nullcon 2011 - Chupa Rustam

1,461 views

Published on

Chupa Rustam by Abhijeet Hatekar

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,461
On SlideShare
0
From Embeds
0
Number of Embeds
62
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

nullcon 2011 - Chupa Rustam

  1. 1. http://null.co.in/ http://nullcon.net/
  2. 2. Remember these Titans???
  3. 3. Spying was a manual labor!
  4. 4. Spying has become digital
  5. 5. MeetAbhijeet Hatekar
  6. 6. A Geek who works forWho happens to be a hardcore Linux Guy
  7. 7. Delves into…
  8. 8. Loves to developNew Security /Hacking Tools
  9. 9. Also, a good cook!
  10. 10. I was at
  11. 11. Where I developed tools like… oat.sf.net
  12. 12. Presented papers at…
  13. 13. And active contributor fora magazine
  14. 14. Can be followed at my blogand reached at my website: www.chackraview.net
  15. 15. What bringsme here?
  16. 16. What bringsme here?
  17. 17. What bringsme here?
  18. 18. What bringsme here?
  19. 19. What bringsme here?
  20. 20. Let’s go a step ahead
  21. 21. Unified Communication
  22. 22. VoIP is a piece of technical excellence
  23. 23. VoIP BenefitsCost efficientFlexibilityFeature richSimple and Scalableinfrastructure
  24. 24. Competition: a Goose race To provide rich features, Slick boxes within slim timeline; vendors often overlook security issues.
  25. 25. VoIP Attack Vectors Eavesdropping Denial of Service(DOS) Call Hijack Call Teardown Call Fraud Media Manipulations Codec Manipulation
  26. 26. What’s at stake???Money Data Reputation and faith &...
  27. 27. YOU
  28. 28. Let’s focus on something more interesting!
  29. 29. Prologue
  30. 30. Major Global Video Phone Solutions Providers
  31. 31. Why Grandstream???CheapReliableFeature Rich
  32. 32. Features ofGrandstream Video Phone
  33. 33. nmap scan
  34. 34. The Awareness Hurdle Non-aware 95%
  35. 35. The Hack Begins….
  36. 36. Login Authentication
  37. 37. Survey Facts 78% people do not change the default password. Out of remaining 22%, 42.98% just increment a number. e.g.Password1, admin2 etc. Source: Symantec Inc.The Password 75% of social networking username and password samples collected online were identical to those used for emailleaks some accounts. 69.30% people write down their password to remember.facts ☺ Source: www.securityweek.com 63% people do not change their password often. Source: www.cnet.com
  38. 38. The Wireshark Trace
  39. 39. The Wireshark Trace
  40. 40. The Research
  41. 41. After burning the midnight oil over couple of smokes Grey cellsPacket captures I found out different interesting configuration variables.
  42. 42. The Research: Mapping Configuration VariablesP2 = passwordP97 = iLBC Frame sizeP927 = Video packet sizeP39 = local RTP portP928 = ??? <interesting>
  43. 43. The ResearchThese variables correspondto some features directlyaffecting the Grandstreamphone.Among all the variables,P928caught my attention becauseas soon as I set that variable.
  44. 44. The Research:2nd nmap Scan
  45. 45. The Research P928 starts RTSP server on phone Can stream video from the video phone camera User is not aware of this and moreover User cannot control it from phone menu
  46. 46. Cracking SRTP Authentication • Phone tries to authenticate RTSP client • http digest authentication mode • QoP is only auth and not auth_int(little safe) • Vulnerable to MiTM and password brute force attacks
  47. 47. So far I have not seen thisroom getting intothe sleeping zone…I believe then it’s not thatboring ☺
  48. 48. SynopsisCrack web password Enable RTSP Server Crack RTSP authentication Profit / fun
  49. 49. Presenting
  50. 50. Chupa Rustam Fundamentals Written in “C”.. Uses libvlc For Linux Platform
  51. 51. Generic Grandstream Remote administrationweb cracking support of surveillance feature Chupa Rustam FeaturesRTSP password cracker SSL support
  52. 52. Getting back to“something more interesting”…
  53. 53. Titans are back… with ninja skills!
  54. 54. Worldwide Usage ofGrandstream Video PhonesGrandstream GXV 3xx Series Clients
  55. 55. Lessons Learned for VendorsUse strong authenticationmechanismsDocument all features and securethemprovide features only if necessary
  56. 56. Lessons Learned for End Users Change default passwords to something better than alphanumeric There is no fix for the human stupidityDON’T bring video phones to your bedroom ☺
  57. 57. How can I get Chupa-Rustam?http://tools.chackraview.net/chuparustam
  58. 58. Got questions??? Hit ‘em!
  59. 59. Thank You & Stay safe!ahatekar@microsoft.com

×