Presentation is loading. Please wait.

Presentation is loading. Please wait.

What we are going to talk about? New Version of Canape Released at Ruxcon What is the VMware ESXi management protocol? In Canape: – MitM – Traffic Parsing.

Published byAnthony Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "What we are going to talk about? New Version of Canape Released at Ruxcon What is the VMware ESXi management protocol? In Canape: – MitM – Traffic Parsing."— Presentation transcript:

1

2 What we are going to talk about? New Version of Canape Released at Ruxcon What is the VMware ESXi management protocol? In Canape: – MitM – Traffic Parsing – Traffic Injection – Fuzzing – Extending Canape Finding 0 days

3 What is Canape? Network Protocol Testing Tool Existing Tools: – HTTP Proxies (e.g. CAT) – Echo Mirage – Python Libraries – Wireshark Why a new tool? – Has these features and more – All driven through a GUI And it’s free!

4 The old way

5 The Canape way GUI driven IDE for protocol analysis Focus on data rather than code Large number of built in modules to parse / modify / fuzz traffic Large number of supported languages for when coding is necessary – C#, Python, Ruby, Visual Basic, Jscript.NET – Even F# (if you really want)

6 How does it Capture Traffic? MitM support – SOCKS – Port Forwarding Network protocol support – TCP, UDP, Broadcast traffic Application level proxy – HTTP, SSL

7 What is the VMware ESXi protocol? Protocol used for network management of VMware virtualisation products Actually numerous protocols – Remote desktop – File transfer – Etc. Requires a bespoke client

8 VMware vSphere Client

9 The protocol(s) Actually multiple protocols over one connection – Authentication – Remote Desktop – Network File Copy – VMware Database Each time the protocol transitions a new SSL encrypted or plain text stream is initiated on the same connection

10 MitM Traffic

11 State handling The ESXi protocol traverses a number of protocol states Or BannerSSL Auth SSL VNC BannerSSL AuthNFC

12 Handling State Transitions

13 Authentication protocol Text based protocol Simple commands – BANNER – USER – PASS / XPAS – SESSION – PROXY / CONNECT Allows for Username/Password, Ticket and Session authentication

14 Basic Network Clients

15 Remote desktop Based on the VNC protocol Includes VMware specific extensions Commands – Hello – Negotiation – User Input – Screen redraw – Etc.

16 Key press 0x000x300x010x00 0x300x000x0 a ?Scan Code?Flags

17 Mouse movement 0x5F3F00000x7FA900000x01000000 X CoordinateY Coordinate 0xFFFFFFFF0x00000000 Button State 0x00000000 – No Buttons 0x00000001 – Press Left 0x00000002 – Press Middle 0x00000004 – Press Right 0x00010000 – Scroll Down 0xFFFF0000 – Scroll Up ? ? Flags

18 Parsing User Input

19 Traffic Injection

20 NFC protocol Simple file transfer protocol Unencrypted by default(!) Allows for – File upload – File download – File move – File copy – File delete

21 Fuzzing Standard everyday fuzzing – But from within in the protocol stream Built in modules for – Simple byte fuzzing – Integer fuzzing – Pattern fuzzing – Etc. Custom fuzzers written in code

22 Fuzzing

23 What did we find? 5 Heap Memory Exhaustion Panics 2 Unhandled Exceptions 2 Null Pointer Dereferences 1 Use After Free Vulnerability Context are currently working closely with the VMware Security Response Center to fix the identified issues

24 Mitigating the risk Restrict access to management services to management IP Addresses Don’t use the NFC file transfer to transfer sensitive files Enable SSH

25 Sulley Protocol Informatics Extending Canape

26 Thanks Thanks to the following people: – James Forshaw, Canape author and implementer of many requested features and bug fixes – Michael Jordon, for continued support and pushing me to do this talk!

27 References http://canape.contextis.com www.twitter.com/#ctxis

28 Questions ?

Download ppt "What we are going to talk about? New Version of Canape Released at Ruxcon What is the VMware ESXi management protocol? In Canape: – MitM – Traffic Parsing."

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
Background Info The UK Mirror Service provides mirror copies of data and programs from many sources all over the world. This enables users in the UK to.

Background Info The UK Mirror Service provides mirror copies of data and programs from many sources all over the world. This enables users in the UK to.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
COS 420 DAY 24. Agenda Assignment 5 posted Chap 22-26 Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Student evaluations Latest.

COS 420 DAY 24. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Student evaluations Latest.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.

OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

Similar presentations

Ads by Google