These images have a default password of “toor” and may have pre-generated SSH host keys.
Select Kali Linux 64 bit VBOX
You’ll get the *.ova file appear.
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
I love OpenVPN, and wish them the best of luck, in resolving these issues.
*****
Summary
I’ve discovered 4 important security vulnerabilities in OpenVPN. Interestingly, these were not found by the two recently completed audits of OpenVPN code. Below you’ll find mostly technical information about the vulnerabilities and about how I found them, but also some commentary on why commissioning code audits isn’t always the best way to find vulnerabilities.
Here you can find the latest version of OpenVPN: https://openvpn.net/index.php/open-source/downloads.html
This was a labor of love. Nobody paid me to do this. If you appreciate this effort, please donate BTC to 1D5vYkiLwRptKP1LCnt4V1TPUgk7cxvVtg.
Introduction
After a hardening of the OpenVPN code (as commissioned by the Dutch intelligence service AIVD) and two recent audits 1 2, I thought it was now time for some real action ;).
Most of this issues were found through fuzzing. I hate admitting it, but my chops in the arcane art of reviewing code manually, acquired through grueling practice, are dwarfed by the fuzzer in one fell swoop; the mortal’s mind can only retain and comprehend so much information at a time, and for programs that perform long cycles of complex, deeply nested operations it is simply not feasible to expect a human to perform an encompassing and reliable verification.
End users and companies who want to invest in validating the security of an application written in an “unsafe” language like C, such as those who crowd-funded the OpenVPN audit, should not request a manual source code audit, but rather task the experts with the goal of ensuring intended operation and finding vulnerabilities, using that strategy that provides the optimal yield for a given funding window.
Upon first thought you’d assume both endeavors boil down to the same thing, but my fuzzing-based strategy is evidently more effective. What’s more, once a set of fuzzers has been written, these can be integrated into a continuous integration environment for permanent protection henceforth, whereas a code review only provides a “snapshot” security assessment of a particular software version.
Manual reviews may still be part of the effort, but only there where automation (fuzzing) is not adequate. Some examples:
- verify cryptographic operations
- other application-level logic, like path traversal (though a fuzzer may help if you’re clever)
- determine the extent to which timing discrepancies divulge sensitive information
- determine the extent to which size of (encrypted) transmitted data divulges sensitive information (see also). Beyond the sphere of cryptanalysis, I think this is an underappreciated way of looking at security.
- applications that contain a lot of pointer comparisons (not a very good practice to begin with — OpenVPN is very clean in this regard, by the way) may require manual inspection to see if behavior relies on pointer values (example)
- can memory leaks (which may be considered a vulnerability themselves) can lead to more severe vulnerabilities? (eg. will memory corruption take place if the system is drained of memory?)
- can very large inputs (say megabytes, gigabytes, which would be very slow to fuzz) cause problems?
- does the software rely on the behavior of certain library versions/flavors? (eg. a libc function that behaves a certain way with glibc may behave differently with the BSD libc — I’ve tried making a case around the use of ctime() in OpenVPN)
So doing a code audit to find memory vulnerabilities in a C program is a little like asking car wash employees to clean your car with a makeup brush. A very noble pursuit indeed, and if you manage to complete it, the overall results may be even better than automated water blasting, but unless you have infinite funds and time, resources are better spent on cleaning the exterior with a machine, vacuuming the interior followed by an evaluation of the overall cleanliness, and acting where necessary.
Leaked CIA documents have revealed the agency has been hacking people’s Wi-Fi routers and using them as covert listening points.
Infected routers are used to spy on the activity of internet-connected device, according to decade-old secret documents leaked on Thursday by Wikileaks.
Home routers from 10 US manufacturers, including Linksys, DLink, and Belkin, have been used by the CIA to monitor internet traffic.
Wikileaks released the entire 175-page CIA user manual for the implant, which is codenamed ‘CherryBlossom’.
In total, the manual says that the firmware runs on 25 router models, but could run on more than 100 with minor modifications.
‘The Cherry Blossom (CB) system provides a means of monitoring the internet activity of and performing software exploits on targets of interest,’ the document reads.
‘In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points (APs), to achieve these goals.’
The firmware is especially effective against some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even if they have a strong administrator password.
An exploit codenamed ‘tomato’ can extract passwords from these routers if a default feature known as universal plug and play is left on.
Missions tasks include copying some or all of the user’s internet traffic, email exchanges and private chat usernames.
All exchanges between the Flytrap and device and the CIA’s CherryTree server are encrypted and and cryptographically authenticated.
The documents date back to 2007, meaning the agency has been using the Wi-Fi hack for at least a decade.
Reference:
https://www.socialcooling.com/
If you feel you are being watched,
you change your behavior.
Big Data is supercharging this effect.
People are starting to realize that this ‘digital reputation’ could limit their opportunities.
(And that these algorithms are often biased, and built on poor data.)
People are changing their behavior to get better scores.
This has good and bad sides.
Social Cooling describes the long-term negative side effects of living in a reputation economy:
In the wake of Saturday’s terrorist attack in London, the Prime Minister Theresa May has again called for new laws to regulate the internet, demanding that internet companies do more to stamp out spaces where terrorists can communicate freely.
The arguments against banning encryption are well rehearsed, but worth repeating. Encryption is not just a tool used by terrorists. Anyone who uses the internet uses encryption. Messaging apps, online banking, e-commerce, government websites, or your local hospital all use encryption.
A ban on encryption would make it impossible to do anything online that relies on keeping things private, like sending your credit card details or messaging your doctor.
Even if governments were willing to sacrifice their citizen’s online privacy, any sort of ban would be futile anyway. Anyone with a little technical know-how could write their own code to encrypt and decrypt data. In fact, the code to do so is so small it easily fits on a t-shirt. http://www.cypherspace.org/rsa/
Another way to get rid of May’s “safe spaces” that has been mooted is to give security services special access to encrypted messages, so-called back doors. Again this is impractical.
If a “master key” was created that allowed security services to bypass encryption it would immediately become a target for hackers. Anyone feeling hostile could focus their efforts on cracking the master key, and in doing so would not just get access to one person’s data, but everyone’s.
Last month New Scientist called for a greater understanding of technology among politicians.
****
Thoughts. The New Scientist has rightly called for a greater understanding amongst politicians.
What Teresa May is actually saying is:
- We ban internet banking (as that relies on encryption for security).
- We ban internet shopping (as Amazon relies on encryption too).
- We ban basically, all transactions on the Internet.
Do you agree with her?
The Internet and Encryption go hand in hand, you cannot use one safely without the other. I don’t see where she’s going with this argument, as it is a non starter.
However, it does show her lack of understanding of how the Internet relies upon encryption to function.
Reference:
WPS Pixie Dust Attack
A bit of background first. The Pixie Dust Attack is a WPS attack aimed to crack the PIN offline, exploiting the non-existing or low entropy of some APs. This vulnerability was discovered by Dominique Bongard. All credits for the research go to him.
Sources:
The roles of the devices in a common WPS transaction are:
– Registrar: client/attacker
– Enrollee: access point
Let’s have a look at part of the information exchanged between the two (|| means concatenation):
– Enrollee -> Registrar: M1 (E-Nonce || description || PKE)
– Registrar -> Enrollee: M2 (E-Nonce || R-Nonce || description || PKR)
– Enrollee -> Registrar: M3 (R-Nonce || E-Hash1 || E-Hash2)
PKE: Public Key Enrollee (g^A mod p)
PKR: Public Key Registrar (g^B mod p)
E-Nonce: Enrollee Nonce
R-Nonce: Registrar Nonce
And now comes the interesting part:
– E-Hash1: HMAC{AuthKey}(ES-1 || PSK1 || PKE || PKR)
– E-Hash2: HMAC{AuthKey}(ES-2 || PSK2 || PKE || PKR)
PSK1 is a truncated hash of the first 4 digits of the WPS pin
PSK2 is a truncated hash of the last 4 digits of the WPS pin
On M3 packet the AP is proving us that it knows the first half of the pin (with E-Hash1) and the second half (with E-Hash2). Of those two hashes we know everything except PSK1 and ES-1 and PSK2 and ES-2 respectivly.
– PSK1 and PSK2 needs only 10,000 + 1,000 guesses to find (if the last digit is used as checksum or 20,000 if not).
– ES-1 and ES-2 are two 128 bits random nonces, which would be impossible to bruteforce, right?
The question now is how are they generated? Are they truly random? No, not for every AP/manufacturer at least. Bongard looked up at two implementation: Ralink and Broadcom.
– The former uses ES-1 = ES-2 = 0 (constant) so we just need to bruteforce the PIN with 11000 guesses.
– The latter has the code of its random function publicy hosted online on GitHub (lol). It will work only for some old devices, though (probably those ones shipped from 2011 – 2013).
It uses the r_rand() function from C (wich is not secure) that uses a Linear Congruential Generator and its entropy is of 25 bits only (instant to bruteforce).
The ES-1 is calculated after the E-Nonce so you just need to guess the seed (25 bits of entropy) until you find the same sequence that leads to the E-Nonce. That’s it.
Now aside for those two manufacturers, it is also importat to mention that the majority of APs (if not all) use random pseudo-namber generators of 32 bits and have low entropy at boot. So more vulnerabilities are out there just need to be discovered by someone. 
Now let’s talk about the tool, pixiewps.
Reference:
https://forum.hashkiller.co.uk/topic-view.aspx?t=7936&m=112587#112587
Installing Kali Linux on your Windows 10 laptop is easy, if we use VirtualBox.
Step 1 – Download VirtualBox for Windows
https://www.virtualbox.org/wiki/Downloads
Run > as Admin
Installer starts > Next > Next (just accept all the defaults)
Warning > Yes
Install
Install > Finish
VirtualBox Opens
Step 2 – Download a VirtualBox Kali image
https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
Step 3 – Import Kali Image
File > Import
Browse to the Kali Image > Next
Next, the settings will appear > Import
Importing…
Kali Imported
USB Error – we need the extension pack – for USB 2.0 and 3.0 devices.
Download VirtualBox Extension Pack
https://www.virtualbox.org/wiki/Downloads
Run and Install Extension Pack > I agree
Installed successfully > OK
****
Now, lets try the “START” arrow again
Kali launches a login prompt – remember the password
Username = root
Password = toor
Kali Splashscreen – Yay!
Step 4 – Update the Kali Image
Open a shell and enter the following commands, to update the repositories.
That’s it.
You have Kali Linux 2017.1 installed.
Ethical Hacking – Flashcards
http://samsclass.info/124/flashcards/index.html
This is such a fun way to learn. A lot of infosec needs to be committed to memory and flashcards are the ideal way to learn so that the answers are automatic.
Well, the Cyber Attack against the NHS has certainly caused a storm of protest. Monday we are told to expect a second wave of attacks. So how did researchers manage to stop this attack so quickly? The answer is that the coders made some very simple errors. They hardcoded in a kill switch, which UK researchers registered and triggered.
Step 1 – Hit the kill switch – if there is one
MalwareTech registered the domain that acted as a kill switch.
This stops the infection of new devices. Jump to step 4 for more information on finding the command and control servers.
Step 2 – Danger: Are you running SMB v1?
Each version of Windows uses a different SMB version.
This is a general overview by operating system
Powershell Commands to find SMB version
Use the Get-SmbConnection command – look at the “Dialect” used.
Check Windows Features for SMB 1.0
Search “Windows Features”,
Is there a tick against SMB 1.0/CIFS File Sharing? If there is, we’re in trouble.
Where SMB 1.0 CIFS File sharing is enabled, untick the box to disable it.
Step 3 – Patch the flaw
1. The National Cyber Security Centre guidance on how to patch (see below).
2. Microsoft have issued a patch – apply this.
We have around 24 hours before copycats create a 2nd wave of attacks.
National Cyber Security Centre Advice:
https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance
The malware uses the vulnerability MS17-010 to propagate through a network using the SMBv1 protocol. This enables the malware to infect additional devices connected to the same network.
The NCSC advise the following steps be performed in order to contain the propagation of this malware:
-
Deploy patch MS17-010:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
-
A new patch has been made available for legacy platforms, and is available here:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
-
If it is not possible to apply this patch, disable SMBv1. There is guidance here:
https://support.microsoft.com/en-us/help/2696547
-
and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139, 445]
If these steps are not possible, propagation can be prevented by shutting down vulnerable systems.
Work done in the security research community has prevented a number of potential compromises.
To benefit from this, a system must be able to resolve and connect to the domain below at the point of compromise.
www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
Unlike most malware infections, your IT department should not block this domain.
Anti-virus vendors are increasingly becoming able to detect and remediate this malware, therefore updating antivirus products will provide additional protection (though this will not recover any data that has already been encrypted).
Step 4 – Look for unregistered Malware control server domains – as a Procedure
Now one thing that’s important to note is the actual registration of the domain was not on a whim. My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I’m always on the lookout to pick up unregistered malware control server (C2) domains. In fact I registered several thousand of such domains in the past year.
Our standard model goes something like this.
- Look for unregistered or expired C2 domains belonging to active botnets and point it to our sinkhole (a sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them).
- Gather data on the geographical distribution and scale of the infections, including IP addresses, which can be used to notify victims that they’re infected and assist law enforcement.
- Reverse engineer the malware and see if there are any vulnerabilities in the code which would allow us to take-over the malware/botnet and prevent the spread or malicious use, via the domain we registered.
That’s the model for locating and stopping Malware control server domains.
Reference:
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
https://www.saotn.org/disable-smbv1-windows-10-windows-server/
