How I Hacked The Government And Got Away With It
-
Upload
steven-hatfield -
Category
Technology
-
view
593 -
download
2
Transcript of How I Hacked The Government And Got Away With It
@NTXISSA #NTXISSACSC3
How I Hacked The Government And Got Away With It
Steven Hatfield II@drb0n3z
Security System Senior Advisor
Dell
10/03/2015
@NTXISSA #NTXISSACSC3
Topics
• Legal Disclaimer• Explanation• Walkthrough• Ways to Improve• In Summary
NTX ISSA Cyber Security Conference – October 2-3, 2015 2
@NTXISSA #NTXISSACSC3 3
Legal Disclaimer
@NTXISSA #NTXISSACSC3 4
Explanation
@NTXISSA #NTXISSACSC3 5
Walkthrough
• Certified Ethical Hacker (CEHv7)
Course Description
This Advanced Network Assessment prep course is a self-study resource designed to help students
prepare to sit for the Certified Ethical Hacker CEHv7 exam. Specialty Area(s): Systems Security Analysis,
Computer Network Defense, Vulnerability Assessment and Management Training Proficiency Level: Level
3 – Advanced
Certified Ethical Hacker CEHv7 OverviewCEHv7 Overview Download
Ethical Hacking Introduction Download
Ethical Hacking Terminology Download
Hacking Phases and Vul Research Download
@NTXISSA #NTXISSACSC3 6
Walkthrough
Let’s look closer at the PDF’s and “Downloads” by viewing page source
*/launcher.php?course=20&group=1
*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T01_STEP.pdf‘
*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T02_STEP.pdf‘
*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T03_STEP.pdf‘
*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T04_STEP.pdf‘
…
*'courses/CEHv7/course/videos/pdf/CEHv7_D05_S03_T04_STEP.pdf‘
…
*'courses/CEHv7/course/videos/pdf/CEHv7_Demo 3 - SQL Injection_STEP.pdf'
@NTXISSA #NTXISSACSC3 7
Walkthrough
Now the videos…
@NTXISSA #NTXISSACSC3 8
Walkthrough
Can you download that too? Let’s look at the PAGE source…
*/courses/CEHv7/index01.htm
@NTXISSA #NTXISSACSC3 9
Walkthrough
Well that was jibberish. Let’s look at the FRAME source…
*/courses/CEHv7/course/container_01.htm
@NTXISSA #NTXISSACSC3 10
Walkthrough
Familiarity among the urls….what happens if we try the video url in a page?
@NTXISSA #NTXISSACSC3 11
Walkthrough
And 02…?
@NTXISSA #NTXISSACSC3 12
Walkthrough
And 03…?
@NTXISSA #NTXISSACSC3 13
Walkthrough
Now let’s get scary…
Can I download from the command line?
@NTXISSA #NTXISSACSC3 14
Walkthrough
And there you have an UNAUTHENTICATED WGET to the website
pulling a copy of the video.
Can you guess how stupid this is?
So, now that we have a vulnerability….how do we report it?
@NTXISSA #NTXISSACSC3 15
Walkthrough
Email is one way…
That didn’t get ANY responses of course.
How about Twitter? All the three letters are on Twitter!
@NTXISSA #NTXISSACSC3 16
Walkthrough
Attempt 1…
@NTXISSA #NTXISSACSC3 17
Walkthrough
Attempt 1……ok REALLY attempt 1….
@NTXISSA #NTXISSACSC3 18
Walkthrough
Attempt 2…
@NTXISSA #NTXISSACSC3 19
Walkthrough
Attempt 3 & 4 & 5…
@NTXISSA #NTXISSACSC3 20
Walkthrough
Attempt 6…
@NTXISSA #NTXISSACSC3 21
Walkthrough
Jokes…
@NTXISSA #NTXISSACSC3 22
Walkthrough
Attempt 7…
@NTXISSA #NTXISSACSC3 23
Walkthrough
Attempt 8…
@NTXISSA #NTXISSACSC3 24
Walkthrough
Attempt 8…
@NTXISSA #NTXISSACSC3 25
Ways to Improve
• Bug Bounties
- Provides responsible disclosure
- Allows for “hackers” to earn cash responsibly
- Has proven to be responsive
- (Google)Rewards for qualifying bugs typically range from
$500 to $50,000.
• BugCrowd (https://bugcrowd.com/list-of-bug-bounty-programs)
@NTXISSA #NTXISSACSC3 26
Ways to Improve
• Even if they don’t/won’t provide a bug bounty program…
- A central email/Twitter/Anonymous submission program to
report vulnerabilities
• Doing Code Audit…
• Running a real Vulnerability Management Program…
@NTXISSA #NTXISSACSC3 27
In Summary
• The Government SUCKS at security. Look at OPM…
• With the right people in place, there is tons of room for
improvement.
• Current means of connecting and reporting is going on deaf ears.
• Even current Government employees are wanting this to improve,
but when they bring this up, it also falls on deaf ears or falls
through budget cracks.
@NTXISSA #NTXISSACSC3 28
Questions
@NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3
The Collin College Engineering Department
Collin College Student Chapter of the North Texas ISSA
North Texas ISSA (Information Systems Security Association)
NTX ISSA Cyber Security Conference – October 2-3, 2015 29
Thank you