Hexedit

Hexedit is a very handy tool that allows you to view and edit files in both hex and ASCII. This allows you to, among other things, edit the text that various daemons display when you connect to them, which is what I usually use it for.

For example, let’s say you want to add a little obscurity to your security mix, and you happen to run the OpenSSH daemon. If that’s the case, you may want to change the text that people see when they connect to your box. It’s not a major security gain by any stretch, but it’s fun to do. Plus it’s nice to be able to edit files in this way.

One might, for example, bump down the version of a daemon they are running to a lesser version — one that’s vulnerable to a number of exploits. Why? Well maybe scripts crawling the web looking for a particular vulnerable string will follow up with exploit code that you can capture in a honeypot environment. Again, not overly powerful, but interesting nonetheless.

Basics

The basic commands for hexedit are listed below, and are taken directly from the manpage:

F2: save
F3: load file
F1: help
Ctrl-L: redraw
Ctrl-Z: suspend
Ctrl-X: save and exit
Ctrl-C: exit without saving
Tab: toggle hex/ascii
Return: go to
Backspace: undo previous character
Ctrl-U: undo all
Ctrl-S: search forward
Ctrl-R: search backward

Example: Chaning Your SSH Binary

1. First copy your sshd binary to sshd_backup; make these changes to that copy.
2. Press tab in order to enter ASCII mode.
3. Type “/” (forward slash) to enter the search mode.
4. Type “OpenSSH”, and press enter, which will take you to that text in the binary.
5. Use the arrow keys to move on the line.
6. Write over the text you want to change.
7. Type ctrl-x to save and exit.
8. Make a second copy of sshd, and then mv sshd_backup to sshd.
9. Restart your daemon.

Sample Output

Before

nc yourhost.com 22

SSH-2.0-OpenSSH_4.2

After

nc yourhost.com 22

SSH-2.0-OpenSSH_3.8

[ CREATED: July 2004 ]