Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Appending data


ghost's Avatar
0 0

Hey guys, im currently developing a program that replaces another program exactally and logs data. it then uploads it to an ftp and then uses the normal programs shell to pass the data. I made the package commercial, it contains a remote install exe for distribution and an exe to edit the ftp settings. when the main exe is edited it appends the ftp host,uername and host to the end of the exe. at the time i diddnt realize what a security vulnerability this was until somebody got the info from the exe and jacked all my uploaded…….. data….. after sniffing packets or reading the plain text settings in the exe. So i have 2 questions.

  1. how could i make the the ftp setting secure in the main exe, i was thinking of writing an encryption algorithm to write the data and then reading it when the exe is executed, or is there a better way, while still keeping it in one exe file?

and 2. how can i protect the packets from being sniffed when the contents are being uploaded?

thanks in advance :]


ghost's Avatar
0 0

sk8more272 wrote:

  1. how could i make the the ftp setting secure in the main exe, i was thinking of writing an encryption algorithm to write the data and then reading it when the exe is executed, or is there a better way, while still keeping it in one exe file?

and 2. how can i protect the packets from being sniffed when the contents are being uploaded?

Going to take a stab at this one.

  1. If they're reversing the exe at all, then there are some good anti-reversal techniques here: http://www.codeproject.com/KB/security/AntiReverseEngineering.aspx

In particular, they address how to detect the presence of a debugger, which you could use to stop the execution of it.

  1. SSH sounds like a first try. :)