Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Attached Shell: N.A.S.ty Systems That Store Network Accessible Shells Jacob Holcomb Security Analyst Independent Security Evaluators.

Published byArthur Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Attached Shell: N.A.S.ty Systems That Store Network Accessible Shells Jacob Holcomb Security Analyst Independent Security Evaluators."— Presentation transcript:

1 Network Attached Shell: N.A.S.ty Systems That Store Network Accessible Shells Jacob Holcomb Security Analyst Independent Security Evaluators

2 Speaker Information Who? Jacob Holcomb Twitter: @rootHak42 LinkedIn: linkedin.com/in/infosec42 Blog: http://infosec42.blogspot.com What? Security Analyst @ ISE Why? I <3 exploiting computer codez

3 Is this really important? 100% of storage systems evaluated were vulnerable to exploitation. Storage systems are not the only embedded device with egregious deficiencies. These systems CAN and ARE being mass exploited.

4 Topics Mass Exploitation… What are network storage devices? Key Players Remediation

5 Subject Background What are network storage devices? –Equipment used for data retention Users of network storage devices? –Small Businesses –Home Users –Large Enterprises

6 Key Players Vendors –Seagate, D-Link, Lenovo, Buffalo, QNAP, Western Digital, Netgear, ZyXEL, Asustor, TRENDnet, HP, Synology Consumers –Home Consumers –Small Businesses –Large Enterprises

7 Products Evaluated ASUSTOR: AS-602T TRENDnet: TN-200/TN-200T1 QNAP: TS-870 Seagate: Black Armor 1BW5A3-570 Netgear: ReadyNAS104 D-LINK: DNS-345 Lenovo: IX4-300D Buffalo: TeraStation 5600 Western Digital: WD MyCloud EX4 ZyXEL: NSA 325v2

8 Exploit Research and Development (time2pwn) Summary of Results Testing Methodology –Scanning and Enumeration –Vulnerability Discovery –Vulnerability Exploitation Mass Exploitation (I like worms, baby!)

9 Preliminary Results A staggering 100% of devices are susceptible to root compromise. At least 50% of devices can be exploited without authentication. MITRE has assigned 22 CVE numbers. –I’ve only just begun! Far WORSE than routers!

10 Testing Methodology Scanning and Enumeration Vulnerability Discovery (Gaining Access) Individual/Mass Vulnerability Exploitation

11 Scanning and Enumeration Port Scan Banner Grab TCP: nmap –sS –Pn –sV –p T:1-65535 X.X.X.X UDP: nmap –sU –Pn –p U:1-65535 X.X.X.X Netcat: nc –nv

12 Vulnerability Discovery Investigate Running Services –e.g., HTTP, SMB, SNMP, FTP, Telnet Analyze Web Applications Static Code Analysis (Source Code Review) Dynamic Analysis (Network Fuzzing)

13 Types of Vulnerabilities Discovered Command Injection Cross-Site Request Forgery Buffer Overflow Missing Function Level Access Control –Authentication Bypass –Authorization Failure Information Disclosure Backdoor Poor Session Management –Deterministic Cookie Generation Directory Traversal –Arbitrary File Upload and Download

14 Worm Vulnerability Exploitation Command Injection Missing Function Level Access Control –Authentication Bypass –Authorization Bypass

15 Mass Exploitation N.A.S.ty Worm Demo –D-LINK DNS-345 –TRENDnet TN-200/TN-2011T1 –Western Digital MyCloud EX4 Similar Occurrences?

16 Worm Operation 1.Scan IP Range for TCP/80 2.Fingerprint TCP/80 3.Exploit Target 4.Download and Run 5.Rinse and Repeat

17 N.A.S.ty WORM Demo Let the zombie apocalypse begin!

18 WORM Demo

19 WORM Domination The worm has a power level of over 9000!

20 Remediation Vendors –Transparent patch management –Incorporate security into software design –Security Principles (e.g., Least Privilege, Defense in Depth) Consumers –Harden your network devices!

21 #SOHOpelessly Broken HACK ROUTERS AND GET PAID https://sohopelesslybroken.com Past – DEFCON 22, DerbyCon v4.0, BSIDES DC Future - ToorCon

22 THANKS! Questions???? Presenter Information –Name: Jacob Holcomb –Twitter: @rootHak42 –Blog: http://infosec42.blogspot.comhttp://infosec42.blogspot.com –LinkedIn: https://linkedin.com/in/infosec42https://linkedin.com/in/infosec42

Download ppt "Network Attached Shell: N.A.S.ty Systems That Store Network Accessible Shells Jacob Holcomb Security Analyst Independent Security Evaluators."

Similar presentations

Expose the Vulnerability Paul Hogan Ward Solutions.

Expose the Vulnerability Paul Hogan Ward Solutions.
OWASP Web Vulnerabilities and Auditing

OWASP Web Vulnerabilities and Auditing
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
By - Anamika Singh.  Product IronWASP Information Security Service Pvt. Ltd.  Author of the WiHawk- Router Vulnerability Scanner.

By - Anamika Singh.  Product IronWASP Information Security Service Pvt. Ltd.  Author of the WiHawk- Router Vulnerability Scanner.
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Advanced Security Center Overview Northern Illinois University.

Advanced Security Center Overview Northern Illinois University.
Firewall Vulnerabilities Presented by Vincent J. Ohm.

Firewall Vulnerabilities Presented by Vincent J. Ohm.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Hacking Exposed 7 Network Security Secrets & Solutions

Hacking Exposed 7 Network Security Secrets & Solutions
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Hacking Unix/Linux.

Hacking Unix/Linux.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Similar presentations

Ads by Google