diff options
Diffstat (limited to 'presentation')
| -rw-r--r-- | presentation | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/presentation b/presentation new file mode 100644 index 0000000..0e1e009 --- /dev/null +++ b/presentation @@ -0,0 +1,69 @@ +Hooking on Linux Introduction + +What is hooking? + +@what_is_hooking.png + +Relies on dynamically linked binaries +\ +most binaries are dynamic. +$ file /usr/bin/* | grep dynamic | wc -l +1500 + +Hooking libc is an obvious choice +- open source +- everything uses libc + +Picking a libc function to hook +\ +strcmp: +compare two strings + +Why? Because: +\ +if strcmp("user password", saved_password) == 0 + Access granted +else + Access denied + +Goal: +print out saved password + +Step 1: +Find the source Luke + +Step 2: +Find the implementation + +Step 3: +Code your goals, you can do it! + +☢ Caveats ☢ + +Caveats +☢ retain the original implementation (or not) + +Caveats +☢ retain the original implementation (or not) +☢ segfaults + +Caveats +☢ retain the original implementation (or not) +☢ segfaults +☢ low level C can be hard + +Caveats +☢ retain the original implementation (or not) +☢ segfaults +☢ low level C can be hard +☢ segfaults + +Step 4: +isolate and compile as shared object + +Step 5: +trick the linker +\ +LD_PRELOAD is bae + +Questions? |