We’ve all heard the phrase, “I got hacked!” especially today with Facebook, email, etc. I have heard others around me say they want to learn how to hack. Well, there are plenty of YouTube videos and other tutorials out there on how to do hacks to Windows and other applications, as well as Android phones and other smart devices. Then, some people discover Metasploit and how it works or Cobalt Strike, Armitage and other automated tools where all a person does is enter the IP address and, sometimes, the tool will automatically scan for a vulnerability and give the person choices on what exploit they can use…if it works, it works; if not, the person tries something else.
However, if a person truly wants to be a hacker, they need to know and understand how the machine works. Using an automated tool is great when you know how things truly work; otherwise, a person just becomes a, “script kiddie” and has limited knowledge other than how to operate a tool. In this post, I am going to look at how an exploit is developed via reverse engineering. I am going to give a very brief overview of the topic and some YouTube videos that demonstrate the art of learning things like buffer overflow.
Before I continue, if you decide to experiment into ethical hacking, I must warn you I will not be held responsible for any damage you may do. My recommendation is doing this in a virtual machine without an Internet connection and do it ONLY for educational purposes. If you do find a vulnerability in an application, please do NOT disclose the vulnerability in public; talk to the application vendor to alert them of your finding so they can proceed in correcting the vulnerability.
When it comes to ethical hacking, a person can be taking an application and load it into a debugger, such as Ollydebug or IDA Pro, which provides the assembly code for that application (this is assuming there is no source code to look at). Then, assuming the assembly code does not obfuscate itself in the debugger, the person with a good knowledge of assembly code starts reverse engineering the code to understand how the code makes the application work and looks for vulnerabilities in the code or passwords to make the code work. An example of such educational research can be found here.
Once a vulnerability in code is found, the person will create exploitation code. The idea here is this…I want to own the machine running this application and I need to be able to get the Instruction Pointer (EIP) to point to my instructions for execution. So, when the person creates their exploitation code they are creating it to be executed to, eventually, obtain a command prompt preferably at the root user level. If they can get to the root user level, the person can do everything a system administrator can do, including installing backdoors or programs such as NetCat. An example of such educational research can be found here.
Consider this: there are very few people in this world who actually understand assembly language and how to ethically reverse engineer code and the pay is pretty decent. Wouldn’t you like to be one of the few with a master's degree in information assurance with the NSA Seal of Excellence from Regis University?
Visit our Resource Center for more details on the information assurance industry.