Session Overview
The goal of this session is to showcase “Dirty Vanity” – a new injection technique. It abuses process forking, a lesser-known mechanism to exist in windows. But first, we shall lay some foundations.
Forking Background
Forking the act of creating a new process from the calling process. It originates from the Unix system calls of process creation – fork & exec The result (child) is an exact copy of the fork caller (parent), except the fork’s return code.
int main(){
int returnCode = fork();
if (returnCode == 0){// child code here
exec(“/bin/bash”);
}
else{// parent code here
}
}
