« Home

Jacking Google »Bot wars »Hacking IE (msdds.dll) »Bluetooth Nickname Remote DoS »Hacking Forums part 2 »Hacking anonymously with Firefox »Hacking Webcams from Google »Vulnerability in Remote Desktop Protocol Allows DoS »Hacking MySQL ( webdav ) »Hacking Hotels » 

Hacking Skype

Published 8.28.2005 by jm | E-mail this post

E-mail this post



Remember me (?)



All personal information that you provide here will be governed by the Privacy Policy of Blogger.com. More...


I got Skype earlier today, and I am already obsessed. Imaging Instant Messanger with cell phone capabilities. In any event, I got this new toy, so I figured I would figure out how to hack it. And it has proved to be very simple.

Skype is vulnerable to a buffer overflow attack. The buffer overflow happens when a Skype user clicks on a "callto://username" link with a username longer then 4096 characters that does not exist: An error message is created and put into a buffer without correct size checks. The error message and buffer are Unicode however, Unicode characters are filtered out and replaced with '?'. Only printable ASCII characters seem to get through. A return address can be overwritten as well as the SEH. Exploitation is complicated by the fact that return addresses have to be in range 0x00??00??.

Web browsers like Microsoft Internet Explorer do not support URI's long enough to trigger the BoF. To exploit it, one could send a Skype user a callto:// link in a private message and trick him/her into clicking it.

Don't rejoice yet: This hack works for Skype versions under 1.0.0.101. I have not tested it on the current software, which is above 1.3.

Thanks to the SecuriTeam, for giving me my research!

    If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .

Previous hacks

Previous Hacks



    This link kills spam


    spam IP addresses


    These are sites I block at my firewall.

    cdn2.gms1.net
    gms1.net
    servedby.advertising.com
    advertising.com
    a.tribalfusion.com
    tribalfusion.com
    pimpslord.com
    altfarm.mediaplex.com
    mediaplex.com
    ad.yeildmanager.com
    yeildmanager.com
    doubleclick.net
    isg32.casalemedia.com
    casalemedia.com

    Cost of the War in Iraq
    (JavaScript Error)

Two very recommended books:


. . The only hacking forum I have found worth mentioning here