Continuing the discussion from Remote Exploit. Shellcode without Sockets:
No this is not a log post on how to hack remote services. By chance I found an interesting paper that presents an interesting technique to hack your way into a remote server without having a local binary.
This is the link
http://www.scs.stanford.edu/brop/bittau-brop.pdf
The technique is very noisy (you will be crashing the server again and again) but I have found it very interesting. As usually this does not work on any service out there. There are some constraints on the service in order to apply this technique… but I believe it is an interesting reading.
The technique allows to bypass ASLR, Stack Canaries and no executable stacks… under some circumstances…
Haven’t tried myself yet…