SlideShare una empresa de Scribd logo

0x4841434b45525a – H4x0r presentation for n00bs

Descargar como PPT, PDF
Gil Megidish
Gil Megidish
Tecnología
1 de 19
All Your Base Are Belong To Us 0x48 0x41 0x43 0x4B 0x45 0x52 0x5A Or: so, you wanted to be a hacker By Gil Megidish (2004)
All Your Base Are Belong To Us You think you know hackers?
All Your Base Are Belong To Us Hacking, Cracking & Phreaking • Hacker n. (Jargon File) • One who programs enthusiastically and even obsessively. • A person who enjoys exploring the details of systems and such. • Cracker n. • One who breaks security on a system. • Phreaking • The pure art of telephony hacking (Captain Crunch)
All Your Base Are Belong To Us Cracking • All software can be cracked: If a program can be written with protection, it can surely exist without one. • Crackers brag their accomplishments. • Types of interesting cracking: – Cracking software – Cracking into servers – Denial of Service (DoS)
All Your Base Are Belong To Us Cracking Software • Software will let you know if you have no permission to continue • Starting there, it is possible to find the root cause of this limitation
All Your Base Are Belong To Us Always Use Protection Protection code Registry File System Network CPU Devices (plug) Since it is always possible to crack software, the coders have one thing in mind: make the cracker’s life a living hell Introducing: Doc Witness’ OpSecure
All Your Base Are Belong To Us Cracking Into Servers
All Your Base Are Belong To Us Database Hacking SELECT * FROM USERS_TABLE WHERE USER=$PARAM Inexperienced programmers sometimes make the mistake above. No matter how many firewalls are in the middle, you can delete the entire database, or even destroy the machine it is running on. What if $USER = “userName%01EXEC rm –rf /” Or $USER = “userName OR 1=1” ?
All Your Base Are Belong To Us Buffer Overflows void store(char *str) { char buffer[16]; strcpy(buffer, str); } What is wrong with this function??
All Your Base Are Belong To Us Call stack overview void function(char *str) { char buffer[16]; Low memory High memory buffer (16) oldsp (4) ret (4) *str (4)
All Your Base Are Belong To Us buffer (16) oldsp (4) ret (4) *str (4) So, if we call: store (“this is my name, what is your name ?”); What will happen? this is my name, what is your After the function completes, the processor jumps to the address stored in ‘ret’. Right now, this address contains garbage. The process will crash immediately upon function return. Now, why is this interesting?
All Your Base Are Belong To Us buffer (16) oldsp (4) ret (4) *str (4) Scary – if we get ‘ret’ to point to our buffer, we can send arbitrary code to be executed on the remote machine. MOST server hacking, are done using this mechanism. So, if everybody knows about it, why nobody fixes the problem once and for all? code
All Your Base Are Belong To Us pH34R
All Your Base Are Belong To Us pH34R
All Your Base Are Belong To Us Smurf Attack
All Your Base Are Belong To Us ICMP Smurf Evil sends an ICMP Echo Request to broadcast address on his network All servers reply to the request and send ICMP Echo Reply to the spoofed source 64 K 64 K 64 K 64 K 64 K
All Your Base Are Belong To Us One Last Slide: Root Kits! * Root Kits are the fastest, and easiest way to hide the presence of a cracker. • How do they work – • Replacing ps; so you won’t see them running • Replacing ls; so you won’t find the files • Replacing cat; so you won’t notice altered configurations • There are rootkits for Windows as well! • Open Source projects, such as ChkRoot, find these kits
All Your Base Are Belong To Us Links www.blackhat.com www.2600.com www.bugtraq.org www.securiteam.com
All Your Base Are Belong To Us

Recomendados

Volatility101
Volatility101Volatility101
Volatility101
April Mardock CISSP
 
MozillaPH Rust Hack & Learn Session 2
MozillaPH Rust Hack & Learn Session 2MozillaPH Rust Hack & Learn Session 2
MozillaPH Rust Hack & Learn Session 2
Robert 'Bob' Reyes
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
G Prachi
 
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
Tom Limoncelli
 
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
yaevents
 
Os Vanrossum
Os VanrossumOs Vanrossum
Os Vanrossum
oscon2007
 
Deja vu JavaZone 2013
Deja vu JavaZone 2013Deja vu JavaZone 2013
Deja vu JavaZone 2013
Mads Enevoldsen
 
Python - Lecture 9
Python - Lecture 9Python - Lecture 9
Python - Lecture 9
Ravi Kiran Khareedi
 

Recomendados

Volatility101
Volatility101Volatility101
Volatility101
April Mardock CISSP
 
MozillaPH Rust Hack & Learn Session 2
MozillaPH Rust Hack & Learn Session 2MozillaPH Rust Hack & Learn Session 2
MozillaPH Rust Hack & Learn Session 2
Robert 'Bob' Reyes
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
G Prachi
 
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
Tom Limoncelli
 
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
yaevents
 
Os Vanrossum
Os VanrossumOs Vanrossum
Os Vanrossum
oscon2007
 
Deja vu JavaZone 2013
Deja vu JavaZone 2013Deja vu JavaZone 2013
Deja vu JavaZone 2013
Mads Enevoldsen
 
Python - Lecture 9
Python - Lecture 9Python - Lecture 9
Python - Lecture 9
Ravi Kiran Khareedi
 
fg.workshop: Software vulnerability
fg.workshop: Software vulnerabilityfg.workshop: Software vulnerability
fg.workshop: Software vulnerability
fg.informatik Universität Basel
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
Luis Grangeia
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
UTD Computer Security Group
 
CNIT 127: 4: Format string bugs
CNIT 127: 4: Format string bugsCNIT 127: 4: Format string bugs
CNIT 127: 4: Format string bugs
Sam Bowne
 
Webinar alain-2009-03-04-clamav
Webinar alain-2009-03-04-clamavWebinar alain-2009-03-04-clamav
Webinar alain-2009-03-04-clamav
thc2cat
 
Steelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with PythonSteelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with Python
infodox
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCON
Lyon Yang
 
Hacking Blind
Hacking BlindHacking Blind
Hacking Blind
NikitaAndhale
 
Hacking blind
Hacking blindHacking blind
Hacking blind
NikitaAndhale
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security Analysis
Dan H
 
Advanced Windows Exploitation
Advanced Windows ExploitationAdvanced Windows Exploitation
Advanced Windows Exploitation
UTD Computer Security Group
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
Why Rust? by Edd Barrett (codeHarbour December 2019)
Why Rust? by Edd Barrett (codeHarbour December 2019)Why Rust? by Edd Barrett (codeHarbour December 2019)
Why Rust? by Edd Barrett (codeHarbour December 2019)
Alex Cachia
 
Bz backtrack.usage
Bz backtrack.usageBz backtrack.usage
Bz backtrack.usage
vivek22k
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
 
Bypassing DEP using ROP
Bypassing DEP using ROPBypassing DEP using ROP
Bypassing DEP using ROP
Japneet Singh
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
Tiago Henriques
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
Priyanka Aash
 
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
Sam Bowne
 
My Adventures in Twitch Dev
My Adventures in Twitch DevMy Adventures in Twitch Dev
My Adventures in Twitch Dev
Gil Megidish
 
Hack The Mob: Modifying Closed-source Android Apps
Hack The Mob: Modifying Closed-source Android AppsHack The Mob: Modifying Closed-source Android Apps
Hack The Mob: Modifying Closed-source Android Apps
Gil Megidish
 

Más contenido relacionado

Similar a 0x4841434b45525a – H4x0r presentation for n00bs

Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
Luis Grangeia
 
Hacking Blind
Hacking BlindHacking Blind
Hacking Blind
NikitaAndhale
 
Hacking blind
Hacking blindHacking blind
Hacking blind
NikitaAndhale
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
Priyanka Aash
 

Similar a 0x4841434b45525a – H4x0r presentation for n00bs (20)

fg.workshop: Software vulnerability
fg.workshop: Software vulnerabilityfg.workshop: Software vulnerability
fg.workshop: Software vulnerability
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
 
CNIT 127: 4: Format string bugs
CNIT 127: 4: Format string bugsCNIT 127: 4: Format string bugs
CNIT 127: 4: Format string bugs
 
Webinar alain-2009-03-04-clamav
Webinar alain-2009-03-04-clamavWebinar alain-2009-03-04-clamav
Webinar alain-2009-03-04-clamav
 
Steelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with PythonSteelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with Python
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCON
 
Hacking Blind
Hacking BlindHacking Blind
Hacking Blind
 
Hacking blind
Hacking blindHacking blind
Hacking blind
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security Analysis
 
Advanced Windows Exploitation
Advanced Windows ExploitationAdvanced Windows Exploitation
Advanced Windows Exploitation
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Why Rust? by Edd Barrett (codeHarbour December 2019)
Why Rust? by Edd Barrett (codeHarbour December 2019)Why Rust? by Edd Barrett (codeHarbour December 2019)
Why Rust? by Edd Barrett (codeHarbour December 2019)
 
Bz backtrack.usage
Bz backtrack.usageBz backtrack.usage
Bz backtrack.usage
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 
Bypassing DEP using ROP
Bypassing DEP using ROPBypassing DEP using ROP
Bypassing DEP using ROP
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
 
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)
 

Más de Gil Megidish

Crash Course in Perl – Perl tutorial for C programmers
Crash Course in Perl – Perl tutorial for C programmersCrash Course in Perl – Perl tutorial for C programmers
Crash Course in Perl – Perl tutorial for C programmers
Gil Megidish
 

Más de Gil Megidish (6)

My Adventures in Twitch Dev
My Adventures in Twitch DevMy Adventures in Twitch Dev
My Adventures in Twitch Dev
 
Hack The Mob: Modifying Closed-source Android Apps
Hack The Mob: Modifying Closed-source Android AppsHack The Mob: Modifying Closed-source Android Apps
Hack The Mob: Modifying Closed-source Android Apps
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
Crash Course in Perl – Perl tutorial for C programmers
Crash Course in Perl – Perl tutorial for C programmersCrash Course in Perl – Perl tutorial for C programmers
Crash Course in Perl – Perl tutorial for C programmers
 
Small Teams Kick Ass
Small Teams Kick AssSmall Teams Kick Ass
Small Teams Kick Ass
 
Game Development With HTML5
Game Development With HTML5Game Development With HTML5
Game Development With HTML5
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

0x4841434b45525a – H4x0r presentation for n00bs

  • 1. All Your Base Are Belong To Us 0x48 0x41 0x43 0x4B 0x45 0x52 0x5A Or: so, you wanted to be a hacker By Gil Megidish (2004)
  • 2. All Your Base Are Belong To Us You think you know hackers?
  • 3. All Your Base Are Belong To Us Hacking, Cracking & Phreaking • Hacker n. (Jargon File) • One who programs enthusiastically and even obsessively. • A person who enjoys exploring the details of systems and such. • Cracker n. • One who breaks security on a system. • Phreaking • The pure art of telephony hacking (Captain Crunch)
  • 4. All Your Base Are Belong To Us Cracking • All software can be cracked: If a program can be written with protection, it can surely exist without one. • Crackers brag their accomplishments. • Types of interesting cracking: – Cracking software – Cracking into servers – Denial of Service (DoS)
  • 5. All Your Base Are Belong To Us Cracking Software • Software will let you know if you have no permission to continue • Starting there, it is possible to find the root cause of this limitation
  • 6. All Your Base Are Belong To Us Always Use Protection Protection code Registry File System Network CPU Devices (plug) Since it is always possible to crack software, the coders have one thing in mind: make the cracker’s life a living hell Introducing: Doc Witness’ OpSecure
  • 7. All Your Base Are Belong To Us Cracking Into Servers
  • 8. All Your Base Are Belong To Us Database Hacking SELECT * FROM USERS_TABLE WHERE USER=$PARAM Inexperienced programmers sometimes make the mistake above. No matter how many firewalls are in the middle, you can delete the entire database, or even destroy the machine it is running on. What if $USER = “userName%01EXEC rm –rf /” Or $USER = “userName OR 1=1” ?
  • 9. All Your Base Are Belong To Us Buffer Overflows void store(char *str) { char buffer[16]; strcpy(buffer, str); } What is wrong with this function??
  • 10. All Your Base Are Belong To Us Call stack overview void function(char *str) { char buffer[16]; Low memory High memory buffer (16) oldsp (4) ret (4) *str (4)
  • 11. All Your Base Are Belong To Us buffer (16) oldsp (4) ret (4) *str (4) So, if we call: store (“this is my name, what is your name ?”); What will happen? this is my name, what is your After the function completes, the processor jumps to the address stored in ‘ret’. Right now, this address contains garbage. The process will crash immediately upon function return. Now, why is this interesting?
  • 12. All Your Base Are Belong To Us buffer (16) oldsp (4) ret (4) *str (4) Scary – if we get ‘ret’ to point to our buffer, we can send arbitrary code to be executed on the remote machine. MOST server hacking, are done using this mechanism. So, if everybody knows about it, why nobody fixes the problem once and for all? code
  • 13. All Your Base Are Belong To Us pH34R
  • 14. All Your Base Are Belong To Us pH34R
  • 15. All Your Base Are Belong To Us Smurf Attack
  • 16. All Your Base Are Belong To Us ICMP Smurf Evil sends an ICMP Echo Request to broadcast address on his network All servers reply to the request and send ICMP Echo Reply to the spoofed source 64 K 64 K 64 K 64 K 64 K
  • 17. All Your Base Are Belong To Us One Last Slide: Root Kits! * Root Kits are the fastest, and easiest way to hide the presence of a cracker. • How do they work – • Replacing ps; so you won’t see them running • Replacing ls; so you won’t find the files • Replacing cat; so you won’t notice altered configurations • There are rootkits for Windows as well! • Open Source projects, such as ChkRoot, find these kits
  • 18. All Your Base Are Belong To Us Links www.blackhat.com www.2600.com www.bugtraq.org www.securiteam.com
  • 19. All Your Base Are Belong To Us