Hakin9 en 04 2014 Teaser

TEASER
cigital
SecureAssist
Find and Fix Security Defects
During Development
Plug-in for Eclipse and Visual Studio identifes common
security vulnerabilities and provides remediation guidance
Contextual
Guidance and examples
specifc to the language
Customizeable
Incorporate organizational
standards into guidance
Expert validated
Based on Cigitals experience in
thousands of code reviews
Actionable
Code examples explain the right
way and place to fx defects
Free 30-day trial: www.cigital.com/hakin9
Securing Assets Across Europe
14th & 15th October 2014
MCE, Brussels, Belgium
www.isse.eu.com ISSE
2014
Europes leading independent, interdisciplinary
security conference and exhibition
Over the past decade, Information Security Solutions Europe (ISSE) has
built an unrivalled reputation for its world-class, interdisciplinary approach
and independent perspective on the e-security market.
This year, ISSE will take place on 14th & 15th October in Brussels.
Regularly attracting over 300 professionals including government,
commercial end-users and industry experts who will come together for
a unique all-encompassing opportunity to learn, share and discuss the
latest developments in e-security and identity management.
Programme Topic Areas
Trust Services, eID and Cloud Security
European trust services and eIdentity regulation, governance rules,
standardization, interoperability of services and applications, architectures
in the cloud, governance, risks, migration issues
BYOD and Mobile Security
Processes and technologies for managing BYOD programs,
smartphone/tablet security, mobile malware, application threats
Cybersecurity, Cybercrime, Critical Infrastructures
Attacks & countermeasures against industrial Infrastructures; CERT/CSIRT
European & global developments, resilience of networks & services,
surveillance techniques & analytics
Security Management, CISO Inside
CISOs featuring the latest trends and issues in information security, risk
mitigation, compliance & governance; policy, planning and emerging areas
of enterprise security architecture
Privacy, Data Protection, Human Factors
Issues in big data & cloud, privacy enhancing technologies, insider threats,
social networking/engineering and security awareness programs
Regulation & Policies
Governmental cybersecurity strategies, authentication, authorization &
accounting, governance, risk & compliance
For more information visit www.isse.eu.com
In partnership with
@ISSEConference
4
Advanced Exploits with Metasploit
Copyright 2014 Hakin9 Media Sp. z o.o. SK
Table of Contents
Exploitation Of Hash Functions
By Deepanshu Khanna and Er Laveena Sehgal
The term cryptography is being defined as the method or protocol for developing the security
of the information over an insecure channel on which the two parties are communicating. For
instance, lets assume the two parties, which are very famous in the field of cryptography, are
ALICE and BOB. Lets assume Alice wants to communicate or share some information with
Bob. The main problem that arises here is how to share the data over such an insecure channel.
So, Cryptography comes to the rescue. Hence, cryptography provides us the way to securely (neq
100%) communicate even on the insecure channel.
Dr. Web for Android
By Amit Chugh
The Dr.Web Anti-virus solution keeps your Android mobile safe from known viruses in the
Internet. This application is designed to protect the mobile from known threats. Because of their
popularity, Android-based devices are rapidly becoming a target for a surging tide of malware
and spyware. The Dr.Web Anti-virus solution ensures that infections are eliminated. It also scans
mobile devices for hidden malicious data.
Building a Successful Disaster Recovery Program
By Michael Lemire
Today, business is dependent on the continuous availability of technology infrastructure,
platforms and services. For this reason, disaster recovery planning continues to gain prominence
as a critical part of risk management. This article aims to summarize how to implement a
successful disaster recovery program.
Step by Step Guide for Pentesting VoIP Devices (VoIP Hacking)
By Omkar Joshi
VOIP (Voice over IP) is technology applied to deliver voice & streaming sessions over IP (SIP)
General purpose protocol used for managing sessions. This protocol provides method for voice
signaling. VOIP actually applies Session Initiation Protocol (SIP) to perform its methodologies
like setting up, terminating & modifying voice & voice calls. These voice & video calls are
transported by other protocols like RTP (Real time transport protocol).
Exploiting Adobe
Reader to Own a Box

By Vahid Shokouhi
Exploiting has become more and more interesting since its operation is different from other
techniques and uses a stab-in-the-back style to fulfill its task. You may use a strong password and also
use secure web browsing but at the end you will find yourself hacked! and you will be wondering how
it happened. Exploiting utilizes vulnerabilities in your trusted(?) applications like your browser, music
player or like in this tutorial a PDF viewer, to break into your system and gives the intruders a mean
to achieve their goals. If you follow IT security news, you have probably seen many topics about new
exploiting discovered. Because of its hidden nature and popularity, we will take a look at one of the
frequently used vulnerabilities and the way it could be used to exploit a system.
08
27
29
33
45
5
Accessing Industrial Networks
By Darko Mihajlovski
In an ideal situation, the most critical systems of an industrial network are well protected behind
strong layered defenses, making a basic attack difficult if not impossible. In reality, there are
many entry points or attack vectors into industrial systems. The most obvious is via the business
network, but in many cases there are entry points directly into secure SCADA demilitarized
zones, and even into the control systems networks themselves.
Vulnerability Assessments on SCADA Networks
By Fadli
First used in the 1960s, SCADA or Supervisory Control and Data Acquisition is a computer
system that is used to gather and analyze live data. These systems are used to monitor and control
various services ranging from telecommunications, oil and gas, electricity and water. With such
importance, SCADA systems has been categorized as a Critical Infrastructure and also a favourite
amongst hackers to penetrate and potentially disrupt these critical systems.
Hacking VoIP with Armitage-Metasploit
By Mirko Raimondi
Voice over Internet Protocol (VoIP) is rather a new technology which allows phone conversations
to be transferred over a computer network, it transforms analog and digital audio signals into
data packets which are transported via Packet-Switched Networks (sach as Internet). VoIP is
becoming increasingly popular since it provides several advantages in cost and functionality,
especially in enterprise scenarios where companies use VoIP as an easy way for communication
between their several branches and for their teleworking employees. In this case VoIP works as a
private telephone network where Softphones (software phones) are connected to a Private Branch
eXchanges (PBXs), which are systems that connects telephone extensions into the company.
Wireless Sniffing Through Karmetasploit
By Ratan Jyoti
Karmetasploit is a Metasploit implementation of famous wireless sniffing tool KARMA
(KARMA Attacks Radioed Machines Automatically) which passively listens to 802.11 Probe
Request frames. Wireless Clients are generally targeted by creating Rogue AP and harvesting of
user credentials which is carried out by exploiting client side vulnerabilities.
Information Security
By Wan Mohd Ariff
In this article, the reader will learn about the Web Application Security type of attack. There
are a few types that the authors will share with the reader such as SQL Injection, Phishing and
Man-In-The-Attack. The reader will also learn how the attack works on the system and the real
environment of the attack. The reader need to know the concept of the machine structure. Besides
that, the reader also need to have knowledge on MYSQL database where it will useful on SQL
Injection attack. The reader also need to know about some basic Linux command and how the
network environment works.
Ponemon 2014 SSH Security Vulnerability Report
By Venafi, Inc.
Global organizations are under attack, and the attackers are more dangerous and persistent than
ever. Armed with a litany of next-generation cybercrime tools, theyre vastly different from
yester-year hackers and better enabled with targeted and persistent tools. While the motivations
vary, the goal of todays cybercriminal and nation-state attacker is to become and remain trusted
on targeted network in order to gain full acce ss to sensitive, regulated and valuable data and
intellectual property, and circumvent all existing controls.
55
64
72
83
88
94
6
Dear Hakin9 Readers!
Y
ou are going to read Advanced Exploits with Metasploit issue. While the tittle
may suggest that the publication is solely devoted to one specific topic, we
decided to go back to old times and provide you with various articles assisting
one leading subject of the issue. This time the issue focuses on Metasploit but
you will have the chance to read about VoIP, SCADA, IT Security. You may
also take interest in Venafi report or Dr.Web solutions for Android.
We hope you enjoy the issue.
Krzysztof Samborski
and Hakin9 team
Editor in Chief: Ewa Dudzic
ewa.dudzic.@hakin9.org
Managing Editor: Krzysztof Samborski
krzysztof.samborski@hakin9.org
Editorial Advisory Board: David Kosorok, Matias N.
Sliafertas, Gyndine, Gilles Lami, Amit Chugh, Sandesh Kumar,
Trish Hullings
Special thanks to our Beta testers and Proofreaders who helped
us with this issue. Our magazine would not exist without your
assistance and expertise.
Publisher: Pawe Marciniak
CEO: Ewa Dudzic
ewa.dudzic.@hakin9.org
Marketing Director: Krzysztof Samborski
krzysztof.samborski@hakin9.org
Art. Director: Ireneusz Pogroszewski
ireneusz.pogroszewski@hakin9.org
DTP: Ireneusz Pogroszewski
Publisher: Hakin9 Media sp. z o.o. SK
02-676 Warszawa, ul. Postpu 17D
NIP 95123253396
www.hakin9.org/en
Whilst every effort has been made to ensure the highest quality
of the magazine, the editors make no warranty, expressed
or implied, concerning the results of the contents usage.
All trademarks presented in the magazine were used for
informative purposes only.
All rights to trademarks presented in the magazine are reserved
by the companies which own them.
DISCLAIMER!
The techniques described in our magazine may be used
in private, local networks only. The editors hold no
responsibility for the misuse of the techniques presented
or any data loss.
www.uat.edu > 877.UAT.GEEK
[ ITS IN YOUR DNA ]
[ GEEKED AT BIRTH ]
You can talk the talk.
Can you walk the walk?
LEARN:
Advancing Computer Science
Artifcial Life Programming
Digital Media
Digital Video
Enterprise Software Development
Game Art and Animation
Game Design
Game Programming
Human-Computer Interaction
Network Engineering
Network Security
Open Source Technologies
Robotics and Embedded Systems
Serious Game and Simulation
Strategic Technology Development
Technology Forensics
Technology Product Design
Technology Studies
Virtual Modeling and Design
Web and Social Media Technologies
Please see www.uat.edu/fastfacts for the latest information about
degree program performance, placement and costs.
8
Exploitation Of Hash Functions
by Deepanshu Khanna and Er Laveena Sehgal
Introduction to Cryptography: The term cryptography is being defined as the method or protocol
for developing the security of the information over an insecure channel on which the two parties are
communicating. For an instance, lets assume the two parties, which are very famous in the field of
cryptography, are ALICE and BOB. Lets assume Alice wants to communicate or share some information
with Bob. The main problem that arises here is how to share the data over such an insecure channel. So,
Cryptography comes to the rescue. Hence, cryptography provides us the way to securely (neq 100%)
communicate even on the insecure channel.
Figure 1. Insecure Communication Channel
Figure 2. Secure Communication Channel
9
So, here, the main question that arises is what exactly does this cryptographic magic function include, which
sends the information securely over such an insecure channel. So, lets look inside this function. But before
looking into it, lets try to build some building blocks for the need of these functions.
Building up of the Cryptographic Functions
Before digging much into the depths of cryptography, lets first focus on the building blocks of the
cryptographic functions. These cryptographic functions include such properties which will help both the
sender and the receiver to share the data on the basis of the trust. So, lets start building the function on the
basis of Problem of Trust.
Problem of Trust
Lets assume Alice and Bob want to communicate over a telephone or fax or by e-mails. But the problem
with this communication is that Bob doesnt trust Alice. So, whatever the data that is being sent or whatever
the communication being made by Alice will not be trusted by Bob. So, the solution to this problem of trust
is they have to agree on some common protocol. This protocol will be known to both Alice and Bob.
Based on this protocol they will share their data over an insecure channel. Now in order to build such a
protocol, they require a function. This particular function is known as the magic function which is required
to build up that protocol and is also known as the cryptographic function. In whole cryptography we are
always trying to build this function. This function is being represented by F(x), where x is a message.
Figure 3. Communication: message
Properties of the magic function
This magic function F(x) holds some important properties, based on Only such properties the protocols build up:
Whatever the domain and range chosen up for the function, should be integer values.
The function should be a one-way function, which means a function F(x) should be easy to compute but
hard to invert. Lets take an example, given for some value of x = 2, and a function F(x) is given by,
F(x) = x pow (2) + x; [given x=2]
F(x) = 2 pow (2) + 2;
F(x) = 4+2;
F(x) = 6
10
Now as you look in the above problem, that its easy to compute F(x) from the given value of x, but its hard
to compute x from a given F(x). Say, for a given value of F(x) = 6, its hard to find that could be the function.
Hence, this property should the magic function hold.
Another big property that a magic function must hold is the property of the Collision Resistant.
Collision Resistant states that it is very hard or almost impossible to find a pair of distinct values (integers), for
which f(x) = f(y). Means, for the given values of x and y say 2 and 3 resp., it is hard to build such two functions
f(x) and f(y) such that they both hold the same values and vice-versa. This, every function must hold.
Hence, in order to build such protocols, these properties hold a very important place. These properties are
also known as the building blocks of the functions.
Mathematical formulations of building and
computing F(x)
Lets try to analyze the mathematical formulations of calculating the function. For that, lets assume that
Alice and Bob are communicating over the telephone and deciding to have lunch together. Alice wants to
go for Italian food and Bob wants to go for Chinese. Now the situation is both the parties are sitting very far
apart from each other. And as obvious Bob doesnt trust Alice. So, they decided to build a protocol in which
both of them will be satisfied. In order to do that they decided to flip a coin and if heads comes up Alice
will win, or if tails, Bob will win. Now Alice is flipping the coin, lets build the mathematical formulations
for making the function F easy:
Assume the function F(x) = the coin Tossed or Flipped.
If Heads comes up, x = even and Alice wins
If Tails comes up, x = odd and Bob wins.
Now Alice will toss the coin and send the value to Bob. This value is the function F(x) value and not the
actual x value.
Now Bob will receive the information (the calculated F(x) value).
Now Bob will calculate his own value F(y), and tell Alice whether this value is odd or even.
Depending upon that, Alice will send x to Bob and Bob will check whether the value matches with his
value or not by computing F(x).
Security Analysis of the above Statement
Can Alice cheat?
For that Alice has to calculate the values which are collision resistant and also holds the one-wayness
property. Means Alice has to choose two randomly large numbers i.e. x and y, such that x is not equal to y
and their calculated function F(x) = F(y), which is very hard to develop. So, the probability that Alice will
cheat is very much less, almost NIL.
Also, Can Bob guess better than Alices random guess
number?
Now Bob listens to F(x), and because of one-wayness property it doesnt reveal anything about x. So, his
probability of choosing a random guess = .
11
Hence, Probability[x is even] = Probability [x is odd] = .
And therefore, in whole cryptography we are actually trying to focus on creating this function and holding
the above three very important properties.
Practical Efficiency
A mathematical problem is practical efficient, if the problem is being solved in the given time and space,
which is being measured by the small degree of the polynomial in the size of the problem. The polynomial
that actually describes the cost of the resources to the user should be very small.
Goals of Cryptography
There are four main Goals of cryptography or it can also be said that cryptography is actually being balanced
on the four pillars that are very necessary in order to build any cryptographic formulations and are being
described as:
Authentication
Integrity
Availability
Confdentiality
Figure 4. Goals of Cryptography
Confidentiality
The term confidentiality can be defined in context to security that whatever the data that is being sent over
an insecure channel should be hidden from the unauthorized access. This means the data is not easily visible
to the attackers, sitting in between to attack on the data.
Integrity
The term integrity can be defined as the term that whatever the data that is being shared should not be
tempered in between. This means whatever the data that is being sent by the sender should receive the same
on the other side of the channel to the receiver.
Authentication
Whatever the data that is being sent over the insecure channel should be sent by an authenticated user.
This means the person should not be a malicious person. The authenticity of the person should be 100%, else
the data will be discarded by the receiver.
12
Availability
The term availability could be defined as the term that whatever the resources are there should be easily
available to users. Meaning it should not be like this, that whatever the cryptographic algorithm there is, it
should only be meant for the private users and not for the public domain. The algorithm must be in public
domain and is 24*7 hours available to users.
Types of Cryptographic Algorithms
Symmetric key cryptography
The algorithm which uses the same key for encryption and decryption. For example, Alice wants to send
some data to Bob, but she wants data to be secured enough, that it should not get compromised.
Now whatever the algorithm is being created is in the public domain, but the main responsibility is of the
key (which is kept secret) to make the data secure. In this particular cryptographic algorithm, both the
sender (Alice) and receiver (Bob) agreed upon a key, and using that key Alice will first encrypt the data
whatever the data she wants to send. After encryption the data is being converted into the cipher text and that
particular cipher text is being sent over an insecure channel. After receiving the cipher text by Bob, he will
apply the decryption algorithm using the same key and get hold of the plain-text.
Figure 5. Symmetric key crypography
Public Key Cryptography
In this particular cryptographic algorithm, except for using one key, there will two keys that will be used for
encryption and decryption. The two keysthat will be used are, one is a private key which is kept secret to sender
or the receiver and the other is the public key which is available in the public domain. Now the encryption
process will go like this, the sender will take the receivers public key from the public key directory as it is
available to all or open in a public domain and will use that key to encrypt the data and produces the cipher-
text. This particular cipher text will be shared on the insecure channel and will be received by the receiver on
the other side. The receiver will use his private key which is kept secret to decrypt the cipher-text to obtain back
the plain-text. Hence, in this cipher technique, there is a key pair which is used to encrypt the data and decrypt
the cipher text. Therefore, these types of cipher techniques are much more useful and hard to break down.
But there are still some mechanisms which are available to break down of such ciphers.
13
Figure 6. Public key cryptography
Hash Functions
A cryptographic hash function or simply the hash function is a kind of function that actually takes a
random block of data, and returns back the fixed size bit string. It is often represented by H(x), a random
size block message.
Figure 7. Hash functions
Note
It is important to note here that any change in x means the data accidently or intentionally will also lead to
change the whole hash value with a very high probability.
The data after encoded is called the message and the hash value that is being produced of fixed size is called
the message digest or simply the digest.
There are four main properties of the cryptographic hash functions:
It is easy to compute a hash value for a given message.
It is almost impossible or infeasible to generate a message for a given hash value.
It is impossible or infeasible to modify a message without changing the hash value.
It is impossible to fnd the two different messages with the same hash value.
But these properties are good for one point of understanding because all these properties are being exploited.
We will look at how to exploit these properties in this paper, which is also the motive of the paper.
14
Why We Need A Hash Function?
The answer to this question is that, the cryptographic encryptions except for one time are being exploited
occasionally. Like DES or AES, they are vulnerable to linear and differential cryptanalysis attacks, which
also exposes the vulnerability to the Boomerang attack. So, in order to provide the data integrity; the
cryptographic hash functions are being used. This means whatever the hash, which is being produced,
actually creates a fingerprint on the data, which then is referred to as the message digest.
Applications of the hash functions:
Provides the data integrity.
Used in digital signatures.
Used for MACs (Message Authentication Codes)
Digital Signatures
These are the mechanisms by which a user is being authenticated. Meaning, whatever the data that is being
arrived over the channel is actually coming from the legitimate user or the attacker who was sitting in
between and tempered the actual data with his own data. This is actually done by using the hashing.
Message Authentication codes
MACs or the Message Authentication Codes are the keyed hash functions which are used to verify the
integrity of the data and the authenticity of the sender. For example, Alice wants to send some message, but
the integrity of the message is very much important. So, she will append the message with the calculated
hash value as [M||Hk(M)], where Hk is the hash function using some key value. Now Bob will collect the
message pair, and verifies it. If the hash value is the same, he will accept the pair, if not, he will simply
discard the pair. So, this will actually prevent the adversary from tempering the message (i.e. integrity) and
forces Bob to believe that it actually came from the right source i.e. from Alice (authentication).
Construction of Hash functions
All the hash which is there in the public domain or known to everyone is based upon the iterative hash
function which is actually vulnerable to collision resistant attacks. So, this vulnerability is actually removed
by Markel Damgard and he named this construction of hash functions as the MARKEL DAMGARD
CONSTRUCTION. So, in order to discuss the hash functions, its better to look at their constructions first.
Markel Damgard Construction
Markel Damgard Construction is actually based on the iterative hash function methodology just leaving the
fact that it uses the compression function which produces a hash which is collision resistant.
Points to Ponder about Markel Damgard Construction:
Uses an iterative hash function methodology
Compression function used as: Compress (C) : {0,1} pow (m+t) {0,1} pow (m), where compress (C) is a
compression function, m is the actual required bits, t is the padded bits, {0,1} are the bit representation of
the actual message x.
This is actually used to construct the hash functions which are also free from the collision resistant
attacks. H: {0,1} pow (*) --> {0,1} pow (m), * represents the iterations.
15
This construction yields the proof of the above results because it gives the very wonderful results for
whatever the query being asked.
Steps for construction in developing the SHA-1 or any other series of SHA family of hashes using this Markel
Damgard Construction:
Lets consider the message x which is quite large, and using that its hash value has to be constructed.
Outlook of SHA-1
Figure 8. Outlook of SHA-1
Whats happening is that, a user is inputing the text of the variable length which means it could be of any
length. Its going inside the SHA-1 algorithm where some operations happened and its giving the output of
160-bits as Y.
But how is this happening? Whats inside this? How are we getting this output of very short range?
What could possibly be inside this algorithm?
All answers are inside this SHA-1 algorithm. As important, if we carefully look and think that whatever
the data is going inside this SHA-1 function is getting compressed, so there will surely be a compression
function working inside SHA-1.
Inside SHA-1 function Using Markel Damgard Construction
So, this happens like this, the user will simply enter the text and the text is simply being divided into the
equal blocks of length of 512 bits (naming x1, x2, x3..x), and at the end if block length < 512 bits then
it will pad with some bogus bits (padding will be shown later). Then this data will go inside the compression
function, and then some compression techniques will go on in between, then it will give the very first hash
value for x1with an IV vector, and the hash is represented by z1, then this z1 value goes back into the
compression function, which becomes the IV vector for x2 and gets concatenated with the next value for
x, and produces the next hash value as shown below in the figure. This process will continue for z values,
where i=n, and when whole the data is processed for i iterations, then z=H(x), where H(x) is the hash of
x. The whole process is shown below.
16
Figure 9. Markel Damgard Construction for SHA-1 function
So, till now we have seen that the data is going inside the compression function, and some magic is going on
and we got the result. So, whats this magic function?
Magic inside the Compression function
Compression function is a kind of a pool which takes on a variable length data or the fixed length data
depending upon the algorithm and performs certain operations and gives back the compressed fixed length
of data. This compression function is called the heart of the algorithm because the whole algorithm is based
on this particular magic function. So, lets see what the magic that was happening inside this function is.
17
Figure 10. Compression function
So, we are exactly in the middle of the heart of the algorithm. So, lets try to elaborate its working but before
the main part, its important to discuss certain other factors like padding.
Padding (P)
Padding is defined as the term of adding bogus bits to the actual message bits in order to make its length
equal to the required length. So, how the process of padding goes on is as shown in the below figure.
18
Figure 11. Padding
The process of padding as shown in figure, is like this we are given with the message x, and this message x
is broken down into equal blocks of 512 bits, and for x1, x2,x3..,x values. But in the end if x = 512
bits, then there is no need of padding, else if x<512 bits, then there is a requirement of padding. Rather than
defining with the values, its easy to define the values by taking an example.
For example: given, x=336, x<512 padding is required.
No. of bogus bits required= 512 336 = 176 bits
Now if you will look above the figure, in the end there is written Length (L), which is nothing but the 64 bit
representation of the original message.
This means:
64 is fixed and hence,
No. of bogus bits required (in actual) = 176 64 = 112 bits.
Hence, the total number of bits required to pad is 112 bits.
In order to do that: The value 1 is fixed and there will be 0 pow (111) there. Meaning, there will be 111 0s
in padded bits. This is how, the padding works.
Now, as we have seen how the padding process goes lets get back to our original discussion that what or
how this is working. In the compression function there are exactly 80 rounds that are working on from
Round 0 to Round 79. These rounds, will take on the previous calculated hash value and gets concatenated
with the message schedule, which divides the words into 32 bit value for each round and when the whole
iterationgets completed, it will return back to the final calculated hash value which will be equal to 160 bits.
And this is represented by H(x).
Left off Things
As I said, that we are exactly in the inside of the heart of the algorithm. But I dont like to finish it here,
because there is no meaning of not going into depth. Hackers are not those who work hard, but work hard
with smartness requiring the in depth knowledge of each and every concept. So, getting ahead of something
and lets look deeper inside it. We are left off with only two things and those are the following listed below:
19
Whats inside the Rounds?
What is this Message Schedule?
Looking into ROUNDS
The rounds that are shown above are not that much simpler as they look like. There is much more inside
it. So, these rounds are a pack of total 4 stages and each stage contains a total of 20 rounds. And stages are
being represented as t, where i=1 4
Note
I am going to discuss only 1 round here, and rest of the rounds working is the same.
Working of Round 0: In Round 0 (considering all rounds), there are 5 (A,B,C,D,E) words of total length 160
bits. This mean a single word is of 32 bits (simple mathematics).
5*32 = 160 bits.
And with this there is a word input from above, meaning on round 0 the word enters will be W0. The whole
working of a single round is shown below:
Figure 12. Round Working of SHA-1
20
Here, E is known to be an Encryption word, because whatever the values we are adding onto the addition
function are first gets concatenated with the E value.
Some Points to Ponder
There are a total of 4 stages t1,t2,t3,t4.
And with that there will be 4 functions (f1,f2,f3,f4) and each function will be used for its own stage time.
With that there will be 4 round constants (k1,k2,k3,k4) and each for each stage.
What this means is take for function f:
f= function (f1,f2,f3,f4)
f1= function (f1) = frst 20 rounds = frst stage i.e. t1
f2= function (f2) = next 20 rounds = second stage i.e. t2
f3= function (f3) = next 20 rounds = third stage i.e. t3
f4= function (f4) = last 20 rounds = last stage i.e. t4
Similarly for Round Constant k:
k1= Constant (k1) = frst 20 rounds = frst stage i.e. t1
k2= Constant (k2) = next 20 rounds = second stage i.e. t2
k3= Constant (k3) = next 20 rounds = third stage i.e. t3
k4= Constant (k4) = last 20 rounds = last stage i.e. t4
There are actually some operations that are ongoing on these functions:
Operations performed in functions
f1= function (f1) = function (B,C,D) = {(B) AND (C)} OR {(not B) AND (D)}
f2= function (f2) = function (B,C,D) = (B) XOR (C) XOR (D)
f3= function (f3) = function (B,C,D) = {(B) AND (C)} OR {(B) AND (D)}OR {(C) AND (D)}
f4 = function (f4) = function (B,C,D) = (B) XOR (C) XOR (D)
Here AND, OR and XOR are the bit-wise operations
Round Constants Value
21
Rotation Functions (ROT())
There are two rotation functions Rot (A) and Rot (B).
These are nothing but left-cyclic rotations.
A is rotated 5 times and gets concatenated with addition function.
B is rotated and becomes the C.
So, we are done with working with the rounds. I dont know but its been scary getting deeper and deeper
inside someones heart. But becoming a Hacker is not an easy task. So, we have to look deeper inside.
And hence we are only left with the message scheduling algorithm.
Message Scheduling Algorithm
Given X is of 512 bits each, means there will be equal of 16 blocks and each of size 32 bits.
16*32 = 512 bits
So the process goes like this, whatever the data given is, divide that into 32 bits of equal block and the total
number of blocks will be created is 16 (16*32=512 bits).
Now simply copy the values of x1, x2..,x15 below to 80 blocks of data and name them as W0,
W1, W2..,W79. If we look carefully at that till W15, all values will be copied as it is. But what
about W16, W17..W79. So, researchers have also found a method of doing that by giving a below
written formula:
In general form:
W(j) = (W(j)-16) XOR (W(j)-14) XOR (W(j)-7) XOR (W(j)-2)
So, for example if we have to calculate the value for W(16),
W(16)= W0 XOR W2 XOR W9 XOR W14
So, thats all, we are done getting into the dangerous part of hashing. This means the construction of hash
functions. I find it quite difficult while reading, so I tried to make the things simpler and simpler so that even
a newbie in this field can understand the things and be better off.
Now the interesting part means the exploitation of the hash functions. So, lets get started for we have been
trying to understand these things for so long.
22
Exploitation of Hash Functions
The term exploitation means to take the unfair advantage of someone for their own benefit. So, here we are
going to take advantage of the vulnerability of above hash functions. There is a full fledge family of hashes
like SHA family, MD-0 family (famous one MD5). So lets try to exploit.
#Exploit 1
Multi-Collisions Attack
The very first attack that I am going to discuss is the Multi-Collision Attack. This attack works on the
methodology that first researchers said after the creation of hash values is almost impossible to create
such messages which results in the same hash value. But this was actually broken by the Chinese students
Wang and Yu who worked so hard to break down the MD5 and proved that this can also work in practice.
Later on Peter Selinger was the man who actually showed how the attack works. So, I am continuing
here by the whole explanation of the attack, how it works and what was the background of this particular
attack. And again we get in deeper and deeper to understand the working of the exploit.
Explanation
Just remember that MD5 takes on an arbitrary length of data and gives back the 128-bit hash value. The rest of
the working is the same as the SHA-1 explained above. It is based on the Markel Damgard Construction and also
based on the iterative manner to produce hash. For padding, it divides the file to 64 bytes in equal length blocks
and appends the value to 448 modulo 512 and takes on 4 words (A,B,C,D) to process the round functions.
Working of Exploit
The exploit works as follows:
Two files are being generated with different messages but their md5sum is the same. This cannot be possible
as theoreticians said. But below in the Snapshot you can check POC, that this can also be possible.
Now below I am just showing you an example how these can be exploited but there are much more
dangerous things that can happen with large firms like banks, security agencies, companies etc. who use
MD5 hashes and similar to its level which is shown below:
Figure 13. Exploiting MD5
Scenario
In the above snapshot there are two files with names good and evil and there is written different texts.
So, a scenario could be like a person sitting inside a firm who wants to communicate with another person.
23
Now the message needs to be sent with full integrity, meaning tempering should not be there. So, what the
sender does is he simply creates the md5sum for it and sends it to the receiver over an insecure channel and
tells the receiver about the md5sum. Now there was an eve sitting in between. He simply jumps into the
network and gets hold of the data. Now, as we know with the hash value, the message is also sent. So, eve
develops his own message file, puts what he wants in there and produces the same hash value and sends it to
the receiver. The receiver will simply open up the file and check for the md5 value. Its going to be the same
and he simply accepts the message. So, this is the biggest exploitation and breakdown of the md5sum.
Still people are using the md5sum in their websites to store database values.
Working of the Exploit
So, how does this magic happened? Ok I will tell you the whole magic. There is no magic in there, only a
brain with evil things and hard work is there. So, the whole idea is to grab the files and create the programs
from it and change the extensions of it to whatever they are sending. Like I have created here is .txt files
from the compiled .c programs. So, this was the whole trick. But still this wont give you what you are
really expecting. There has to be a way to grab the text and hash value from the sender. You create your .c
programs with the values you want to display on their screens. So, this is what you do:
Program 1: if (data1 == data1) then print (good) else print (evil)
Program 2: if (data1 == data1) then print (good) else print (evil)
So, whatever the conditions that will follow here, it is always going to be a true value. Note that good and
evil are the files with the messages. So, now these two programs have to be compiled properly. This theory
was actually given by Peter Serlings. The file with the original message is first broken down into equal
blocks of length of 64 bytes i.e, if the file with X message is given, then there will be blocks of say x1, x2,
x3 ,x being created. And MD5 is being computed using a sequence of states i.e. z1,z2,z3
..,z. According to the rule, z(i) = f(z(i-1), x(i-1)); where f is a given certain fixed valued function.
z1 = the initialization vector used for very first round step
z(i) = is the final hash output = H(x)
Now lets say that another message the attacker wants to compute is the x over the same initialization vector
z1, then we have to find such two pairs of block messages which result in the same value being given as:
f(f(z,x(i-1)),x(i)) = f (f(z,x(i-1)),x(i) );
Elaborating the above value to make it simpler and easier to understand. Dividing the message into blocks of
64 bytes assuming the whole message is padded.
Figure 14. Divide the message into blocks
So, I am not actually interested in the above arbitrary values and afterwards arbitrary byte values. What I am
interested in, is the above two highlighted values. Because these two 128 bytes of identical blocks will give me
the same hash value. So, what I have done is the same thing, I found the two identical blocks and apply the hash
algorithms only on these two identical 128 bytes of value. Therefore, I created two programs as shown above.
24
So, this was the whole explanation for the exploitation of the MD5 hash values.
#Exploitation 2
Forging of Hash Based MACs
Another possible attack on the hash functions is forging. Forging means to copy or produce the identical
values for a given message or signature. As discussed above, MACs are the keyed hash functions, it means
there is a key that has been inserted in the algorithm along with the hash function to produce a fixed length
digest. Lets explain this particular attack by taking a suitable example:
Given:
Key Length (K) = 80 bits
Message (X) = 256 bits
Hash Algorithm = SHA-1or any other family
Now output that has to be produced is of = 160 bits.
So, very first step is to check for padding.
Mathematical Formulations
256 + 80 = 336 bits
Required bits = 512 bits
Remaining bits = 512 336 = 176 bits
Original 64 bit length = 176 64 = 112 bits
Final Padded bits required is = 112 bits
Add bogus bits = 1 (fxed) 0 pow (111)
Now the original message that will be hashed is of 160 bits and the representation will go like this:
H(x) = SHA1(K||X) = C(K||M||10000.0|| 101010100000..1010)
The hash value will be simply get concatenated with the message and will be sent over the channel. As the
assumption has always been made that the medium of sharing is always an unsecured channel. So, adversary
will simply have control over the message and the hash value. Now how to forge this particular message??
What adversary has in his hands??
(H(x) || X)
Now lets say adversary has to forge the message with X value. So, now the work of adversary is that
he knows the X value or he will request the MACs from the source, and he will generate another valid
pair of (x,y) such that the value of x should not match with any of the corresponding values of the given
x1,x2,x3.x values. Then the attacker will have a valid pair for the forgery of MACs.
25
So, the idea is like this:
Adversary will simply look for the given X values and break down into the following values of
x1,x2,x3..x
X= || || || .||x
Now attacker will simply try to create the hash values these broken values of X and start matching its hash
values that whether the values match with the users value or not. And then he will create his own X value
that matches the same number of bits with the given X value. And will break down it in the same way:
X = || || || .|| x
Now he will start creating the hash values for these particular broken down message values for. And start
storing it in a buffer. Now looking in both the buffers, if the attacker has successfully calculated the hash
value for (,Y) = ((1,Y),(,Y),(,Y)..,(,Y) ) which matches for any of the above calculated hash values
for (X,Y) = (,Y),(,Y).(x,Y), then the attack has successfully completed and GAME OVER will be
there. So, this is how the forgery attack has been done.
Now this attack comes under the category of the known plain-text attack. And the forging will be possible
here, because the attacker actually gets a hold of a particular transfer of data over the channels and can
successfully create the valid pair of (,Y) = (X,Y).
Conclusion
So, these are how the attacks that are practically being done over the hashing algorithms. Till now SHA-2
and SHA-3 are safe but I am trying hard to find a way to get these down too. So, in my view use SHA-3
algorithms and also whatever the transactions that are being made should be done with IPSec, having an
encryption scheme and the secret keys that are to be used should be a One-Time Pad value. And always
digitally sign the messages with a proper calculated hash that has to be sent along with the message. Only
then will the data be sent properly and safely over the channels.
About the Authors
Deepanshu Khanna
Linux Security Researcher, A|CEH, Network Administrator, Cryptanalyst
Mr. Deepanshu Khanna, a Young Linux Security Expert from Ludhiana, Punjab (India),
is Linux Security Researcher & Penetration Tester at Prediqnous Cyber Security &
IT Intelligence. Currently, he is pursuing his B.Tech. in Computer Science from Lovely
Professional University (LPU). He managed Web Penetration testing, performed network
analysis, Exploit making, Nessus Complete Security, IDS and Linux Security, which
leads him to join Prediqnous Team. He has delivered his knowledge through Seminars
and Workshops across India. He gives training to the students for IT Security & Ethical
Hacking. He found and reported many vulnerabilities and phishing scams to IT Dept. of
India. He aims to get applauses from other experts of IT industry for his research work
on IT Security.
Email: khannadeepanshu34@yahoo.in | Mobile Number: +91-9779903383
Er Laveena Sehgal
Er Laveena Sehgal is working as a Assistant professor in computer science dedepartment
at RBIEBT, mohali since feb 2012. She received her mtech and btech degree in computer
science from PTU in 2012 and 2007 respectively. In between from 2008 to 2010 she
worked on web based technologies in software companies and got certified in MCTS IN
2008 WITH first position.
27
Dr. Web for Android
by Amit Chugh
The Dr.Web Anti-virus solution keeps your Android mobile safe from known viruses in the
Internet. This application is designed to protect the mobile from known threats.
Because of their popularity, Android-based
devices are rapidly becoming a target for a
surging tide of malware and spyware. The
Dr.Web Anti-virus solution ensures that
infections are eliminated. It also scans mobile
devices for hidden malicious data.
Dr.Web Anti-virus uses Origins Tracing
for
Android which is a unique technology to detect
malware for detecting new virus families using
knowledge about previous threats. Origins Tracing

for Android can identify recompiled viruses, e.g.
Android.SMSSend, Android.MobileSpy, as well as
applications infected by Android.ADRD, Android.
Geinimi, and Android.DreamExploid. The names
of the threats detected using Origins Tracing
for
Android are Android.VirusName.origin.
Full scan: Allows you to check the entire phone
for possible infections, malware, or unwanted apps
such as Adware.
On-Access scan: Automatically scans apps as soon
as they are installed on your device notifying you
immediately of any malicious or suspicious apps.
Always up-to-date: Comprehensive virus detection thanks to SpIDer Guard (File Monitor) which delivers
up-to-the-minute protection. It resides in the memory of the device and checks files as they are modified and
saved. This monitoring ensures that the device is always protected from viruses.
Installation ease: The client is very easy to install on Android OS.
Minimal battery usage: Even though the app is constantly running in the background, the battery usage and
also the Operating System performance hit was minimal.
Configurable scan: Option of performing a need-based full scan / customized scan.
Real-time anti-virus protection.
Filtering phone numbers: Ability to filter calls & SMS from specified numbers. This list can be edited through the
UI. This list can be used to either block / allow calls / SMS from the specified numbers in the list i.e., this list can
be used ass a whitelist / blacklist which allows / prohibits call / SMS from the specified numbers in the list.
URL filter Cloud Checker: This feature allows filtering categories of dangerous websites.
Protecting data by Anti-theft feature: A mobile can be controlled in case of loss, thereby protecting precious
data available on the mobile. The anti-theft feature can be managed by sending SMS to the device.
Internet usage checker: This tool allows to limit the use of Mobile Internet. A traffic volume limit can be set
along with the duration period (day, week, or month). This is showcased using the graphic interface.
Application traffic usage: This tool provides an option to filter data traffic per application. This helps in
understanding the Internet traffic being used by various applications running on the device. It can further be
used to configure connection rules per application.
Connection Rule setup: By monitoring the current internet activity, allow / block rules can be set to allow /
block connections from specified ports / IP Addresses of a particular application.
Log view: The application also provides the ability to view firewall / application logs. There is also an option to
clear the logs and statistics. This can be used to monitor the logs manually (if required) to view suspicious activity.
About the Author
Amit Chugh CEH, ISO 27001 LA is working as an Information Security Architect at Tech Mahindra.
advertisement
29
Building a Successful Disaster
Recovery Program
by Mike Lemire
Today, business is dependent on the continuous availability of technology infrastructure,
platforms and services. For this reason, disaster recovery planning continues to gain
prominence as a critical part of risk management. This article aims to summarize how to
implement a successful disaster recovery program.
The first question one must ask when developing disaster recovery strategies is this: what are the systems,
platforms and services which, if they were not available, would cause financial loss to your business.
There are really two primary areas here: systems which service customers and systems which your
employees require in order to do their job functions. The loss of either type of system may negatively impact
your business, but in different ways. Lets explore how.
Customer facing systems are the IT based platforms which your customers utilize in order to procure goods
and services. Additionally, in the case of SaaS and similar services, those systems may indeed be the primary
way your company provides your service to your customers. Downtime of customer facing systems means
your company may not be able to sell your products to your customers or worse, prevent your business from
providing its services to its customers. The financial impact of downtime to customer facing systems can
be severe including loss of revenue and SLA penalties with your customers and there is the added risk of
reputational risk to your company for customer facing platforms which are public in nature.
Corporate facing systems are the IT based platforms which your employees depend on. Corporate facing
systems include communications such as email and telecom, workflow, ERP, financial processing and those
systems which staff utilize in order to develop new products. The financial impact of downtime of corporate
facing systems primarily deals with loss of productivity. After all, payroll is typically the largest financial
burden to an organization and time wasted is money wasted. These costs can quickly escalate when systems
which the entire business is dependent on are not available.
A Risk Assessment (RA) process begins with identifying and documenting each of these critical customer
and corporate facing systems which, if they were to become unavailable, will cause financial loss to your
organization. In addition, your business is very likely dependent on other vendors. Identifying key vendors
and ensuring vendor risk assessments are conducted which look in detail at your vendors Disaster Recovery
plans is a critical function of a Vendor Risk Management program. Lastly, the RA must identify people
(or, hopefully, teams of redundant people) within your organization who are critical to maintaining your
production systems.
A Business Impact Analysis (BIA) attempts to quantify what would be the financial loss to the business if
these systems were to become unavailable. Negative financial impact comes in two flavors: quantitative and
qualitative. Quantitative impacts are easier to itemize. For example, how much business does your web site
generate per day? What would be the SLA penalties if your business was unable to provide its services to its
customers? Qualitative impacts are those which negatively impact the reputation to your business, and what
would the impact to future sales be if your reputation was damaged by your services not being available?
Because there are many factors which could lead to financial loss and reputational damage the BIA can
certainly be an imperfect science.
The RA and BIA exercises will produce two very important outcomes:
what are your most critical technology platforms?
what investments in disaster recovery planning make the most sense to the business?
30
The RA and BIA will inform the business of risks and importantly then demonstrate the justification for
investing in Disaster Recovery programs. A mature Disaster Recovery program does not come cheaply;
it requires personnel who create DR plans (including you, the Disaster Recovery planner),equipment,
redundant infrastructure and capacity. For this reason the Risk Assessment and BIA must be socialized
within the business to key stakeholders. These stakeholders may include, depending on the size of your
organization, business leadership and boards of directors. Additionally compliance, legal and information
security teams must be consulted as your organization may have regulatory, legal or contractual obligations
which necessitate Disaster Recovery plans be in place and tested.
Disaster Recovery More Than Just Planning for
Disasters
Disaster Recovery is often thought of just as its named: how to recovery from a disaster. When we think
of disaster we tend to think of what is typically and legally called an act of God events out of human
control such as a flood, fire, hurricane or earthquake. These types of events may take down an entire
geography, data center or office. Impact scenarios attempt to quantify what are the most likely of such
events. For example, if your data center is located in a geographic fault zone then perhaps the risk of an
earthquake is more realistic than if not. Other impact scenarios include political instability or regional events
which may take down a power grid.
While disasters do occur and must be planned for appropriately, the truth is that outages to production
systems are more commonly the result of other types of issues. However the DR planning should encompass
and aim to reduce the risk of any incident which can cause a production system to become unavailable.
Chief among the types of incidents which cause production outages are Change Control (changes introduced
into the production systems by developers or system administrators) and failure of hardware or software
components which is a Single Point of Failure (SPoF). A SPoF is any hardware or software component
which upon failure result in the entire system becoming unavailable. A mature Disaster Recovery (and
Business Continuity) program identifies and mitigates weaknesses in Change Control processes and
identifies and mitigates SPoFs.
Disaster Recovery Strategies
IT systems are ran from data centers and a Disaster Recovery strategy considers what are the contingency
plans if that data center were to become unavailable. Your data center may be owned and managed by your
organization or run by a service provider in a co-location arrangement. There are several approaches to
recovery strategy with varying levels of investment required from small to great. Your RA and BIA will help
you determine the appropriate strategy for your organization.
Single data center, recover on site. Even if your organization runs its platforms from a single data center and
after a RA and BIA have been conducted it has been determined a single data center deployment is sufficient
investment, plans should be developed to recover if a disaster were to affect that data center. For example,
the data center itself should have layers of redundancy and failover and backup plans for loss of power and
network connectivity. Data should be regularly backed up and taken or replicated off site to a secure location
so that it may be recovered elsewhere.
Cold standby data center. In a cold standby data center scenario your organization data is (ideally
continuously) replicated to a secondary data center where means and plans to bring production systems back
online do not exist but must be built, configured and tested before they would become available.
Warm standby data center. A warm standby data center builds on the cold standby approach by ensuring
equipment is available and pre-configured to serve as the production environment but not brought up
unless a disaster brings down the production data center.
Hot standby data center. A hot standby data center is continuously available in case the production data
center suffers a disaster.
31
Highly Available (HA) data centers. A HA data center arrangement is the most ideal from a disaster recovery
perspective. Two data centers with some regional diversity are both live and serving customers and/or
the organization simultaneously. Either data center can go down; production systems are maintained but
at diminished capacity. An important limitation in this approach is distance; HA data centers require data
continuously be replicated between both data centers. Synchronous database replication in particular is
contingent on the databases being close enough together geographically so that latency does not negatively
impact the ability of the databases to be in sync as it is continuously updated.
Critical Components of your
Disaster Recovery Plan
It is important to recognize the DR plan will be most needed during a disaster. No one has time to read
extraneous information which is not related to what steps need to be taken to recover from a disaster. For this
reason the DR plan should be concise and to the point.
The most critical components of your DR plan are the details of how an incident should be escalated and
communicated within your organization. Rapid response to a disaster is critical and key decision makers
may need to be called in to declare a disaster or initiate the DR plan. The plan should clearly establish
what constitutes a disaster and who should be contacted and how. There may be several escalation and
communications paths in your plan. Operations and support teams must be notified and brought in to begin
recovery processes which are documented in your plan. Additionally legal, public relations and/or marketing
teams should be escalated too so that customers and, if needed, the general public are provided timely and
accurate status as to the resumption of production processes. Communication plans may include establishing
phone conference lines, email groups and updates to intranets and/or Twitter feeds. The communications
paths themselves should have redundant paths because any of them may also be affected by a disaster.
Naturally your DR plan will detail the actions your teams will take to recovery production systems and may
include details pertaining to how to fail over systems, contact critical vendors or bring up secondary sites.
Finally your DR plan will detail expected SLAs particularly for communication escalations; operations
or support personnel must understand the importance of prompt escalation of contingency events and this
should be detailed in your plan.
Integrating Disaster Recovery Plans
in your Organization
A successful disaster recovery plan is not a plan which sits on a shelf which no one knows about or where
to find when a disaster occurs. The DR plan must be socialized and integrated into other organizational
processes including support, operations, engineering and leadership teams. The DR plan must be made
available to these teams and integrated into their escalation and communication processes. Access to the DR
plan must itself be disaster proof. What good is a DR plan if its stored on a production system which is
unavailable in a disaster?
Testing the Disaster Recovery Plan
Minimally, disaster recovery plans should be updated continuously as new platforms are introduced and
adjusted as the IT landscape changes. A once per quarter year review is typical. Additionally, DR plans need
to be tested at least once per year. A test of a DR plan may be started with a walk through of the plan with all
stakeholders, a componentized testing of failover capabilities for platforms and services to full scale disaster
simulations and data center failover tests.
Summary
A successful Disaster Recovery program begins with understanding what are the most critical systems to
your organization and enables the business to prioritize disaster recovery investment decisions.
The program will also reduce risk of outages to production platforms and the potential for negative financial
and reputational impact and finally provides your organization with a solid plan for recovering from a
disaster as quickly as possible.
About the Author
Mike Lemire is currently a Business Information Security Officer at Pearson, a global education and
publishing company and has been involved with disaster recovery planning for nearly a decade. Mike is
on twitter at @mike_lemire.
advertisement

Hakin9 en 04 2014 Teaser

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hakin9 en 04 2014 Teaser

Uploaded by

Copyright:

Available Formats

TEASER

Reader to Own a Box

You might also like