Vivek Ramachandran Posted February 11, 2009 Posted February 11, 2009 In this video i make a simple demonstration of how we can dump a program's memory and then use the strings program to find in memory passwords and other sensitive information. A large number of applications can fall prey to this security vulnerability and get their user's passwords hacked - web browsers, email clients, instant messengers etc fall in this category. The main idea behind the hack is that while the application is running, we should be able to dump its entire memory to file, without having to stop or tamper with the application in any way. http://securitytube.net/Dumping-Passwords-...dump-video.aspx Quote
Trajik Posted February 12, 2009 Posted February 12, 2009 I was playing with this the other day. I got it working against remote hosts on my network and did a mini write up on when my online bank account was vulnerable and when it wasn't. The problem is the vast amount of data that gets dumped. And searching in a string like 'password' or 'login' will rarely get you useful information. You really need to know the specifics of what you are looking for. For example, the start of your/victim's password(s). Regardless, i really like this tool and would like to see it developed with some other features or at least utilized with some other code. I had a few sinister ideas floating around but i don't think i will share them here :) Quote
Vivek Ramachandran Posted February 13, 2009 Author Posted February 13, 2009 I was playing with this the other day. I got it working against remote hosts on my network and did a mini write up on when my online bank account was vulnerable and when it wasn't. The problem is the vast amount of data that gets dumped. And searching in a string like 'password' or 'login' will rarely get you useful information. You really need to know the specifics of what you are looking for. For example, the start of your/victim's password(s). Regardless, i really like this tool and would like to see it developed with some other features or at least utilized with some other code. I had a few sinister ideas floating around but i don't think i will share them here :) I agree. I think a good way to solve this problem might be to first take the application, put your password in and check the surrounding memory bytes for a prefix or a postfix pattern. If there is a pattern which emerges (we can do this my running the program multiple times on say different machines), we can use it for searching the memory dump of a binary for which the password is unknown and then find it. Should work. Quote
SomethingToChatWith Posted February 14, 2009 Posted February 14, 2009 Nice video, though you may want to mention where you get everything, like pdump. I know you mentioned the little test program being on the same page, but unless everything else is there too it doesn't do anyone any good. Quote
Zimmer Posted February 14, 2009 Posted February 14, 2009 Vivek Ramachandran I was thinking the same thing though with different architectures, different OS, different version it my cause problems Quote
Vivek Ramachandran Posted February 14, 2009 Author Posted February 14, 2009 Nice video, though you may want to mention where you get everything, like pdump. I know you mentioned the little test program being on the same page, but unless everything else is there too it doesn't do anyone any good. Thanks, i am glad you liked the video. The link to Pmdump etc was mentioned in the summary of the video Quoting from the summary: "Please download a copy of the Pmdump programs and Strings program before continuing with this video. Also, we shall use the demo application MemPass.exe to show the vulnerability. The application is a very simple piece of code which takes the user input, clears the screen and pauses its execution. " Pmdump is a hyperlink to the downloadable binary. Quote
Vivek Ramachandran Posted February 14, 2009 Author Posted February 14, 2009 Vivek Ramachandran I was thinking the same thing though with different architectures, different OS, different version it my cause problems we will have to really try it out and check. In some cases if the program code itself - prepends or appends some metadata to the credentials then that should remain the same always, else it might differ across architectures, OSs, program versions etc Will probably find some time next weekend to try it out and see. Let me know if you get a chance to try and get results.. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.