Upload File

Download - Hacking Web File Servers for iOS

Transcript
Page 1: Hacking Web File Servers for iOS

Hacking Web File Servers for iOS

Bruno Gonçalves de Oliveira

Senior Security Consultant – Trustwave’s SpiderLabs

Page 2: Hacking Web File Servers for iOS

About Me

#whoami• Bruno Gonçalves de Oliveira• Senior Security Consultant @ Trustwave’s SpiderLabs

• MSc Candidate• Computer Engineer• Offensive Security• Talks:

Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC.

Hosted by OWASP & the NYC Chapter

Page 3: Hacking Web File Servers for iOS

INTRO• Smartphones

– A LOT OF information– iPhone is VERY popular

• Mobile Applications– (MOST) Poorly designed

• Old fashion vulnerabilities

Hosted by OWASP & the NYC Chapter

Page 4: Hacking Web File Servers for iOS

What are those apps?

• Designed to provide a storage system to iOS devices.

• Data can be transferred utilizing bluetooth, iTunes and FTP.

• Easiest way: HTTP protocol.

• They are very popular.

Page 5: Hacking Web File Servers for iOS

Examples

Page 6: Hacking Web File Servers for iOS

Features

• Manage/Storage files

• Create Albums, etc.

• Share Data

Page 7: Hacking Web File Servers for iOS

VULNERABILITIES

Page 8: Hacking Web File Servers for iOS

• No encryption (SSL):

Page 9: Hacking Web File Servers for iOS

• No authentication (by default):

Page 10: Hacking Web File Servers for iOS

• (Reflected) XSS

Page 11: Hacking Web File Servers for iOS

• (Persistent) XSS

Page 12: Hacking Web File Servers for iOS

• (Persistent) XSS

http://www.vulnerability-lab.com/get_content.php?id=932

Page 13: Hacking Web File Servers for iOS

• Vulnerability-Lab Advisories:http://www.vulnerability-lab.com/show.php?cat=mobile

Page 14: Hacking Web File Servers for iOS

Disclaimer

• Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.

Page 15: Hacking Web File Servers for iOS

• Path Traversal

• WiFi HD Free Path Traversal (CVE-2013-3923)• FTPDrive Path Traversal (CVE-2013-3922)• Easy File Manager Path Traversal (CVE-2013-

3921)

You probably want to test the app that you use.

Page 16: Hacking Web File Servers for iOS

• Path Traversal (DEMO)

Page 17: Hacking Web File Servers for iOS

• Easy File Manager

• Unauthorized Access to File System (CVE-2013-3960)

Page 18: Hacking Web File Servers for iOS

• Unauthorized Access to File System (CVE-2013-3960)

Page 19: Hacking Web File Servers for iOS

• Getting worst with a jailbroken device.

Page 20: Hacking Web File Servers for iOS

• Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device

Page 21: Hacking Web File Servers for iOS

• iOS 7 Security Improvement

Page 22: Hacking Web File Servers for iOS

How to find vulnerable systems

<= mDNS Watch for iOS

mDNS Queries

Page 23: Hacking Web File Servers for iOS

• Conclusions

• Mobile Apps (already) are the future.• Mobile Apps designers still don’t care too

much about security.• Too many apps, we have to take care.• Old fashion vulnerabilities still rock.


Top Related

Hacking Web Servers April 15, 2010 MIS 4600 – MBA 5880 - © Abdou Illia
Hacking Web Servers April 15, 2010 MIS 4600 – MBA 5880 - © Abdou Illia
Ethical Hacking Module XI Hacking Web Servers. EC-Council Module Objective Introduction to Web Servers Popular Web Servers and common Vulnerabilities
Ethical Hacking Module XI Hacking Web Servers. EC-Council Module Objective Introduction to Web Servers Popular Web Servers and common Vulnerabilities
Ethical Hacking and Countermeasures - · PDF fileEthical Hacking and Countermeasures Version 6 Mod le XVIModule XVI Hacking Web Servers
Ethical Hacking and Countermeasures - · PDF fileEthical Hacking and Countermeasures Version 6 Mod le XVIModule XVI Hacking Web Servers
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Hacking from iOS 8 to iOS 9 - Power Of Communitypowerofcommunity.net/poc2015/pangu.pdf · Team Pangu is known for releasing jailbreak tools for iOS 7.1, iOS 8, and iOS 9 We have broad
Hacking from iOS 8 to iOS 9 - Power Of Communitypowerofcommunity.net/poc2015/pangu.pdf · Team Pangu is known for releasing jailbreak tools for iOS 7.1, iOS 8, and iOS 9 We have broad
CNIT 128 Hacking Mobile Devices · 2020-04-29 · Hacking Mobile Devices 3. Attacking iOS Apps Part 1. Topics: Part 1 ... apps •Must install the
CNIT 128 Hacking Mobile Devices · 2020-04-29 · Hacking Mobile Devices 3. Attacking iOS Apps Part 1. Topics: Part 1 ... apps •Must install the
CEHv6 Module 42 Hacking Database Servers
CEHv6 Module 42 Hacking Database Servers
Hacking iOS on the Run: Using Cycript - RSA Conference · SESSION ID: Hacking iOS on the Run: Using Cycript . HTA-R04A . Sebastián Guerrero . Mobile Security Analyst . viaForensics
Hacking iOS on the Run: Using Cycript - RSA Conference · SESSION ID: Hacking iOS on the Run: Using Cycript . HTA-R04A . Sebastián Guerrero . Mobile Security Analyst . viaForensics