3. 00 WHOAMI
• @090h, root@0x90.ru, keybase.io/090h
• ZN HW Village organizer hardware@zeronights.ru
• 802.11 pwner, SDR/RF enthusiast
• embedded reverser (for PWN/DIY)
• JBFC/DC7499 member
• researcher at hlsec.ru
• pwning telecommunications since 2002
• …was doing MITM 20 years ago 8)
4. 01 INTRO
• XXI century is communications century
• When I was a boy we counted in Pentiums 8)
1993 Pentium 66Mhz – 2000 Pentium 4 1400MHz
• Nowadays we count in G and still use Pentium, but 4G is used
and 5G in progress
• DialUp 9600 FIDO – FTTH 100Mb Internet
• Nearest future: 5G + IPv6 + IoE
• Security of communications evolving slooooooooooowly. SS7
invented in 1975, kicking ass nowadays
5. 02 MAN MITM
• MITM = Man In The Middle
• It is a type fundamental communication attacks
• Subtypes: active, passive
• IRL: passive MITM = sniff, active MITM = MITM
• Also has a name….
16. Short summary
• Technology changes – MiTM changes. Hackers should be adaptive.
• Security of telecommunications is like in 90’s
• MiTM world is much more bigger than most hacker think
• Study fundamental sciences, to be able to hack at FUNdaMENTAL
layer!
46. Pros and cons
Pros:
• Not so hard to do
Cons
• Router is rebooted by watchdog or users
• MITM is sloooooooooow cause of high temp of CPU
• Not so many routers have such reach features
• VPS IP disclosure during MITM
53. PPTP MITM ideas
• MiTM contains of 2 parts for router and VPS
• All active attacks are working on VPS
• Router is used for forwarding and routing
• pwner is pwning
56. PPTP MITM ALGO
• Connect from VPS to PPTP VPN
• Get ppp0 interface IP
• Launch MITM kit on ppp0 (sslsplit, sslstrip, iptavleforwarding)
• Telnet to router
• Add ISP gateway to route map
• Set VPS ppp0 IP as default gateway
• PWN’em all