IT News & Technology update

Provide comprehensive update related to Computer, technology, software, anti virus and another electric device

Find Windows vulnerabilities with a hex editor

Written by IT News on 11:03 AM

Kevin Beaver, CISSP, 09.18.2007

The hex editor is a long-time favorite investigative tool for forensics professionals. But the capabilities of the tool go

Security testing tips
Hacking Vista and planning for security breaches

Pen testing your VPN

beyond piecing together bits and bytes to prove a case. Used in the right context, a hex editor can actually uncover Microsoft Windows and application vulnerabilities that you may not have thought about, yet can't afford to overlook. In fact, the hex editor is one of the most underrated and overlooked security testing tools.

Here are just a few of the things you can do with a hex editor to root out security weaknesses in your Windows environment:

  • Check for passwords that may still be saved in Windows, Internet Explorer (IE) and other applications. Passwords left in memory can pose a risk and this technique demonstrates just how vulnerable logins and other private information can be -- especially on public computers that can be accessed by several people.
Figure 1: Using WinHex to search Firefox's memory range for sensitive information.

    If this isn't enough proof that a vulnerability exists, you can also search the computer's entire memory range for Windows application passwords or other sensitive information. Many times, I've been able to find sensitive information stored in memory by Web browsers even after the programs were closed. Searching all physical memory for this type of sensitive information is simple, fast and very revealing.

  • Search local system files, such as pagefile.sys and hiberfil.sys or the entire physical disk, for sensitive information. It's worked for me every time. This can really come in handy for spot checking computer hard drives that have supposedly been wiped before being disposed of or given away. Figure 2 shows the WinHex interface for searching local files.

Figure 2: Using WinHex to search logical drive C: for sensitive information.

  • Search for malware in memory or hidden data on disk that you wouldn't be able to see otherwise.
  • Search for "dirty" documents, such as Microsoft Word files that reveal sensitive information that should never leave the network. Those include file authors, draft verbiage, comments or third-party information that had supposedly been removed or were assumed to be non-existent since they're not visible in the native application. This comes in handy when searching for the files of those who forgot to enable the "Remove personal information from file properties on save" option.

Even with hex editors, it pays to have good tools. There are plenty of hex editors to go around. Check out the commercial alternative to WinHex called Hex Workshop or even the freebie XVI32. Don't even bother with the DOS/Windows debug tool that we used to have to rely on. Most of the hex editor features and capabilities you'll need are not there.

If you jump in head first with a hex editor, you'll be amazed at how powerful it is and what you can uncover. With this power comes some risk: A hex editor can and will modify anything on in memory or stored on disk, so be careful. The results can be beneficial or devastating. Either way, the power is in your hands.

Related Posts by Categories

Widget by Hoctro | Jack Book
  1. 0 comments: Responses to “ Find Windows vulnerabilities with a hex editor ”

Search This Blog

Ads and Sponsored by:

Want to subscribe?

Subscribe in a reader.