0x4841434b45525a – h4x0r presentation for n00bs
TRANSCRIPT
All Your Base Are Belong To Us
0x48 0x41 0x43 0x4B 0x45 0x52 0x5A
Or: so, you wanted to be a hacker
By Gil Megidish (2004)
All Your Base Are Belong To Us
You think you know hackers?
All Your Base Are Belong To Us
Hacking, Cracking & Phreaking• Hacker n. (Jargon File)
• One who programs enthusiastically
and even obsessively.
• A person who enjoys exploring the
details of systems and such.
• Cracker n.
• One who breaks security on a system.
• Phreaking
• The pure art of telephony hacking (Captain Crunch)
All Your Base Are Belong To Us
Cracking• All software can be cracked:
If a program can be written with protection, it can surely exist without one.
• Crackers brag their accomplishments.
• Types of interesting cracking:
– Cracking software
– Cracking into servers
– Denial of Service (DoS)
All Your Base Are Belong To Us
Cracking Software
• Software will let you know if you have no permission to continue
• Starting there, it is possible to find the root cause of this limitation
All Your Base Are Belong To Us
Always Use Protection
Protection code
Registry
File System
Network
CPU
Devices (plug)
Since it is always possible to crack software, the codershave one thing in mind: make the cracker’s life a living hell
Introducing: Doc Witness’ OpSecure
All Your Base Are Belong To Us
Cracking Into Servers
All Your Base Are Belong To Us
Database Hacking
SELECT * FROM USERS_TABLE WHERE USER=$PARAM
Inexperienced programmers sometimes make the mistake above. No matter how many firewalls are in the middle, you can delete the entire database, or even destroy the machine it is running on.
What if
$USER = “userName%01EXEC rm –rf /”
Or
$USER = “userName OR 1=1” ?
All Your Base Are Belong To Us
Buffer Overflows
void store(char *str) {
char buffer[16];
strcpy(buffer, str); }
What is wrong with this function??
All Your Base Are Belong To Us
Call stack overview
void function(char *str) {
char buffer[16];
Low memory High memory
buffer(16)
oldsp(4)
ret(4)
*str(4)
All Your Base Are Belong To Us
buffer(16)
oldsp(4)
ret(4)
*str(4)
So, if we call:
store (“this is my name, what is your name ?”);
What will happen?
this is my name, what is your
After the function completes, the processor jumps to the address stored in ‘ret’. Right now, this address contains garbage. The process will crash immediately upon function return. Now, why is this interesting?
All Your Base Are Belong To Us
buffer(16)
oldsp(4)
ret(4)
*str(4)
Scary – if we get ‘ret’ to point to our buffer, we can send arbitrary code to be executed on the remote machine.
MOST server hacking, are done using this mechanism. So, if everybody knows about it, why nobody fixes the problem once and for all?
code
All Your Base Are Belong To Us
pH34R
All Your Base Are Belong To Us
pH34R
All Your Base Are Belong To Us
Smurf Attack
All Your Base Are Belong To Us
ICMP Smurf
Evil sends an ICMP Echo Request to broadcast address on his network
All servers reply to the request and send ICMP Echo Reply to the spoofed source
64 K
64 K
64 K
64 K
64 K
All Your Base Are Belong To Us
One Last Slide: Root Kits!
* Root Kits are the fastest, and easiest way to hide the presence of a cracker.
• How do they work –
• Replacing ps; so you won’t see them running
• Replacing ls; so you won’t find the files
• Replacing cat; so you won’t notice altered configurations
• There are rootkits for Windows as well!
• Open Source projects, such as ChkRoot, find these kits
All Your Base Are Belong To Us
Links
www.blackhat.com
www.2600.com
www.bugtraq.org
www.securiteam.com
All Your Base Are Belong To Us