SlideShare una empresa de Scribd logo

Full disclosure-vulnerabilities

Descargar como PPTX, PDF
S
slideseces
1 de 29
Full DisclosureVulnerabilities (0-days) ByAlex Hernández aka alt3kx Date: 14.08.009 Copyright (c) SybSecurity.com ResearchLabs 2009
About Alex Hernandez aka alt3kx Currently researcher contributor Spain, Germany, USA, Amsterdam, Argentina, Australia, Belgium, Canada, and Mexico. He has also coded some exploits, mainly for the pen- testing task. The last public exploit published on security’s page like milw0rm, securityfocus , Packetstorm. Devision Security Labs Neurowork Spain www.SybSecurity.comMX-AR-ES
Content Aruba Networks (WiFIRouter) 0-day CSRF & HijackingSession (cookies) Exploit & PoC video TriB0x (VoIPasterisk) 0-day SQLi and LFI Exploit & PoC video Cisco VPN client 0-day Denial Of Service (DoS) Exploit & PoC video
Aruba's networks were designed from the ground up to meet these requirements – and more. Our wireless solutions make add, move, and change costs evaporate. In fact, wireless networks built on our adaptive 802.11n technology cost just 10% of a comparable wired build- out, allowing you to rightsize your network while upgrading efficiency and productivity. www.arubanetworks.com
Aruba 200 (WiFiRouter)
Cross SiteRequestForgery Yes everythingis vulnerable to CSRF…
Vulnerable POST Form (uploadshell) Videos PoC (Proof Of Concept)
Firmware Vulnerables Software Version ArubaOS 3.1.1.4 BuildNumber 16439 Label16439 BuiltOn 2007-10-09 15:47:42 PDT Software Version ArubaOS 3.3.1.23 (Digitally Signed - Production Build) Build Number 20304 Label 20304 BuiltOn 2008-12-22 16:37:36 PST
Response Aruba Networks? NotYet support@arubanetworks.com
Trixbox es una distribución del sistema operativo GNU/Linux, basada en CentOS, que tiene la particularidad de ser una central telefónica (PBX) por software basada en la PBX de código abierto Asterisk. Como cualquier central PBX, permite interconectar teléfonos internos de una compañía y conectarlos la red telefónica convencional (RTB - Red telefónica básica).
SQLi Trixb0x Web-meetme What is it: Web-MeetMe is a suite of PHP pages to allow for scheduling and managing conferences on an Asterisk PBX. Add rooms and specify)
SomeScreensConfig 1
SomeScreensConfig 2
SQLi Web-MeetMe Video… Thepower of ‘ Bypass Auth ' or 'a'='a
LFI (Local FileInclusion) DirectoryTraversal… video.
Response Trixbox & Dan Austin? Vulnerable Versions Web-MeetMe_v3.1.0.tgz Web-MeetMe_v3.0.tgz Patches… NotYet…
Cisco VPN Client Local Denial of Service (DoS) “cvpnd.exe”
Overview The Cisco Virtual Private Network (VPN) Client establishes an encrypted tunnel between a local system and a Cisco VPN concentrator. The tunnel provides data integrity and confidentiality, allowing users a secure connection to a corporate network otherwise from a public non-trusted network.
Description A Denial of Service (DOS) attack on the win32 VPN client platform, can be exploited locally and collapse the VPN client through the "cvpnd.exe" service running with "SYSTEM" priviledges.
Technicaldetails The Cisco VPN Clientfor win32 getsinstalled as a Windows servicecalled "Cisco Systems, Inc. VPN Service" or "CVPND", and itsbinaryisassociatedto: C:rogram Filesisco SystemsPN Clientvpnd.exe. C:rchivos de programaisco SystemsPN Clientvpnd.exe By defect, the CVPND service gets executed with "SYSTEM" priviledges
Cisco VPN Client
Default PATH Win2k
Default PATH Windows Vista
ExploitCode 0day Video…
Response CISCO? Yep, CISCO r0x Omar Santos osantos [at] cisco [dot] com PSIRT HighRisk! BugID es CSCsz49276 PSIRT ID es PSIRT-0676131279 Relese 27 Agosto 2009 (Credits Alex Hernandez)
Thank u! ahernandez [at] sybsecurity [dot] com Research & Papers: http://www.sybsecurity.com/en/laboratory/

Recomendados

Router Defense - BRUcon 2010
Router Defense - BRUcon 2010Router Defense - BRUcon 2010
Router Defense - BRUcon 2010fropert
 
TechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsTechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsRobb Boyd
 
Owning nx os-sec-t_2010
Owning nx os-sec-t_2010Owning nx os-sec-t_2010
Owning nx os-sec-t_2010blh42
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Cisco Russia
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Tech Summit 2016
 
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Cisco Russia
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsB.A.
 
Physical data security & security of data over network by team netnepz- A...
Physical data security & security of data over network by team netnepz- A...Physical data security & security of data over network by team netnepz- A...
Physical data security & security of data over network by team netnepz- A...SandipAryal5
 

Recomendados

Router Defense - BRUcon 2010
Router Defense - BRUcon 2010Router Defense - BRUcon 2010
Router Defense - BRUcon 2010fropert
 
TechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsTechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsRobb Boyd
 
Owning nx os-sec-t_2010
Owning nx os-sec-t_2010Owning nx os-sec-t_2010
Owning nx os-sec-t_2010blh42
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Cisco Russia
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Tech Summit 2016
 
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Cisco Russia
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsB.A.
 
Physical data security & security of data over network by team netnepz- A...
Physical data security & security of data over network by team netnepz- A...Physical data security & security of data over network by team netnepz- A...
Physical data security & security of data over network by team netnepz- A...SandipAryal5
 
6550
65506550
6550Riadh Briki
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORTSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Open solaris what's new presentation
Open solaris what's new presentationOpen solaris what's new presentation
Open solaris what's new presentationxKinAnx
 
David Bartlett-current
David Bartlett-currentDavid Bartlett-current
David Bartlett-currentDave Bartlett
 
Understanding Dockers from a Security Perspective
Understanding Dockers from a Security PerspectiveUnderstanding Dockers from a Security Perspective
Understanding Dockers from a Security PerspectiveVikas Rawat
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpnsharetech
 
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDays Riga
 
Work from home under the lockdown
Work from home under the lockdownWork from home under the lockdown
Work from home under the lockdownNaseem Khoodoruth
 
CCNA CHAPTER 15 BY jetarvind kumar madhukar
CCNA CHAPTER 15 BY jetarvind kumar madhukarCCNA CHAPTER 15 BY jetarvind kumar madhukar
CCNA CHAPTER 15 BY jetarvind kumar madhukarALLCAD Services Pvt Limited
 
Nse 4 certification
Nse 4 certificationNse 4 certification
Nse 4 certificationOlsianGue
 
Kevin wharram
Kevin wharramKevin wharram
Kevin wharramKevin Wharram
 
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Dmitry Savchenko
 
HWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletHWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletNemanja Nikodijević
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
 
White Hats 1st Meeting
White Hats 1st MeetingWhite Hats 1st Meeting
White Hats 1st Meetingsophto92
 
Introduction to CPSA
Introduction to CPSAIntroduction to CPSA
Introduction to CPSAfullhouseweb
 
Futex ppt
Futex pptFutex ppt
Futex pptOECLIB Odisha Electronics Control Library
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy
 
네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성NAIM Networks, Inc.
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7CA API Management
 

Más contenido relacionado

La actualidad más candente

Open solaris what's new presentation
Open solaris what's new presentationOpen solaris what's new presentation
Open solaris what's new presentationxKinAnx
 
David Bartlett-current
David Bartlett-currentDavid Bartlett-current
David Bartlett-currentDave Bartlett
 
Understanding Dockers from a Security Perspective
Understanding Dockers from a Security PerspectiveUnderstanding Dockers from a Security Perspective
Understanding Dockers from a Security PerspectiveVikas Rawat
 
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDays Riga
 
Work from home under the lockdown
Work from home under the lockdownWork from home under the lockdown
Work from home under the lockdownNaseem Khoodoruth
 
Nse 4 certification
Nse 4 certificationNse 4 certification
Nse 4 certificationOlsianGue
 
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Dmitry Savchenko
 
HWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletHWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletNemanja Nikodijević
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
 
White Hats 1st Meeting
White Hats 1st MeetingWhite Hats 1st Meeting
White Hats 1st Meetingsophto92
 
Introduction to CPSA
Introduction to CPSAIntroduction to CPSA
Introduction to CPSAfullhouseweb
 

La actualidad más candente (18)

6550
65506550
6550
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORT
 
Open solaris what's new presentation
Open solaris what's new presentationOpen solaris what's new presentation
Open solaris what's new presentation
 
David Bartlett-current
David Bartlett-currentDavid Bartlett-current
David Bartlett-current
 
Understanding Dockers from a Security Perspective
Understanding Dockers from a Security PerspectiveUnderstanding Dockers from a Security Perspective
Understanding Dockers from a Security Perspective
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpn
 
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
 
Work from home under the lockdown
Work from home under the lockdownWork from home under the lockdown
Work from home under the lockdown
 
CCNA CHAPTER 15 BY jetarvind kumar madhukar
CCNA CHAPTER 15 BY jetarvind kumar madhukarCCNA CHAPTER 15 BY jetarvind kumar madhukar
CCNA CHAPTER 15 BY jetarvind kumar madhukar
 
Nse 4 certification
Nse 4 certificationNse 4 certification
Nse 4 certification
 
Kevin wharram
Kevin wharramKevin wharram
Kevin wharram
 
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
 
HWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletHWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware wallet
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!
 
White Hats 1st Meeting
White Hats 1st MeetingWhite Hats 1st Meeting
White Hats 1st Meeting
 
Introduction to CPSA
Introduction to CPSAIntroduction to CPSA
Introduction to CPSA
 
Futex ppt
Futex pptFutex ppt
Futex ppt
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 

Similar a Full disclosure-vulnerabilities

Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy
 
네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성NAIM Networks, Inc.
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7CA API Management
 
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded DayC:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded DayArik Weinstein
 
Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Joel W. King
 
Upgrading_your_microservices_to_next_level_v1.0.pdf
Upgrading_your_microservices_to_next_level_v1.0.pdfUpgrading_your_microservices_to_next_level_v1.0.pdf
Upgrading_your_microservices_to_next_level_v1.0.pdfVladimirRadzivil
 
VMware - vCloud Hybrid Services
VMware - vCloud Hybrid Services VMware - vCloud Hybrid Services
VMware - vCloud Hybrid Services VMUG IT
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfssuser57b3e5
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internetRony Melo
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defensePriyanka Aash
 
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...Shawn Wells
 
The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010Mario Heiderich
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxVasiliy Fomichev
 

Similar a Full disclosure-vulnerabilities (20)

Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7
 
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded DayC:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
 
Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...
 
Meraki SD-WAN.pdf
Meraki SD-WAN.pdfMeraki SD-WAN.pdf
Meraki SD-WAN.pdf
 
Upgrading_your_microservices_to_next_level_v1.0.pdf
Upgrading_your_microservices_to_next_level_v1.0.pdfUpgrading_your_microservices_to_next_level_v1.0.pdf
Upgrading_your_microservices_to_next_level_v1.0.pdf
 
VMware - vCloud Hybrid Services
VMware - vCloud Hybrid Services VMware - vCloud Hybrid Services
VMware - vCloud Hybrid Services
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
 
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
 
Cloud security test
Cloud security testCloud security test
Cloud security test
 
News Bytes - May by corrupt
News Bytes - May by corruptNews Bytes - May by corrupt
News Bytes - May by corrupt
 
The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010
 
Handout2o
Handout2oHandout2o
Handout2o
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
SynapseIndia dotnet framework library
SynapseIndia dotnet framework librarySynapseIndia dotnet framework library
SynapseIndia dotnet framework library
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
 

Full disclosure-vulnerabilities

  • 1. Full DisclosureVulnerabilities (0-days) ByAlex Hernández aka alt3kx Date: 14.08.009 Copyright (c) SybSecurity.com ResearchLabs 2009
  • 2. About Alex Hernandez aka alt3kx Currently researcher contributor Spain, Germany, USA, Amsterdam, Argentina, Australia, Belgium, Canada, and Mexico. He has also coded some exploits, mainly for the pen- testing task. The last public exploit published on security’s page like milw0rm, securityfocus , Packetstorm. Devision Security Labs Neurowork Spain www.SybSecurity.comMX-AR-ES
  • 3. Content Aruba Networks (WiFIRouter) 0-day CSRF & HijackingSession (cookies) Exploit & PoC video TriB0x (VoIPasterisk) 0-day SQLi and LFI Exploit & PoC video Cisco VPN client 0-day Denial Of Service (DoS) Exploit & PoC video
  • 4. Aruba's networks were designed from the ground up to meet these requirements – and more. Our wireless solutions make add, move, and change costs evaporate. In fact, wireless networks built on our adaptive 802.11n technology cost just 10% of a comparable wired build- out, allowing you to rightsize your network while upgrading efficiency and productivity. www.arubanetworks.com
  • 6. Cross SiteRequestForgery Yes everythingis vulnerable to CSRF…
  • 7. Vulnerable POST Form (uploadshell) Videos PoC (Proof Of Concept)
  • 8. Firmware Vulnerables Software Version ArubaOS 3.1.1.4 BuildNumber 16439 Label16439 BuiltOn 2007-10-09 15:47:42 PDT Software Version ArubaOS 3.3.1.23 (Digitally Signed - Production Build) Build Number 20304 Label 20304 BuiltOn 2008-12-22 16:37:36 PST
  • 9. Response Aruba Networks? NotYet support@arubanetworks.com
  • 10. Trixbox es una distribución del sistema operativo GNU/Linux, basada en CentOS, que tiene la particularidad de ser una central telefónica (PBX) por software basada en la PBX de código abierto Asterisk. Como cualquier central PBX, permite interconectar teléfonos internos de una compañía y conectarlos la red telefónica convencional (RTB - Red telefónica básica).
  • 11. SQLi Trixb0x Web-meetme What is it: Web-MeetMe is a suite of PHP pages to allow for scheduling and managing conferences on an Asterisk PBX. Add rooms and specify)
  • 14. SQLi Web-MeetMe Video… Thepower of ‘ Bypass Auth ' or 'a'='a
  • 15. LFI (Local FileInclusion) DirectoryTraversal… video.
  • 16. Response Trixbox & Dan Austin? Vulnerable Versions Web-MeetMe_v3.1.0.tgz Web-MeetMe_v3.0.tgz Patches… NotYet…
  • 17.
  • 18. Cisco VPN Client Local Denial of Service (DoS) “cvpnd.exe”
  • 19. Overview The Cisco Virtual Private Network (VPN) Client establishes an encrypted tunnel between a local system and a Cisco VPN concentrator. The tunnel provides data integrity and confidentiality, allowing users a secure connection to a corporate network otherwise from a public non-trusted network.
  • 20. Description A Denial of Service (DOS) attack on the win32 VPN client platform, can be exploited locally and collapse the VPN client through the "cvpnd.exe" service running with "SYSTEM" priviledges.
  • 21. Technicaldetails The Cisco VPN Clientfor win32 getsinstalled as a Windows servicecalled "Cisco Systems, Inc. VPN Service" or "CVPND", and itsbinaryisassociatedto: C:rogram Filesisco SystemsPN Clientvpnd.exe. C:rchivos de programaisco SystemsPN Clientvpnd.exe By defect, the CVPND service gets executed with "SYSTEM" priviledges
  • 24.
  • 26.
  • 28. Response CISCO? Yep, CISCO r0x Omar Santos osantos [at] cisco [dot] com PSIRT HighRisk! BugID es CSCsz49276 PSIRT ID es PSIRT-0676131279 Relese 27 Agosto 2009 (Credits Alex Hernandez)
  • 29. Thank u! ahernandez [at] sybsecurity [dot] com Research & Papers: http://www.sybsecurity.com/en/laboratory/