About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
Kostya
's Blog
Created: Monday, April 24 2006 04:24.49 CDT
Printer Friendly ...
Skype fun
Author:
Kostya
# Views:
6210
As some of you might probably have noticed, there are thousands of fun things to do with Skype for a reverse engineer.
But there are some that are just about reading the (f*****g) manual.
If you don't already know, Skype has a pretty wide API available to developpers, documented
here
. One of the nicest thing is the "Application to application commands", which allow applications to communicate with one another through Skype. In my opinion it's basically a good idea and provides a lots of cool features : ability to benefit of Skype NAT and firewall trasversal capabilities, strong encryption layer not many people can decrypt, initiating a communication with a user and not an IP, and so on. Those things are rather cool, particularly for a person who whishes to initiate a communication with the outside world, quite anonymously, not knowing much about what is going on in an internal network, let's say, simple supposition, a hacker.
As a an exemple, I have implemented two sample plugins allowing to spawn a connect back CMD.exe. The principle is quite simple : the master plugin, once registered to a running Skype, will wait for connections, while the slave plugin, once registered to a running Skype, will spawn a CMD.exe and redirects its input and output to the master plugin by specifying the Skype username to connect to. You don't have to care much about anything that is going on : Skype will find his way out, encrypt the data, and give you full control over the slave machine. It's not a vulnerability, it's a feature. The code is defintiely not the cleanest and smartest ever, but this was an early PoC, more things have been done since.
Some people might think "Man, there is a popup to allow the plugin to run, it's useless". Well yes, but I would like to raise the following point : what if it was really easy to "sign" your own plugin and add the signature to the Skype configuration file so that Skype won't say a word ? Well this question will probably be answered at
RECON 2006
, along with other cool things about Skype.
The master plugin is available
here
.
The slave plugin is available
here
.
To conclude, exfiltration is a real problem with Skype.
Add New Comment
Comment:
There are
31,311
total registered users.
Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}