So I’ve been quiet over the last week or two, grappling with some fun hacking concepts but I believe I am finally getting somewhere. In my most recent glossary post I made a modest attempt at explaining what happens when a computer is subjected to a buffer overflow. Heap Spraying is not the same as a buffer overflow but they are in the same family of exploits. That being the family that uses the weaknesses in memory management to attack.
So how does heap spraying work? Well, like a buffer overflow it overwrites data in memory, but whereas a buffer overflow puts more data in memory than the program has control of, heap spraying is targeted and only inserts data in certain parts of memory. Continue reading →
Each program on the computer is allocated a different amount of memory or RAM. The program uses that space to save data temporarily whilst it follows certain instructions. If this data in memory were to be changed or deleted then it might well make the program crash, as it would not be able to find the data it needed. This is essentially what happens in a buffer overflow as the memory space (the buffer) gets given more data than it can handle and the data spills into other memory spaces overwriting lots of data. The malicious intent of this technique could be to just crash the computer but it is also possible (in some programs) to make the computer execute malicious code by making the code part of the overflowing data. All the attacker would need to do would be to get the computer to start following instructions from the right point in the overflowing data.
There are many on-line hotspot services where it would be useful for a chain of stores/cafés to offer lots of WiFi Hotspots across a large area: As most services offer on-line management systems for a collection of Hot Spots and a lot of them are full featured have lots of control and reporting to enable a decent service for their clients. These on-line services also allow the the customer to charge their clients for the Wi-Fi services, which is useful but not helpful in my project. It could also be a legal issue if drive-by download code was used on the captive portal templates these systems provide. As the drive-by download code can be considered as malicious it would more than likely set off alarms or cause concern to these hotspot providers and these on-line systems will be avoided:
The other services on the list are software that can be downloaded and hosted locally, this would cover the possible legal and moral concerns about hosting malicious code on-line. However this software is likely to come with some pre-set templates for captive portals, or worse restrictions that only allow an image to be display on the pre-generated captive portal page. These systems need looking into to discover if one of the solutions can be moulded for the projects purpose.
The redirect option is going to be the most customisable system that would mean setting up a machine on the network that would host the redirect page. The concern with just a HTTP redirect is that is may not be as captivating as a captive portal should and may let users browse the web after dismissing the redirect page.
I’m continuing my research into these services and will update on how I get on!