- Unsupervised Learning
- Posts
- Hexedit
Hexedit
Hexedit is a very handy tool that allows you to view and edit files in both hex and ASCII. This allows you to, among other things, edit the text that various daemons display when you connect to them, which is what I usually use it for.
For example, let’s say you want to add a little obscurity to your security mix, and you happen to run the OpenSSH daemon. If that’s the case, you may want to change the text that people see when they connect to your box. It’s not a major security gain by any stretch, but it’s fun to do. Plus it’s nice to be able to edit files in this way.
One might, for example, bump down the version of a daemon they are running to a lesser version — one that’s vulnerable to a number of exploits. Why? Well maybe scripts crawling the web looking for a particular vulnerable string will follow up with exploit code that you can capture in a honeypot environment. Again, not overly powerful, but interesting nonetheless.
Basics
The basic commands for hexedit are listed below, and are taken directly from the manpage:
F2: saveF3: load fileF1: helpCtrl-L: redrawCtrl-Z: suspendCtrl-X: save and exitCtrl-C: exit without savingTab: toggle hex/asciiReturn: go toBackspace: undo previous characterCtrl-U: undo allCtrl-S: search forwardCtrl-R: search backward
Example: Chaning Your SSH Binary
First copy your sshd binary to sshd_backup; make these changes to that copy.
Press tab in order to enter ASCII mode.
Type “/” (forward slash) to enter the search mode.
Type “OpenSSH”, and press enter, which will take you to that text in the binary.
Use the arrow keys to move on the line.
Write over the text you want to change.
Type ctrl-x to save and exit.
Make a second copy of sshd, and then mv sshd_backup to sshd.
Restart your daemon.
Sample Output
Before
nc yourhost.com 22
SSH-2.0-OpenSSH_4.2
After
nc yourhost.com 22
SSH-2.0-OpenSSH_3.8
[ CREATED: July 2004 ]