Tag Archives: hacking

IT Security Brothers (http://itsb.pro)

Hi guys, I would like to present you our new project IT Security Brothers http://itsb.pro
We provide pentest, consultations and IT outsourcing services.
Feel free to hire us for IT jobs.

How to use LD_PRELOAD for cracking applications

How to use LD_PRELOAD for cracking applications.
test.cpp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#include<stdio.h>
#include<stdlib.h>
#include<cstring>
#include<iostream>
using namespace std;

int main()
{
  char *pre_pass = "a382fbe8e8f087352e250561d724c0a";
  char *salt =     "1qazxcvfdswer435tgbnhy67ujmkdfg";
  char pass[32];
  for(int i = 0; i < 32; i++)
  {
    int a = pre_pass[i];
    int b = salt[i];
    int c = (a + b)/2;
    pass[i] = c;
  }
  char user_input[32];
  cout << "Enter your password's md5 hash for enter to root access level" << endl;
  cout << "> ";
  cin.width(32);
  cin >> user_input;
  if ( strncmp( pass, user_input, 32)==0 )
    {
      cout <<  "Secret is " << pass << endl;
    }
  else
    {
      cout << "Access denied, fucking looser" << endl;
    }
  return 1;
}

Compile it with g++:
g++ test.cpp -o test

try to get pass ^_^
./test

1
2
3
Enter your password's md5 hash for enter to root access level
> asd
Access denied, fucking looser

How to hack it ? LD_PRELOAD is answer!

Let's take a look at code, we see that we have to get zero in the return value of strncmp, let's do it !
strncmp_lib.c

1
2
3
4
int strncmp(const char * string1, const char * string2, int num )
{
return 0;
}

compite it with gcc:
gcc -Wall -O2 -fpic -shared -ldl -o strncmp_lib.so strncmp_lib.c

and run:
LD_PRELOAD="./strcmp_lib.so" ./test

1
2
3
Enter your password's md5 hash for enter to root access level
> asd
Secret is IRLVobmOdUnJU535SfJQLW64lPOOcKd