DC414 meeting presentation filesHEADmaster

1 files changed, 69 insertions, 0 deletions

diff --git a/presentation b/presentation
new file mode 100644
index 0000000..0e1e009
--- /dev/null
+++ b/presentation
@@ -0,0 +1,69 @@
+Hooking on Linux Introduction
+
+What is hooking?
+
+@what_is_hooking.png
+
+Relies on dynamically linked binaries
+\
+most binaries are dynamic.
+$ file /usr/bin/* | grep dynamic | wc -l
+1500
+
+Hooking libc is an obvious choice
+- open source
+- everything uses libc
+
+Picking a libc function to hook
+\
+strcmp:
+compare two strings
+
+Why?  Because:
+\
+if strcmp("user password", saved_password) == 0
+    Access granted
+else
+    Access denied
+
+Goal:
+print out saved password
+
+Step 1:
+Find the source Luke
+
+Step 2:
+Find the implementation
+
+Step 3:
+Code your goals, you can do it!
+
+☢ Caveats ☢
+
+Caveats
+☢ retain the original implementation (or not)
+
+Caveats
+☢ retain the original implementation (or not)
+☢ segfaults
+
+Caveats
+☢ retain the original implementation (or not)
+☢ segfaults
+☢ low level C can be hard
+
+Caveats
+☢ retain the original implementation (or not)
+☢ segfaults
+☢ low level C can be hard
+☢ segfaults
+
+Step 4:
+isolate and compile as shared object
+
+Step 5:
+trick the linker
+\
+LD_PRELOAD is bae
+
+Questions?