Embed Size (px)
Citation preview
HACKIJACKINGSOFTWARE
BY:
NIPUN JASWAL
#whoami
■ SOMEONE WHO LOVES BREAKING INTO TECHNOLOGY
■ TECHNICAL DIRECTOR, PYRAMID CYBER AND FORENSICS
■ INTERNATIONAL INFOSEC AUTHOR
■ CHAIR MEMBER, NCDRC
■ 10 YEARS, 20+ Zero Days ( Public ), 20+ Security Hall of Fame, 5 Books, 50+ Articles, OLD
■ WORKED WITH LAW ENFORCEMENT WORLDWIDE
#whoami
NOBODY GIVES A S**T
TALK
THE STORY… OF A HACKERGET MARRIED…
NOPE
AND GOOGLE DOESN’T HELP…
SECURITY TO THE RESCUE.. When will the
boss get married?
MAKING THINGS WORSE….
Matrimony BRANDS IN INDIA
THE MATCH MAKING SOFTWARE… =D
MONEY | MONEY AND MONEY… $$$$$
I THINK, I CAN HACK THIS SOFTWARE AND TURN THIS
EPIC MATCHMAKING S**T INTO SOME HARD CASH
SO WHAT I HAVE TO DO?■ I NEED TO HACK THE SOFTWARE
■ I WANT TO GAIN ACCESS TO EVERY USER USING IT
■ ONCE I HAVE THE ACCESS, I WILL INSTALL MY CRPTOMINER ON THE TARGET
■ I WILL USE HIS SYSTEM TO MAKE MONEY, I MEAN A LOT OF MONEY
■ BUT WAIT, MY CHALLENGES:– I WILL HAVE TO GET THE SOFTWARE INSTALLED
LET’S GET THIS STARTED…■ OBSERVATIONS:
– NO BUFFER OVERFLOWS FOUND– ANTIVIRUS DETECTS MY BACKDOORED SOFTWARE
REVENGE OF THE NERDS: DLL SEARCH ORDER HIJACKING
How does a program execute?
So where is our program?
The Big Picture: Metasploit
■ Let’s Create a Malicious DLL:
The Big Picture: Metasploit■ Let’s Place meterpreter.dll into the Kundli Software with the name VB5DB.dll
Let’s Execute the Program Again
Let’s Execute the Program Again
Software Didn’t Load… but we got the access…
But.........We have the following set of problems:
■ Software not working can create suspicion and can land you in trouble
■ Antiviruses will literally eat the DLL like a Dog behind a Bone■ Your Access will be lost no matter what■ Let’s see how we can evade the problems… J
Introduction to Code Caves
Unused Space within a Program
Windows DLLs may not have Code Caves
The Backdoor Factory
Next Steps.. are Easy.. :P
Pack the Software & Distribute
Preventions
1. Crackers make use of these techniques while distributing cracked software, patches etc.
2. Download from legitimate websites only.3. Verify Digital Signatures
Thanks!!
