DC414 meeting presentation filesHEAD master

author: Nicholas Hall <ngh@grandcare.com> 2017-09-14 16:42:29 -0500
committer: Nicholas Hall <ngh@grandcare.com> 2017-09-14 16:42:29 -0500
commit: 52e3ab594b34bf309b8669fcaa855c295a00e114 (patch)
tree: 464216f7987f6df92d7c2c85bf3d398ef32189ea /presentation
download: hooking_strcmp-master.tar.xz
hooking_strcmp-master.zip
1 files changed, 69 insertions, 0 deletions
diff --git a/presentation b/presentation
new file mode 100644
index 0000000..0e1e009
--- /dev/null
+++ b/presentation
@@ -0,0 +1,69 @@
+Hooking on Linux Introduction
+
+What is hooking?
+
+@what_is_hooking.png
+
+Relies on dynamically linked binaries
+\
+most binaries are dynamic.
+$ file /usr/bin/* | grep dynamic | wc -l
+1500
+
+Hooking libc is an obvious choice
+- open source
+- everything uses libc
+
+Picking a libc function to hook
+\
+strcmp:
+compare two strings
+
+Why?  Because:
+\
+if strcmp("user password", saved_password) == 0
+    Access granted
+else
+    Access denied
+
+Goal:
+print out saved password
+
+Step 1:
+Find the source Luke
+
+Step 2:
+Find the implementation
+
+Step 3:
+Code your goals, you can do it!
+
+☢ Caveats ☢
+
+Caveats
+☢ retain the original implementation (or not)
+
+Caveats
+☢ retain the original implementation (or not)
+☢ segfaults
+
+Caveats
+☢ retain the original implementation (or not)
+☢ segfaults
+☢ low level C can be hard
+
+Caveats
+☢ retain the original implementation (or not)
+☢ segfaults
+☢ low level C can be hard
+☢ segfaults
+
+Step 4:
+isolate and compile as shared object
+
+Step 5:
+trick the linker
+\
+LD_PRELOAD is bae
+
+Questions?
author	Nicholas Hall <ngh@grandcare.com>	2017-09-14 16:42:29 -0500
committer	Nicholas Hall <ngh@grandcare.com>	2017-09-14 16:42:29 -0500
commit	52e3ab594b34bf309b8669fcaa855c295a00e114 (patch)
tree	464216f7987f6df92d7c2c85bf3d398ef32189ea /presentation
download	hooking_strcmp-master.tar.xz hooking_strcmp-master.zip