Week 05: Metasploit
Facebook unpatched Apache library
One of the research was able to access the Facebook internal system by exploiting a vulnerability (Haworth, 2020). The research able to find an vulnerability within the Mobile Device Management (MDM) software and used that to gain access to the Facebook internal system. The researcher had find a bug within the MDM in 2018 which he reported and used that same bug to gain access to the Facebook system. MDM company was using older version of Apache Groovy library. This was a critical vulnerability since the research was able to gain access remotely. The researcher has reported this finding and MDM company has patched this issue.
References:
Haworth, J. 2020. Internal Facebook systems exposed via unpatched Apache library. Retrieved from: https://portswigger.net/daily-swig/internal-facebook-systems-exposed-via-unpatched-apache-library
Week 5 Presentation
Week 5: Reading
Netcat: New Attack lets hackers remotely steal data
This article, from 2019, shows a major flaw in the intel CPU’s that allow them to be exploited remotely overt the networks without requiring the attacker to have physical access or any malware installed on the target computer. The attacker works by using Netcat to sniff out sensitive data from intels cpu cache. It works by sending specially crafted network packets to a target computer that has the remote direct memory access feature enabled. RDMA allows attackers to spy on remote peripherals such as network cards in order to observe the timing difference between a network packet that is served from the remote processor cache versus a packet served from memory. By measuring the inter-arrival timing of packets, Netcat is able to use keystroke timing attack to leak what you type. The keystroke attack is correct about 85% of the time as of the writing of this article.
“NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs.” The Hacker News, 11 Sept. 2019, thehackernews.com/2019/09/netcat-intel-side-channel.html?m=1.
Reading Week 5 Netcat
Netcat is an extremely powerful tool that security professionals use to do many things s when it comes to targeting networks and client machines. Some of the potential uses of Netcat is to scan all ports and connect to ones that are widely used to hide itself. Conduct file transfers back and forth across the network. Another important use for the tool is that it allows individuals to test their servers and firewalls. Also it can be used to test network performance. Sending commands back and forth using Netcat allows individuals to send commands back and forth across the network to client machines.
1. What ways can Netcat be used to transfer information back and forth across the network?
2. How does Netcat sneak into well known and used ports without being detected?
In the news article
Twitter bug may have exposed API keys, access tokens
A bug could have exposed their API keys and access tokens in their browser’s cache. Luckily, the problem was fixed before any leaks. According to the twitter, if the person using a public computer to view developer app keys and token on developer.twitter.com, they may have been store temporarily in the browser’s cache on the computer. That information has the potential of being misused by accessing the keys and tokens. With more and more organizations and businesses relying on the API, this makes API a lucrative target for hackers. Leaked keys and token can make their way to the dark and possess a threat of being used in the automated attacks against API endpoints. Twitter notified that they changed their caching instructions that the site sends developer’s browsers. Twitter also stopped storing information about the apps or accounts and fixed the leak.
Week 5 – Readings: Netcat
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is packed with other features such as port scanning or copying files over the network without having a FTP or HTTP server. Netcat is often used by hackers to achieve a shell on a victim’s computer. If a hacker was able to breach a website, they could upload a shell script to the site. The script would be modified to connect to the attackers IP, on a given port, say 9999. Once the shell is uploaded, the attacker would setup a netcat listener on their machine with the commands:
nc –nvlp 9999
This essentially tells netcat (nc) not resolve names (-n), to be verbose printing out when a connection occurs (-v), to listen (-l) on a given local port (-p)
Once the listener is set, the attacker would navigate to the page were they uploaded the shell script, and it would execute and then there would be a shell prompt in the terminal where the netcat listener was set.
Questions for the class:
What else can netcat be used for?
Week 5: In the News
Nebraska Medicine Falls Victim To Cyber Attack
Nebraska Medicine is the most comprehensive health network in the region, with two major hospitals, more than 1000 doctors and 40 clinics in the Omaha area. Earlier this week Nebraska Medicine experienced a significant information technology system downtime event. This downtime is the result of a cyber security attack. Nebraska Medicine was forced to postpone many appointments and prioritized patients who have appointments or surgeries critical to their health and well-being. According to Nebraska Medicine no patient data has been deleted or destroyed. As of this time there is no report of Patient data being compromised. Law Enforcement have been notified and contingency plans are in place. Nebraska Medicine says normal operations should resume in a few days after the cyber attack.
The statement did not include any further information about the attack’s nature, extent or origins. According to the distribution and event leading to the discovery of the attack. It seems that Nebraska Medicine has been affected by a denial of service attack. As this investigation continues Nebraska Medicine and other health institutions should seek to improve their Security Awareness. Training employees to watch out for suspicious links and always updating phone and computer software is essential . Nebraska Medicine should also improve defense-in-depth or layered security. Layered Security provides additional protection even after an unauthorized access is achieved. Even if an attacker is able to breach into the network.What they can access is very limited. Which is going to make accessing other data more difficult.
Week 5 – In the News: You can bypass TikTok’s MFA by logging in via a browser
One month after TikTok implemented MFA for its users, it was discovered that the feature was only enabled for the mobile app and not the website. This lapse in TikTok’s new security feature would allow attackers to bypass MFA by logging into an account with compromised credentials via its website. Luckily there is not much an attacker can do to a compromised account when logging into TikTok via the website. The website dashboard does not allow passwords to be reset. However, an attacker could still deface an account by uploading and posting videos in an attempt to deface the account. Another flaw found in TikTok’s platform was that the mobile app does not show sessions taking place in real-time from the web dashboard. This means that TikTok does not warn users when someone used their credentials to access their TikTok account via a web browser.
https://www.zdnet.com/article/you-can-bypass-tiktoks-mfa-by-logging-in-via-a-browser/