Script Engine Hacking For Fun And Profit

WorkShop Duration: 3 Hours.

More and more applications are allowing execution of untrusted code in their context to extend themselves. Whether it’s Javascript in a web browser, Lua plugins in video game or ruby to customize business rules, it is important to keep your infrastructure secure when running them.

This workshop is an hands-on approach to introduces the participants to the basic exploitation techniques of scripting engines. The exercise will focus on real world examples around mruby, a lightweight Ruby interpreter easily customizable to limit or completely remove I/O operation and act as a sandbox. Through successful exploitation, the participants will be able to execute arbitrary native code from a ruby script, bypassing any restriction to the ruby APIs.

The participants will be guided to look for common vulnerability patterns, successfully set up their exploit and ultimately, get control of the instruction pointer to escape the mruby virtual machine. Finally, some defensive measure will be seen to harden the vulnerable engine and limit the side-effects of a successful exploit.

Continue reading…