, D.: The Advantages of Block-Based Protocol Analysis for Security Testing (2002), http://www.immunitysec.com/resources-papers.shtml

  10. CANVAS Homepage, http://www.immunitysec.com/products-canvas.shtml

  11. CORE IMPACT Homepage, http://www.coresecurity.com

  12. LibExploit Homepage, http://www.packetfactory.net/Projects/libexploit

  13. Metasploit Homepage, http://www.metasploit.com

  14. Common Vulnerabilities and Exposures Homepage, http://www.cve.mitre.org

  15. The 20 Most Critical Internet Security Vulnerabilities, Version 4.0 (October 8 2003), http://www.sans.org/top20

  16. Koziol, J., Aitel, D., Litchfield, D., Anley, C., Eren, S., Mehta, N., Hassell, R.: The Shellcoder’s Handbook Discovering and Exploiting Security Holes, pp. 49–53. Wiley Publishing, Inc., Chichester (1997)

    Google Scholar 

  17. Win32 Assembly Components, The Last Stage of Delirium Research Group (2002), http://lsd-pl.net

  18. LASSS Vulnerability, http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

  19. TruSecure Homepage, http://www.trusecure.com

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science & Engineering, Pohang University of Science and Technology,  

    O-Hoon Kwon, Seung Min Lee & Jong Kim

  2. Dept. of Computer Science & Engineering, Korea University,  

    Heejo Lee

  3. National Security Research Institute,  

    Sang Cheon Kim, Gun Woo Nam & Joong Gil Park

Authors
  1. O-Hoon Kwon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seung Min Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Heejo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sang Cheon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Gun Woo Nam
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Joong Gil Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Pohang University of Science and Technology (POSTECH), San 31 HyoJa-Dong, Nam-Gu, 790-784, Pohang, Korea

    Cheeha Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kwon, OH. et al. (2005). HackSim: An Automation of Penetration Testing for Remote Buffer Overflow Vulnerabilities. In: Kim, C. (eds) Information Networking. Convergence in Broadband and Mobile Networking. ICOIN 2005. Lecture Notes in Computer Science, vol 3391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30582-8_68

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30582-8_68

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24467-7

  • Online ISBN: 978-3-540-30582-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics