6 comments

[ 2.1 ms ] story [ 27.1 ms ] thread
I am very pleased to see a legitimate post about hacking on Hacker News. Well played, sir.

I have similar feelings about Detours. Microsoft Research is in their own little world sometimes.

On the subject of Detours, I suggest checking out EasyHook: http://www.codeplex.com/easyhook

It's under a free license, lets you write hooks not only from C/C++, but also from any .NET language (architecture-independent). It makes any sort of API hooking a breeze.

Edit: Forgot to mention, it automatically sets up a remoting channel for you. That way, you can do IPC between your hooking application and the hookee trivially.

stunnel is also a nice way to debug ssl connections when you only control one side of the connection: http://www.stunnel.org/examples/

As a client, you would stunnel local:389 to remote:636. As a server you would stunnel local:636 to local:389.

Then you can sniff on the unencrypted port with wireshark,etc.

Thanks for the pointer to detours.

alternatively if you want SYSTEM privileged cmd.exe on Windows XP (not on Vista, sorry) and you don't have SysInternal's psexec, you can try this:

    C:\> time /t
     9:42
    C:\> at 9:43 /interactive cmd

then at 9:43 a cmd.exe shell pops up.

And HTTPAnalyzer could sniff HTTPS traffic easily. It's DLL injection and it can un-gzip data.

AT no longer allows running as local system.

HTTPAnalyzer is great for HTTPS, but not pure SSL, such as LDAPS, in the example.

"sniffing the unsniffable" sounds way more racy than it ought to.