Payload Ready

The word payload comes from the idea of delivery and is used in hacking to explain the package of malicious code that is delivered to a victim’s computer for the purposes of attack.

I have worked through some sites and tutorials, trying to understand Heap Spraying (as you may have seen from my earlier post). I’m now at the point where I have code injected into the memory of a computer and just need a trigger to make the code run. Continue reading

Understanding Heap Spraying

So I’ve been quiet over the last week or two, grappling with some fun hacking concepts but I believe I am finally getting somewhere. In my most recent glossary post I made a modest attempt at explaining what happens when a computer is subjected to a buffer overflow. Heap Spraying is not the same as a buffer overflow but they are in the same family of exploits. That being the family that uses the weaknesses in memory management to attack.

So how does heap spraying work? Well, like a buffer overflow it overwrites data in memory, but whereas a buffer overflow puts more data in memory than the program has control of, heap spraying is targeted and only inserts data in certain parts of memory. Continue reading

Glossary: Buffer Overflow

Each program on the computer is allocated a different amount of memory or RAM. The program uses that space to save data temporarily whilst it follows certain instructions. If this data in memory were to be changed or deleted then it might well make the program crash, as it would not be able to find the data it needed. This is essentially what happens in a buffer overflow as the memory space (the buffer) gets given more data than it can handle and the data spills into other memory spaces overwriting lots of data. The malicious intent of this technique could be to just crash the computer but it is also possible (in some programs) to make the computer execute malicious code by making the code part of the overflowing data. All the attacker would need to do would be to get the computer to start following instructions from the right point in the overflowing data.

HotSpot Services

The DD-WRT displays some hotspot services on its Services/Hotspot page. Most are on-line systems that allow remote administration of multiple hotspots globally.

There are many on-line hotspot services where it would be useful for a chain of stores/cafés to offer lots of WiFi Hotspots across a large area: As most services offer on-line management systems for a collection of Hot Spots and a lot of them are full featured have lots of control and reporting to enable a decent service for their clients. These on-line services also allow the the customer to charge their clients for the Wi-Fi services, which is useful but not helpful in my project. It could also be a legal issue if drive-by download code was used on the captive portal templates these systems provide. As the drive-by download code can be considered as malicious it would more than likely set off alarms or cause concern to these hotspot providers and these on-line systems will be avoided:

The other services on the list are software that can be downloaded and hosted locally, this would cover the possible legal and moral concerns about hosting malicious code on-line. However this software is likely to come with some pre-set templates for captive portals, or worse restrictions that only allow an image to be display on the pre-generated captive portal page. These systems need looking into to discover if one of the solutions can be moulded for the projects purpose.

HTTP Redirect
The redirect option is going to be the most customisable system that would mean setting up a machine on the network that would host the redirect page. The concern with just a HTTP redirect is that is may not be as captivating as a captive portal should and may let users browse the web after dismissing the redirect page.

I’m continuing my research into these services and will update on how I get on!

Glossary: Captive Portal / Walled Garden

Captive portals and walled gardens are both terms for the same thing. It is the name of the technique that Wi-Fi Hotspots use when you first connect to the wireless network. As your computer/device connects to the network and you then launch any web browser the first web page you see is the captive portal page. It’s called a captive portal because if you try to type in another address (like then you get redirected to the same captive portal page. Your browser is ‘captive’ until you either agree to the terms and conditions or pay for the use of the service. Continue reading