Security¶
Important
Demo Range Access - User Account Site
CREDS: - demo1 :: password
-
Open web browser (FIREFOX preferred) and set up proxy settings
-
Navigate to 10.208.50.61/classinfo.html
OR
-
Open Web browser
-
Navigate to 127.0.0.1:1111/classinfo.html
INPUT YOUR USERNAME ONLY, STORE OUTPUT IN YOUR NOTES, RESULTS WILL BE DELETED
The Vision for Security and Exploitation¶
The Security module is based on the principle of understanding the basis of exploitation. Deep understanding of how systems and exploitation really work allow for advanced offensive and defensive operations. Because of this, exploitation is the main thing that is taught. On the surface, this may appear to only teach offensive tehniques. However, the students are then asked to research mitigation techniques. For example, if you understand why pickles are dangerous in a Python application, you can easily search for the dangerous use of pickles and mitigate by developing a safe method to do the same thing.
As an example to the above, find the vulnerability:
conn,addr = self.receiver_socket.accept()
data = conn.recv(1024)
return cPickle.loads(data)
If you don't understand how pickles and pickle exploitation work, you may not be able to identify it. Essentially, this code unpickles arbitrary data that it recieves. How would you mitigate this without understanding exploitation? You couldn't. But now that you understand what the danger is at a high level, you can create defensive mitigations. One way to protect this simple code is to verify data received with cryptographic signatures:
conn,addr = self.receiver_socket.accept()
data = conn.recv(1024)
recvd_digest, pickled_data = data.split(' ')
new_digest = hmac.new('shared-key', pickled_data, hashlib.sha1).hexdigest()
if recvd_digest != new_digest:
print 'Integrity check failed'
else:
unpickled_data = pickle.loads(pickled_data)
Reverse engineering is the fundamental skill under all exploit development and bug hunting. Therefore, it is the fundamental task used to attack and defend any and all systems. When you think of reverse engineering, do not associate it only with breaking C programs. Reverse engineering encompasses not only the aforementioned software analysis, but also systems analysis, protocol analysis, and hardware analysis.
For example, if you want to remotely control a Honda Civic, you need to find a remote exploit. This means that you need to reverse engineer multiple systems within the car. Most likely, the cellular data hotspot used for WiFi is run directly in the kernel that controls the entire car. Considering that this is a networked device running directly in the kernel, you can imagine that this is a good candidate for intial access and complete control of the car. As you continue reverse engineering the car, you will begin to understand how CAN works. It operates like a multicast protocol in that it sends all transmissions everywhere in the system. Imagining a rogue CAN device interupting communication on the wire is not difficult.
Likewise, if you do these things before a bad guy does, you can create mitigations specifically designed to mitigate those possibilities. For the above, a sensible person would not run the cellular hotspot in the kernel. In fact, they would keep it as far away as possible. Prevention of a rogue CAN device may require that CAN wires are not physically accessible except under maintenance conditions that are not trivial to fake, or take too long of a time to meet than would be realistically operable under as an adversary.
Security and Exploitation teaches the deep understanding of systems and their exploitation to create cyber actors that understand how to use and create offensive capabilities and defensive mitigations.