How I Hacked The Government And Got Away With It

@NTXISSA #NTXISSACSC3

How I Hacked The Government And Got Away With It

Steven Hatfield II@drb0n3z

Security System Senior Advisor

Dell

10/03/2015

@NTXISSA #NTXISSACSC3

Topics

• Legal Disclaimer• Explanation• Walkthrough• Ways to Improve• In Summary

NTX ISSA Cyber Security Conference – October 2-3, 2015 2

@NTXISSA #NTXISSACSC3 3

Legal Disclaimer


Explanation


Walkthrough

• Certified Ethical Hacker (CEHv7)

Course Description

This Advanced Network Assessment prep course is a self-study resource designed to help students

prepare to sit for the Certified Ethical Hacker CEHv7 exam. Specialty Area(s): Systems Security Analysis,

Computer Network Defense, Vulnerability Assessment and Management Training Proficiency Level: Level

3 – Advanced

Certified Ethical Hacker CEHv7 OverviewCEHv7 Overview Download

Ethical Hacking Introduction Download

Ethical Hacking Terminology Download

Hacking Phases and Vul Research Download

https://fedvte.usalearning.gov/courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T01_STEP.pdf













Walkthrough

Let’s look closer at the PDF’s and “Downloads” by viewing page source

*/launcher.php?course=20&group=1

*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T01_STEP.pdf‘




…


…

*'courses/CEHv7/course/videos/pdf/CEHv7_Demo 3 - SQL Injection_STEP.pdf'






https://fedvte.usalearning.gov/courses/CEHv7/course/videos/pdf/CEHv7_Demo 3 - SQL Injection_STEP.pdf


Walkthrough

Now the videos…


Walkthrough

Can you download that too? Let’s look at the PAGE source…

*/courses/CEHv7/index01.htm


Walkthrough

Well that was jibberish. Let’s look at the FRAME source…

*/courses/CEHv7/course/container_01.htm


Walkthrough

Familiarity among the urls….what happens if we try the video url in a page?


Walkthrough

And 02…?


Walkthrough

And 03…?


Walkthrough

Now let’s get scary…

Can I download from the command line?


Walkthrough

And there you have an UNAUTHENTICATED WGET to the website

pulling a copy of the video.

Can you guess how stupid this is?

So, now that we have a vulnerability….how do we report it?


Walkthrough

Email is one way…

That didn’t get ANY responses of course.

How about Twitter? All the three letters are on Twitter!


Walkthrough

Attempt 1…


Walkthrough

Attempt 1……ok REALLY attempt 1….


Walkthrough

Attempt 2…


Walkthrough

Attempt 3 & 4 & 5…


Walkthrough

Attempt 6…


Walkthrough

Jokes…


Walkthrough

Attempt 7…


Walkthrough

Attempt 8…


Ways to Improve

• Bug Bounties

- Provides responsible disclosure

- Allows for “hackers” to earn cash responsibly

- Has proven to be responsive

- (Google)Rewards for qualifying bugs typically range from

$500 to $50,000.

• BugCrowd (https://bugcrowd.com/list-of-bug-bounty-programs)

https://bugcrowd.com/list-of-bug-bounty-programs


Ways to Improve

• Even if they don’t/won’t provide a bug bounty program…

- A central email/Twitter/Anonymous submission program to

report vulnerabilities

• Doing Code Audit…

• Running a real Vulnerability Management Program…


In Summary

• The Government SUCKS at security. Look at OPM…

• With the right people in place, there is tons of room for

improvement.

• Current means of connecting and reporting is going on deaf ears.

• Even current Government employees are wanting this to improve,

but when they bring this up, it also falls on deaf ears or falls

through budget cracks.


Questions

@NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3

The Collin College Engineering Department

Collin College Student Chapter of the North Texas ISSA

North Texas ISSA (Information Systems Security Association)

NTX ISSA Cyber Security Conference – October 2-3, 2015 29

Thank you

How I Hacked The Government And Got Away With It

Technology

Transcript of How I Hacked The Government And Got Away With It