2. Aims
• Discover if a malicious hacking technique could
be used for good
• Investigate Drive-by Downloads, and adapt them
to deliver updates instead of malware
• Attempt to create a Wi-Fi Hotspot system that
triggers a Drive-by Healing process to update the
computer silently
Drive-by Healing Andrew Cronin
3. What Good Can Hacking Do?
• Find holes in software
– Without abusing them
• Give-aways
– Money, Software, Vouchers
• Fix Software
– Updates
Drive-by Healing Andrew Cronin
4. Drive-by Healing
• Drive-by Downloads
– One of the biggest problems on the Internet
– Just loading a page can infect
– Payloads:
• Trojans
• Botnets
• Other viruses
Drive-by Healing Andrew Cronin
5. Drive-by Healing
• Healing
– To make better, to make sound or healthy.
• How can computers be healed?
– Hardware repairs
– Software repairs
• Patches
• Updates
• Anti-virus
• New software
Drive-by Healing Andrew Cronin
7. Hotspots
• Used in establishments and businesses all over
• Wi-Fi Industry big business
– Advertising
– Paid for services
• DD-WRT Open source firmware can re-create
Hotspots
• Captive Portals block internet access until terms
are agreed
Drive-by Healing Andrew Cronin
8. Drive-by Downloads
• Written in JavaScript
– Employs Heap Spraying to
deliver payload
• Using Shellcode and NOPs
allocated in arrays
• Requires an exploit to initiate
payload
Drive-by Healing Andrew Cronin
9. Legal Issues
• Drive-by Downloads
– Put data on computers
– Activate programs and code
• All Without users knowledge and consent
– Illegal
• Gaining consent is vital
Drive-by Healing Andrew Cronin
10. Firmware Flashing
• DD-WRT Firmware uploaded to a Linksys
E2000 Router after the Router was flashed
• Flashing is required to flush out the old
firmware
Drive-by Healing Andrew Cronin
12. Captive Portal
• The DD-WRT Firmware has Hotspot services
• CoovaChilli was chosen (connects to ChiliSpot)
• Attempts to Create Captive Portal system for
Drive-by Download code with Ubuntu system
Drive-by Healing Andrew Cronin
13. Virtual Machine
• VMWare Player
• Windows XP SP3
• IECollections – Allows
multiple versions of
Internet Explorer to run
simultaneously
Drive-by Healing Andrew Cronin
14. Heap Spraying
Sample code from ‘Corelan’ site and debuggers to
test:
• Windbg
• Immunity Debugger
– Mona.py
Drive-by Healing Andrew Cronin
15. Heap Spraying
Heap Spray generator page
• For script kiddies
• Tested with Windows
Calculator
Drive-by Healing Andrew Cronin
16. Conclusion
There were three different issues that arose
regarding the Wi-Fi Hotspot:
• Age of systems available was on average 4-5
years old
• Only complex Linux based systems available
requiring extra hardware
• Open source projects lacked support making
install and configuration difficult
Drive-by Healing Andrew Cronin
17. Conclusion
Other problems concerning the Drive-by Healing
project included:
• Exploits, being malicious, can be self-
incriminating, therefore informative articles were
impossible to find
• Project attempted an ambitious idea that had
unforeseen complexities
Drive-by Healing Andrew Cronin
18. Future Work
Wi-Fi Hotspot
• Possible NoCatSplash on DD-WRT
• Other Router, WRT54G
Drive-by Download
• Exploit from Scratch (avoiding script kiddie
dangers)
• Research into update commands
• Education on the importance of updates
Drive-by Healing Andrew Cronin
What is hacking? Why do it?Disrupting or damaging technologyCuriosity, Gain, ChallengeWhat is malware?Software made for malicious (bad, damaging) purposesHacking …??Breaking computers, Because they canWhy Do hackers hack?To understand to explore, Don’t press the big red button,To play, to push limits and boundariesFor Reward, fraud, theftIt’s a Game, Challenge (what can I break, get into?)Good Hacking.Hackers that send good things, Or do good (find vulnerability, without exploiting)Rather than break and steal.Find Holes = Software VulnerabilitiesSoftware = Useful programsFree Stuff = Vouchers or money, Things sent over internet
Hacking technique,About.com – biggest problem on internetOne statement put to the users in this survey was; “You can’t get infected just by loading an infected website”(G Data 2011, p.13).The survey highlighted that over 48% of those questioned believed this statement to be true.Over 53% of these people were 18-24 years of age.Countries, Italy topped the survey as the country that believed this myth the most,closely followed by Germany.In comparison, the most disbelieving country was the USA, closely followed by the UK. Women were most likely to believe that computers cannot be infected by just loading an infected website, by a tiny majority.This survey shows that the Internet is perceived to be more trustworthy than it actually is. Most likely to believe this false statement live in Italy, are between ages of 18-24 and are women.
Nicknamed the ‘Christian’ ProjectUpdates can: Reduce OS size Performance increase New features Over write infected system files to original purpose (disabling malware)
Heap Spraying step took the longest!
Walled Gardens also, Allow certain sites, e.g. Google search but stopped at results
Heap Spraying is….Like buffer overflows More targeted NOPs Sledge is ….Exploits, Broswerplugins …
A Legal Drive-by Download delivery systemFirst Idea – Drive-by Download Unleased anywhere on the net (NOT LEGAL)Second idea – Website (NOT LEGAL)Third Idea – WiFi Hotspot … Controlled audience, Consent from Captive portal (LEGAL) :D
90secs … ON … OFF … ON Reset Flushes out of firmware from NVRAM
CoovaChilli Chosen, FailedConnected to chillispot
Ubuntu LinuxLack of support Open source 5 yrs old Forums Dead
IE 6 and 7 and 86 and 7 worked DEPData Execution PreventionOn or Off … depending on exploit
Simple code For LoopArrayFor loopIn memory
Encrypted by generator but still showed calc in memory