Hacking into .NET Applications a newbie guide

As always .. its been a long time since i blogged about any thing .. I was bored today had nothing good to do so i thought of writing a blog entry to boost traffic of this freaky blog a little bit.

Ever since i got a job i have been forced to transform from a typical *nix geek to a .Netter.. Sad though but it’s a fact.

Invading an application code that’s written in *nix require a hell lot of debugging experience + playing with registers of system however with the ease of programming that is provided by .NET comes in pitfalls of it their are couple of  companies developing a very professional reflector for all versions of .NET . Most of the production environment code  that  is out their doesn’t contain any form of obfuscation hence are very prone to cracking/hacking. I would be giving a demo as to how to invade into a simple .NET Application

So we will Write One Console application that will in-term calls a DLL ( Dynamic Link Library  ) to perform certain task .
As i have been working for banking industry let us call our console application to be a service that triggers a Funds transfer from One banking account to some other banking account.

using System;
using System.Collections.Generic;
using System.Text;
using FTLibrary;

namespace PaymentExecutor
{
    class Program
    {
        static void Main(string[] args)
        {

            Console.WriteLine("Starting Our Executor");

            Console.WriteLine("Initiating FT Class");
            FTClass tempObj = new FTClass();
            tempObj.DoFundsTransfer("123", "234");

            Console.ReadLine();

        }
    }
}

Ok the above code is basically a Payment Executor which do funds transfer from Account “123” to “234”
Our FT Class looks some thing like this

using System;
using System.Collections.Generic;
using System.Text;

namespace FTLibrary
{
    public class FTClass
    {

        public bool DoFundsTransfer(string sFromAccount, string sToAccount)
        {
            string tempFrom = sFromAccount;
            string tempTo = sToAccount;

            Console.WriteLine("Ok Going to do fundstransfer from " + sFromAccount + "  to  " + sToAccount);
            Console.WriteLine("This is where fundstransfer from " + sFromAccount + " to " + sToAccount);
            Console.WriteLine("Execution ends here");
            return true;

        }
    }
}

Now that we have our code compiled the above code would generate a bin folder that would look some thing like this

Imagine you have deployed the same code in some production environment taking out its code would be a piece of cake for anyone with a little experience of Redgate Reflector (Previously available for free) free trial is available though . I tried generating code from the Exe and here is what i have got out of it.

The code that is generated by reflector is a near identical copy of the main class. Moving forward the reflector generated code of FTClass looks something like this.

Fair enough. Now that i can see the code one thing i could to do is to create another project and generate an exe but that’s tricky on most of the system that involves fairly complex library are not that easy to compile we need a simple way to hack in to this dll and modify the transferring account with ours.

A typical output of the above written program would be some thing like this.

This is where Reflexil do the charms its a (Open source ) utility that can be used in conjunction with the Redgate Reflector to modify the instruction set directly in the library for that you will have to go through this link

Opening up Reflector + Reflexil for the above program and navigate to the Instruction set tab of it.

Looking on the above instruction set and going through the CIL Instruction set provided in the given link one can easily make-out before the call of DoFundsTransfer stack is empted first and then two strings are loaded into it.

Now moving to actual FT Class below is the snap of its instructions.

So This is where the funds transfer happens let us add our own instructions with-in it .

So a tricky bit here is that i did ldstr instead of ldarg save the dll from within reflexil menu and replace it with existing now the output looks some thing like this.

tadda…. sweet isn’t it. :) P.S. the step by step guide is made just to make people aware of the potential security risks i have been into one of the “Secure Coding Technique” guide sorta thing and ” i personally think they are of no use” and are typically bookish . The above guide is a some what practical  example of hacking . If you have a little sense of security you can combined the above explained steps with some basic privilege escalation exploits i.e (local root) you can make a huge impact without leaving a single foot print .

Anyways guys Eid mubarak in advance to all of you ! until my next blog post which is not coming any time soon tc tata Byebye ALLAH HAFIZ :)

About these ads

~ by Azeem on August 25, 2011.

2 Responses to “Hacking into .NET Applications a newbie guide”

  1. [...] Hacking into .NET Applications a newbie guide [...]

  2. Next time you are bored.. try sleeping :P

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: