Automated Crash Analysis and Exploit Generation with Extendable Exploit Model

Recently, more and more software vulnerabilities are disclosed and researchers tend to study on automatically discover and exploit the vulnerabilities. However, the main challenges of automated exploit generation are: 1) it is hard to analyze the program failure and extract useful information, 2) the scenario of the vulnerability too complex to successfully exploit. Therefore, This paper proposes a vulnerability exploit generation framework AEG-E. AEG-E can extract the control flow graph from the target program and employ the crash reproduce algorithm in symbolic execution to reduce the problem of path explosion. To adapt to complex vulnerability scenarios, we design the extendable and user-configurable exploit model to generate different exploit. Finally, we used the binaries from Robo Hacking Games and real world program to demonstrate the validity and efficiency of AEG-E. The experiment results shows that AEG-E is 2.913 times more efficient than previous exploit generation tool, REX.