Revealed: The Internet’s Biggest Security Hole

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination. Find out about a new exploit that uses a weakness in the design of the internet’s Border Gateway Protocol (BGP) to re-direct traffic to an eavesdropper. How do you think ISPs will respond to defending against this new technique? Check it out in the article below.

http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

Advertisements

Defcon 16 – The List of Tools

DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique.

I say this because there are so many things to do at DEFCON, other than going to talks, that you could spend your whole weekend looking at the “World’s Largest Boar!”, so to speak. One of the CTF (Capture the Flag) contest winners this year actually exclaimed that he only made it to 2 talks in 12 years! I am also one of those individuals who barely get a chance to go to talks and now that the speaker pool is so diverse, it’s hard to find all of the “stuff” they release.

Before anyone has a chance to post “it’s all on the DEFCON CD dummy,” I want to challenge them to try. After a weekend of googling (which came back with few results) and making contact with some of the speakers, I provide you with a mostly accurate list of “stuff” that was released at DEFCON this year. If any of the information is inaccurate, or a tool is missing, please contact me and I will update this post.

Beholder – by Nelson Murilo and Luis Eduardo

  • Description: An open source wireless IDS program
  • Homepage Link: http://www.beholderwireless.org/
  • Email Address: bh@beholderwireless.org
  • The Middler – by Jay Beale

  • Description: The end-all be-all of MITM tools
  • Homepage Link: http://www.themiddler.com/ (Online?)
  • Preface Link: http://www.intelguardians.com/themiddler.html
  • ClientIPS – by Jay Beale

  • Description: An open source inline “transparent” client-side IPS
  • Homepage Link: http://www.ClientIPS.org/  (Online?)
  • Marathon Tool – by Daniel Kachakill

  • Description: A Blind SQL Injection tool based on heavy queries
  • Download Link: DEFCON 16 CD. No online link found.
  • Email Address: dani@kachakil.com
  • The Phantom Protocol – by Magnus Brading

  • Description: A Tor-like protocol that fixes some of Tor’s major attack vectors
  • Homepage Link: http://code.google.com/p/phantom
  • Email Address: brading@fortego.se
  • ModScan – by Mark Bristow

  • Description: A SCADA Modbus Network Scanner
  • Homepage Link: http://modscan.googlecode.com/
  • Email Address: mark.bristow@gmail.com
  • Grendel Scan – by David Byrne

  • Description: Web Application scanner that searches for logic and design flaws as well as the standard flaw seen in the wild today (SQL Injection, XSS, CSRF)
  • Homepage Link: http://grendel-scan.com/
  • iKat – interactive Kiosk Attack Tool  (This site has an image as a banner that is definitely not safe for work! – You have been warned) by Paul Craig

  • Description: A web site that is dedicated to helping you break out of Kiosk jails
  • Homepage Link: http://ikat.ha.cked.net
  • Email Address: paul.craig@security-assessment.com
  • DAVIX – by Jan P. Monsch and Raffael Marty

  • Description: A SLAX based Linux Distro that is geared toward data/log visualization
  • Homepage Link: http://code.google.com/p/davix/
  • Download Link: http://www.geekceo.com/davix/davix-0.5.0.iso.gz
  • Email Addresses: jan.monsch@iplosion.com and raffy@secviz.org
  • CollabREate – by Chris Eagle and Tim Vidas

  • Description: An IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project.
  • Homepage Link: http://www.idabook.com/defcon
  • Email Addresses: cseagle@gmail.com and tvidas@gmail.com
  • Dradis – by John Fitzpatrick

  • Description: A tool for organizing and sharing information during a penetration test
  • Homepage: http://dradis.sourceforge.net
  • Email Address: john.fitzpatrick@mwrinfosecurity.com
  • Squirtle – by Kurt Grutzmacher

  • Description: A Rouge Server with Controlling Desires that steals NTLM hashes.
  • Homepage: http://code.google.com/p/squirtle (Live?)
  • Email Address: grutz@jingojango.net
  • WhiteSpace – by Kolisar

  • Description: A script that can hide other scripts such as CSRF and iframes in spaces and tabs
  • Download Link: DEFCON 16 CD
  • VoIPer – by nnp

  • Description: VoIP automated fuzzing tool with support for a large number of VoIP applications and protocols
  • Homepage Link: http://voiper.sourceforge.net/
  • Barrier – by Errata Security

  • Description: A browser plugin that pen-tests every site that you visit.
  • Homepage Link: http://www.erratasec.com
  • Email Address: sales@erratasec.com
  • Psyche – by Ponte Technologies

  • Description: An advanced network flow visualization tool that is not soley based on time.
  • Homepage Link: http://psyche.pontetec.com/
  • Reverse Engeenering: Smashing the Signature

    Neste artigo muito bom, o grupo Astalavista mostra como efetuar bypass em sistemas de antivirus que utilizam em suas regras de deteccao sistemas simples verificando pequenas porcoes do binario procurando por determinadas strings.

    Usando criptografia no binario e possivel fazer com o que aquela sessao modifique totalmente sua assinatura original, fazendo com o que passe desapercebido pelo antivirus alvo.

    Reverse Engeenering (PDF)

    Good Hacking 4 All.

     

    PuttyHijack – How to Hijack SSH Sessions

    O PuttyHijack e uma ferramenta criada com a finalidade de demonstrar o conceito de SSH Hijacking utilizando sessoes estabelecidas com o comum putty.

    A ferramenta injeta uma dll no processo do putty.exe criando alguns hooks que permitem direcionar um novo socket da sessao SSH para um host qualquer na rede que esteja escutando um socket via Netcat por exemplo. Este tipo de tecnica pode ser muito util para elevacao de privilegios na rede a partir de uma maquina workstation comprometida que esteja utilizando o putty para efetuar administracao de servicos Telnet e SSH em servidores durante a rede.

    c:\PuttyHijack.exe

     

    ++++++++++++++++++++++++++++++

    + Putty Terminal Hijack V1.0 +

    +     Insomnia Security      +

    +    www.insomniasec.com     +

    ++++++++++++++++++++++++++++++

    – Usage: PuttyHijack IP PORT <pid>

     

    IP: sera o ip do host que esta esperando a conexao reversa no listener do netcat

    PORT: e a porta que o host esta ouvindo (tcp)

    <pid>: este e o pid do Putty.exe que esta em execucao no host alvo.

     

    Apos efetuar esta execucao simples, no host que esta escutando pela shell reversa, uma shell do sistema com o qual o putty esta se comunicando ira aparecer. Alem do fato do acesso indevido ao sistema operacional alvo (linux, windows, freebsd, solaris, etc etc …) tambem existem outros fatores perigosos envolvidos neste ataque, como por exemplo:

    – A shell e um clone do socket original, desta forma toda interacao efetuada na shell original sera interceptada tambem pela shell clone. Se durante o hijack da sessao o administrador efetuar algum tipo de acesso a outros sistemas em que seja possivel visualizar a senha no prompt, o atacante ira conseguir visualizar a sessao como se estivesse olhando para o monitor do administrador,

    Abaixo segue um pequeno video demonstrando esta tecnica.

    http://www.rootsecurity.com.br/videos/PuttyHijack.avi

     

    Good Hacking 4 All.

    Def Con 16

    Olá pessoal, estive fora estes últimos dias devido minha ida a Defcon. Este ano a conferência foi muito boa, com muitas palestras interessantes. Encontrei muitos ilustres Brasileiros como Willian Caprino, Nelson Murilo, Luis Eduardo, Leonardo Cavallari entre outros.

    Abaixo segue o link para algumas fotos do evento e da cidade de Las Vegas que é excepcional.

    http://picasaweb.google.com.br/y2h4ck/DefCon16