Now i dont know about windows but in linux this is almost to easy. Almost all apps in linux one time or another call strlen() so all we have to do is hijack that function with our own shared object. Basiclly we are going to rewrite the strlen function and force apps to use our version. Lets look at our hijacking code:
hijack_strlen.c
#include < stdio.h >
#include < string.h >
size_t strlen(const char *str)
{
printf("\n\nWe have just hijacked strlen() xD\n\n");
return 5;
}
Now we just have to compile it as a shared object, we do that with these commands:
gcc -fPIC -c hijack_strlen.c -o hijack_strlen.o
gcc -shared -o hijack_strlen.so hijack_strlen.o
And now we are ready to start injecting our shared object to hijack strlen(). We will be using the LD_PRELOAD trick to do this. For our target app lets use nmap :D We just run this command:
LD_PRELOAD=/home/$user/hijack_strlen.so nmap
When you run the above we should see something like this:
We have just hijacked strlen() xD
We have just hijacked strlen() xD
Nmap 5.00 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
...
And there you have it! We just hijacked strlen in nmap!! We are 1337 :P
Now that you have your killer hijacker SO try these commands as well:
LD_PRELOAD=/home/$user/hijack_strlen.so ifconfig
LD_PRELOAD=/home/$user/hijack_strlen.so ssh
LD_PRELOAD=/home/$user/hijack_strlen.so scp
And yes there are tons more :D Ok thats all for now, laters.
No comments:
Post a Comment