Advanced Camouflage

Our current stealth exploit only camouflages the web request; however, the IP address and timestamp are still written to the log file. This type of camouflage will make the attacks harder to find, but they are not invisible. Having your IP address written to logs that could be kept for years might lead to trouble in the future. Since we're mucking around with the insides of the tinyweb daemon now, we should be able to hide our presence even better.

Spoofing the Logged IP Address

The IP address written to the log file comes from the client_addr_ptr, which is passed to handle_connection().

Code Segment from tinywebd.c

void handle_connection(int sockfd, struct sockaddr_in *client_addr_ptr, int logfd) { unsigned char *ptr, request[500], ...

Get Hacking: The Art of Exploitation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson

Advanced Camouflage

Spoofing the Logged IP Address

Code Segment from tinywebd.c

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly