Results 1 to 4 of 4

Thread: DLL hijacking in linux Share/Save - My123World.Com!

  1. #1

    DLL hijacking in linux

    The last few days i been seeing lots and lots of buzz about DLL injection on windows, which is cool but i dont use windows so i decided to join the hype wagon and make a stink about it on linux :P "both have existed for a very very long time so i cant really understand all the hype all of a sudon" Anyway linux has stuff like DLL files but its called Shared Objects, so rather then Dynamic Linked Librarys ".dll" we use Shared Objects ".so".

    Now i dont know about windows but in linux this is almost to easy. Almost all apps in linux one time or another call strlen() so all we have to do is hijack that function with our own shared object. Basiclly we are going to rewrite the strlen function and force apps to use our version. Lets look at our hijacking code:

    hijack_strlen.c


    #include < stdio.h >
    #include < string.h >
    size_t strlen(const char *str)
    {
    printf("\n\nWe have just hijacked strlen() xD\n\n");
    return 5;
    }



    Now we just have to compile it as a shared object, we do that with these commands:


    gcc -fPIC -c hijack_strlen.c -o hijack_strlen.o
    gcc -shared -o hijack_strlen.so hijack_strlen.o



    And now we are ready to start injecting our shared object to hijack strlen(). We will be using the LD_PRELOAD trick to do this. For our target app lets use nmap We just run this command:


    LD_PRELOAD=/home/$user/hijack_strlen.so nmap



    When you run the above we should see something like this:




    We have just hijacked strlen() xD



    We have just hijacked strlen() xD

    Nmap 5.00 ( http://nmap.org )
    Usage: nmap [Scan Type(s)] [Options] {target specification}
    TARGET SPECIFICATION:
    ...



    And there you have it! We just hijacked strlen in nmap!! We are 1337 :P

    Now that you have your killer hijacker SO try these commands as well:


    LD_PRELOAD=/home/$user/hijack_strlen.so ifconfig




    LD_PRELOAD=/home/$user/hijack_strlen.so ssh




    LD_PRELOAD=/home/$user/hijack_strlen.so scp



    And yes there are tons more Ok thats all for now, laters.

    Original post :clickme

  2. #2
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Bounced! No surprise as I did not read about dll hijacking previously.

    Appreciate your efforts to share your work here.

    Regards
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  3. #3
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Great and really cool share, actually I still have doubts abt dll hijacking in windows, we should have a discussion about tht too some time
    Hacking Is a Matter of Time Knowledge and Patience

  4. #4
    TFS..! Nice one..earlier I thought that it was possible only in Windows...!
    The three great essentials to achieve anything worth while are: Hard work, Stick-to-itiveness, and Common sense. - Thomas A. Edison
    __________________________________________________ _____________________

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •