Flag: Tornado! Hurricane!

Blogs >> Kostya's Blog

Created: Monday, April 24 2006 04:24.49 CDT  
Printer Friendly ...
Skype fun
Author: Kostya # Views: 6349

As some of you might probably have noticed, there are thousands of fun things to do with Skype for a reverse engineer.
But there are some that are just about reading the (f*****g) manual.

If you don't already know, Skype has a pretty wide API available to developpers, documented here. One of the nicest thing is the "Application to application commands", which allow applications to communicate with one another through Skype. In my opinion it's basically a good idea and provides a lots of cool features : ability to benefit of Skype NAT and firewall trasversal capabilities, strong encryption layer not many people can decrypt, initiating a communication with a user and not an IP, and so on. Those things are rather cool, particularly for a person who whishes to initiate a communication with the outside world, quite anonymously, not knowing much about what is going on in an internal network, let's say, simple supposition, a hacker.

As a an exemple, I have implemented two sample plugins allowing to spawn a connect back CMD.exe. The principle is quite simple : the master plugin, once registered to a running Skype, will wait for connections, while the slave plugin, once registered to a running Skype, will spawn a CMD.exe and redirects its input and output to the master plugin by specifying the Skype username to connect to. You don't have to care much about anything that is going on : Skype will find his way out, encrypt the data, and give you full control over the slave machine. It's not a vulnerability, it's a feature. The code is defintiely not the cleanest and smartest ever, but this was an early PoC, more things have been done since.

Some people might think "Man, there is a popup to allow the plugin to run, it's useless". Well yes, but I would like to raise the following point : what if it was really easy to "sign" your own plugin and add the signature to the Skype configuration file so that Skype won't say a word ? Well this question will probably be answered at RECON 2006, along with other cool things about Skype.

The master plugin is available here.
The slave plugin is available here.

To conclude, exfiltration is a real problem with Skype.




Add New Comment
Comment:









There are 31,320 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

oleavr
Jun/25
Build a debugger in 5 minutes

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit