#/arhiv za kategorijo ‘Članki’

ELK stack for Hackers

We can image a face of a person in a CFP review board that sees our paper submitted to a conference. “Oh no, another Wi-Fi talk”. But after reading it through one can see Wi-Fi from a different angle. We are presenting a way how to cross from terminal output of Wi-Fi packets to big data and visualization.

(več …)

I know what you forgot last summer – DNS

After preparing and organizing some CTF events we discovered that players struggle at a particular task.  Often forgotten to look at it, but it is a must do in every penetration test. We are talking about a misconfigured DNS server that allows zone transfers from any source. This post is not about explaining details of a zone transfer, but rather about how to initiate one in Linux or Windows and if you want to learn more look DNS zone transfer. (več …)

BalCCon 2k15 CTF

Viris is proud to be the organizer of CTF (Capture the Flag) competition at BalCCon 2k15 security event that lasted from September 11th till 13th, 2015.  CTF competition was designed from pentester perspective where the ultimate goal was to take over BigFish’s Domain Controller. Besides real and legit hacking of the virtual environment, where flags were hidden in the form of security vulnerabilities, warm up tasks had been provided for challengers that didn’t want to get dirty.

Competition was heating up second day where we had couple of groups hacking as crazy. After two long nights there have been quite some challenges also for us as organizers, but we managed to solve them after all.

The grandmasters of CTF at BalCCon 2k15 are Hetti and cluosh. (več …)

Someone else’s trash is another man’s treasure

Everyone in a company is responsible for company’s data security. A company can spend billions of dollars on all kinds of security equipment, but it only takes one person for company’s security to be compromised [1].

(več …)

Wi-Fi security in Ljubljana

Here is a short story about access points (AP). We were wardriving through Ljubljana with a mission to analyze the security of Ljubljana’s Wi-Fi network. Our focus was collecting information about different authentication types in use. The goal was to capture a representative set of information about AP’s so that some assumption about security of Wi-Fi could be given. The only hardware we used was our Android mobile phone with the great Wigle Wifi Wardriving Android application. We already had a large database and we combined it with a smaller one that was obtained fresh from wardriving. The next step was to narrow down the area. Wigle Wifi app stores information about AP’s in a local SQL-lite database, so limiting the area was a piece of cake. (več …)

Security BSides Ljubljana Real-CTF

In the spirit of Security BSides Ljubljana 2015 there was CTF contest titled Real-CTF. Why choose such a title? Because it was designed like a virtual company with lots of vulnerabilities. Of course, the number and impact of vulnerabilities were enhanced so that the playground area was spread in X in Y axis of fun. Here is a short write up.

(več …)

Analysing Android Applications or just cheating in Games

The growing number of Android based devices, the simplified development process of Android applications and their wide spread usage is attracting potential attackers that are after financial gain. By analyzing the area of security issues addressing Android applications (APK’s ), we found out that there is no such thing as good tool to help with runtime analysis and we are too lazy to debug all the time. Therefore we developed a tool called Vaccine. Vaccine is used for dynamically analyzing APK’s. For detailed explanation continue reading. If you just want to use Vaccine visit link https://github.com/viris/android/tree/master/vaccine. Readme contains some additional information about how to use Vaccine.

(več …)

MiniUPnPd Analysis and Exploitation

UPnP Povzetek

Universal Plug and Play (UPnP) je omrežni protokol, ki omogoča lažje odkrivanje omrežnih naprav in se uporablja za njihovo medsebojno komunikacijo. UPnP programski strežniki so privzeto omogočeni na različnih napravah kot so usmerjevalniki, tiskalniki, pametni televizorji … UPnP strežniški program posluša na UDP vratih 1900 in lahko izpostavi SOAP vmesnik klientu. Problem nastane, ker obstajajo različne ranljivosti v samih UPnP strežnikih kot tudi knjižnjicah, ki jih le-ti uporabljajo. Omenjene ranljivosti napadalec lahko izkoristi in prevzame nadzor nad strežnikom. Naš prispevek temelji na raiskovalnem delu ekipe Rapid7, katerih prispevek je objavljen v PDF dokumentu dostopnem na spletu [1]. Posebej smo analizirali MiniUPnPd strežniški program ter napisali dva Metasploit modula s katerima lahko izkoristimo omenjene ranljivosti v starejših različicah MiniUPnPd. Več lahko preberete v angleški različici članka, kjer smo podrobno opisali celotni postopek napada na MiniUPnPd.
 

Vir:

[1] Rapid7 Team, Security Flaws in Universal Plug and Play, accessible at https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf.

Implementacija slovenske tipkovnice za Teensy

Pred kratkim smo v okviru projekta simulirali različne napade socialnega inženirstva, meddrugim tudi obisk glavnih prostorov podjetja kot IT administrator podjetja. Cilj projekta je bil podtakniti Teensy USB HID napravo v namiznem računalniku na katerem je nameščen Windows 7 ali Windows 8.

(več …)

Wi-Fi Protected Setup (WPS)

Zveza »Wi-Fi Alliance«, ki promovira brezžično omrežno tehnologijo in certificira izdelke za uporabo te tehnologije, je leta 2007 razvila standard WPS. Namen standarda je bil omogočiti uporabnikom z manj znanja o varnosti brezžičnih omrežij, da lažje zaščitijo svoja brezžična omrežja z WPA2 zaščito in enostavno dodajajo nove naprave v omrežja. V decembru 2011 je bila razkrita velika ranljivost standarda. Ta omogoča napadalcu, da v nekaj urah preizkusi vse možnosti WPS PIN števil in nato pridobi ključ WPA/WPA2. Ranljivost je Stefan Viehböck prijavil ameriškemu centru za posredovanje pri omrežnih incidentih (US‑CERT – Computer Emergency Readiness Team). Podroben opis ranljivosti v angleščini je dostopen na tej povezavi.

(več …)