Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
HACKIJACKING
SOFTWARE
BY:
NIPUN JASWAL
#whoami
■ SOMEONE WHO LOVES BREAKING INTO TECHNOLOGY
■ TECHNICAL DIRECTOR, PYRAMID CYBER AND FORENSICS
■ INTERNATIONAL INF...
#whoami
NOBODY GIVES A S**T
TALK
THE STORY… OF A HACKER
GET MARRIED…
NOPE
AND GOOGLE DOESN’T HELP…
SECURITY TO THE RESCUE..
When will the
boss get
married?
MAKING THINGS WORSE….
Matrimony BRANDS
IN INDIA
THE MATCH MAKING SOFTWARE… =D
MONEY | MONEY AND MONEY… $$$$$
I THINK, I CAN HACK THIS
SOFTWARE AND TURN THIS
EPIC MATCHMAKING S**T INTO
SOME HARD CASH
SO WHAT I HAVE TO DO?
■ I NEED TO HACK THE SOFTWARE
■ I WANT TO GAIN ACCESS TO EVERY USER USING IT
■ ONCE I HAVE THE ACCES...
LET’S GET THIS STARTED…
■ OBSERVATIONS:
– NO BUFFER OVERFLOWS FOUND
– ANTIVIRUS DETECTS MY BACKDOORED SOFTWARE
REVENGE OF THE NERDS:
DLL SEARCH ORDER HIJACKING
How does a program execute?
So where is our program?
The Big Picture: Metasploit
■ Let’s Create a Malicious DLL:
The Big Picture: Metasploit
■ Let’s Place meterpreter.dll into the Kundli Software with the name VB5DB.dll
Let’s Execute the Program Again
Let’s Execute the Program Again
Software Didn’t Load… but we got the access…
But.........
We have the following set of problems:
■ Software not working can create suspicion and can land you
in troubl...
Introduction to Code Caves
Unused Space within a Program
Windows DLLs may not have Code Caves
The Backdoor Factory
Next Steps.. are Easy.. :P
Pack the Software &
Distribute
Preventions
1. Crackers make use of these techniques
while distributing cracked software,
patches etc.
2. Download from le...
Thanks!!
Questions?
Mail Your Queries to:
mail@nipunjaswal.info
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Upcoming SlideShare
Loading in …5
×

Hijacking Softwares for fun and profit

408 views

Published on

Presentation for my talk at Global Infosec Summit, LPU (11 Nov 2017). The Presentation demonstrates risk of using outdated and cracked software. Additionally, demonstrates the hand-on approach to finding DLL search order hijacking vulnerabilities. The Presentation is for educational purposes only.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Published in: Engineering
  • Earn a 6-Figure Side-Income Online... Signup for the free training HERE ➤➤ https://bit.ly/2kS5a5J
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Stop getting scammed by online, programs that don't even work! ➤➤ http://scamcb.com/ezpayjobs/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Discover a WEIRD trick I use to make over $3500 per month taking paid surveys online. read more... ■■■ https://tinyurl.com/realmoneystreams2019
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Hijacking Softwares for fun and profit

  1. 1. HACKIJACKING SOFTWARE BY: NIPUN JASWAL
  2. 2. #whoami ■ SOMEONE WHO LOVES BREAKING INTO TECHNOLOGY ■ TECHNICAL DIRECTOR, PYRAMID CYBER AND FORENSICS ■ INTERNATIONAL INFOSEC AUTHOR ■ CHAIR MEMBER, NCDRC ■ 10 YEARS, 20+ Zero Days ( Public ), 20+ Security Hall of Fame, 5 Books, 50+ Articles, OLD ■ WORKED WITH LAW ENFORCEMENT WORLDWIDE
  3. 3. #whoami
  4. 4. NOBODY GIVES A S**T TALK
  5. 5. THE STORY… OF A HACKER GET MARRIED… NOPE
  6. 6. AND GOOGLE DOESN’T HELP…
  7. 7. SECURITY TO THE RESCUE.. When will the boss get married?
  8. 8. MAKING THINGS WORSE…. Matrimony BRANDS IN INDIA
  9. 9. THE MATCH MAKING SOFTWARE… =D
  10. 10. MONEY | MONEY AND MONEY… $$$$$ I THINK, I CAN HACK THIS SOFTWARE AND TURN THIS EPIC MATCHMAKING S**T INTO SOME HARD CASH
  11. 11. SO WHAT I HAVE TO DO? ■ I NEED TO HACK THE SOFTWARE ■ I WANT TO GAIN ACCESS TO EVERY USER USING IT ■ ONCE I HAVE THE ACCESS, I WILL INSTALL MY CRPTOMINER ON THE TARGET ■ I WILL USE HIS SYSTEM TO MAKE MONEY, I MEAN A LOT OF MONEY ■ BUT WAIT, MY CHALLENGES: – I WILL HAVE TO GET THE SOFTWARE INSTALLED
  12. 12. LET’S GET THIS STARTED… ■ OBSERVATIONS: – NO BUFFER OVERFLOWS FOUND – ANTIVIRUS DETECTS MY BACKDOORED SOFTWARE
  13. 13. REVENGE OF THE NERDS: DLL SEARCH ORDER HIJACKING
  14. 14. How does a program execute?
  15. 15. So where is our program?
  16. 16. The Big Picture: Metasploit ■ Let’s Create a Malicious DLL:
  17. 17. The Big Picture: Metasploit ■ Let’s Place meterpreter.dll into the Kundli Software with the name VB5DB.dll
  18. 18. Let’s Execute the Program Again
  19. 19. Let’s Execute the Program Again
  20. 20. Software Didn’t Load… but we got the access…
  21. 21. But......... We have the following set of problems: ■ Software not working can create suspicion and can land you in trouble ■ Antiviruses will literally eat the DLL like a Dog behind a Bone ■ Your Access will be lost no matter what ■ Let’s see how we can evade the problems… J
  22. 22. Introduction to Code Caves
  23. 23. Unused Space within a Program
  24. 24. Windows DLLs may not have Code Caves
  25. 25. The Backdoor Factory
  26. 26. Next Steps.. are Easy.. :P Pack the Software & Distribute
  27. 27. Preventions 1. Crackers make use of these techniques while distributing cracked software, patches etc. 2. Download from legitimate websites only. 3. Verify Digital Signatures
  28. 28. Thanks!!
  29. 29. Questions? Mail Your Queries to: mail@nipunjaswal.info

×