Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Talk - Writing My First Exploit

Avatar for James Moriarty James Moriarty
June 16, 2021
Programming
1.8k
0

Talk - Writing My First Exploit

Avatar for James Moriarty

James Moriarty

June 16, 2021

More Decks by James Moriarty

See All by James Moriarty
Lightning Talk - Call Graphs
Avatar for James Moriarty jamesmoriarty
0
1.3k

Other Decks in Programming

See All in Programming
Are We Really Coding 10× Faster with AI?
Avatar for Koichi Yoshida kohzas
0
150
Liberating Ruby's Parser from Lexer Hacks
Avatar for ydah ydah
2
2.7k
🦞OpenClaw works with AWS
Avatar for matsukada licux
1
350
Spec Driven Development | AI Summit Vilnius
Avatar for Daniel Sogl danielsogl
PRO
1
150
Agentic UI in the Frontend: Architectures with Open Standards @JAX 2026 in Mainz
Avatar for Manfred Steyer manfredsteyer
PRO
0
110
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
620
AlarmKitで明後日起きれるアラームアプリを作る
Avatar for Trickart trickart
0
130
20260514 - build with ai 2026 - build LINE Bot with Gemini CLI
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
410
Firefoxにコントリビューションして得られた学び
Avatar for ken7253 ken7253
2
160
AIを導入する前にやるべきこと
Avatar for Negima negima
2
350
書き換えて学ぶTemporal #fukts
Avatar for Hiroyuki ANAI pirosikick
2
370
サークル参加から学ぶ、小さな事業の回し方
Avatar for yuzneri yuzneri
0
170

Featured

See All Featured
From π to Pie charts
Avatar for Rasagy Sharma rasagy
0
180
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
118
110k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
820
Getting science done with accelerated Python computing platforms
Avatar for Jacob Tomlinson jacobtomlinson
2
200
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.9k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.7k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.7k
Building the Perfect Custom Keyboard
Avatar for Naoto Takai takai
2
750
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.3k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k

Transcript

  1. Writing My First Exploit

  2. Exploit? “...is a piece of software, a chunk of data,

    or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior...” Wikipedia

  3. What? Counter-Strike: Global Offensive • Source code leak from 2013

    for reference. ◦ github.com/ValveSoftware/source-... • Lots of existing exploit examples. ◦ github.com/search?q=dwLocalPlaye...

  4. “Steel-thread” Implementation • “Out of Box” win32 APIs to exploit

    the client side process. ◦ read/write with kernel32.dll ◦ input with with user32.dll • “Benign” exploit impact. ◦ client side jump abuse aka “bunny hop”

  5. Video

  6. How

  7. How?

  8. How func RunHop(client *Client) { for { if gomem.IsKeyDown(VK_SPACE) {

    flags, _ := client.Process.ReadByte(...) if (flags & CSGO_FL_ONGROUND) > 0 { client.Process.WriteByte(...) } } time.Sleep(100 * time.Nanosecond) } }

  9. Binary Compatibility Address E.g. 0x59bc2690 Memory E.g. 00001000 ReadByte

  10. Binary Compatibility 1.0 1.0 1.1 1.2 1.1 1.2 csgo.exe gohack.exe

    Broken Broken

  11. Binary Compatibility 1.0 1.X w/ auto update 1.1 1.2 csgo.exe

    gohack.exe

  12. How func Instrument() (*gohack.Client, error) { ... offsets, err :=

    gohack.GetOffsets() ... process, err := gomem.GetOpenProcessFromName("csgo.exe") ... client, err := gohack.GetClientFrom(process, offsets) ... return client, err }

  13. Testing

  14. Testing Value’s CS:GO • 30GB Package • Steam DRM +

    VAC Anti-cheat • GUI + Internet • A popular game My CS:GO • 42KB Binary • 14 LOC • Headless + Offline • Loads a DLL and hangs

  15. Testing func TestStubProcess(t *testing.T) { withProcess("test\\dll\\csgo.exe", func() { _, err

    := Instrument() got := err.Error() want := "Failed to get player offset" if got != want { t.Errorf("%q; want %q", got, want) } }) }

  16. Testing

  17. github.com/jamesmoriarty/gohack

  18. ???

  19. None

  20. Testing func TestProcessReadUInt32(t *testing.T) { ... valuePtr := (uintptr)(unsafe.Pointer(&value)) ...

    process, err := GetOpenProcessFromName(name) ... assertValue, err := process.ReadUInt32(valuePtr) ... }

  21. github.com/jamesmoriarty/gomem

  22. jamesmoriarty.xyz/software/

  23. Video