Advanced Penetration Testing -Week-12

You have been invited to attend a Mediasite presentation.

Presentation Details:
Title: =MIS 5212.001_3/28/2016
Date: Monday, March 28, 2016
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/ab016798f30a490a8bb876cd49be68481d

In the News: http://www.govinfosecurity.com/verizon-confirms-breach-affecting-business-customers-a-8991

Verizon Enterprise Solutions, which regularly assists clients in responding to data breaches, admits it’s suffered its own breach, reportedly affecting 1.5 million business customers. As a result of the exposure of contact information, those customers are now at greater risk of phishing attacks.

http://www.securityweek.com/hackers-steal-details-verizon-enterprise-customers

By Eduard Kovacs on March 25, 2016

Eduard Kovacs from Security Week at SecurityWeek.com reports that hackers steal details of Verizon Enterprise Customers.

Verizon Enterprise Solutions is a division of Verizon Communications that specializes in designing, building and operating networks, IT systems and mobile technologies for businesses and governments.

This is a prominent member of an exclusive underground forum that has been offering to sell a database storing the contact information of roughly 1.5 million Verizon Enterprise customers.

The complete database is offered for $100,000, but interested parties can also acquire sets of 100,000 records for $10,000. The seller has also offered information on vulnerabilities in Verizon’s website.

The database is available in multiple formats, including MongoDB. There have been many incidents over the past period where misconfigured MongoDB databases exposed a large number of records of sensitive information.

Verizon Enterprise representatives have confirmed that their website had been plagued by a vulnerability that allowed hackers to steal customer contact information, but has not specified how many are affected. The company noted that the attackers have not gained access to customer proprietary network information or other data. Affected clients will be notified.

“Most companies have a very difficult time managing this issue as it generally falls somewhere between the web team, marketing, regional teams and the security team … and that basically means no one is looking after it. This really is an area where expertise is required and often comes in the form of partnering with experts to manage,”

Capture

Caution.  This is a big file (48 mb)  Only grab it if you want something to run aircrack against.

In the news

Cyber warriors are allowed to have long hair. (UK, not satire)

http://www.telegraph.co.uk/news/uknews/12203745/New-Army-cyber-warriors-allowed-long-hair.html

Reading: Aircrack-ng Tutorial: Getting Started,  I followed this tutorial, and Tutorial: Is My Wireless Card Compatible referenced, did some additional research and confirmed that my old LINKSYS WUSB600N was compatible with Kali Linux.  Referencing our KISMET class notes I was able to access the card from Kali Linux and searched for WiFi access points – and could not find any.  This is likely a result of my use of more modern WiFI access points running the WAP2 protocol, and my lack of forethought to purchase a more powerful WiFi antenna like the Alfa cards introduced in class which might have enabled me to find other WiFi access points in my neighborhood.  I did run through the injection test and followed the Simple WEP Crack Tutorial, but without a WiFi access point my progress was blocked.

In the News: Node Package Manager (npm) Fails to Restrict Actions of Malicious npm Packages
The CERT Division of Carnegie Mellon University’s Software Engineering Institute reports that a new security vulnerability in the default node package manager (npm) for the Node.js JavaScript runtime server-side web application environment allows packages to take actions that could enable a malicious npm package author to create a worm that can spread as users install node packages and compromise the majority of the npm ecosystem. CERT Vulnerability Note VU#319816 (March 25, 2006) describes the security issue, how the worm works, and provides reference to Sam Saccone’s original research into the vulnerability. While a practical solution to the problem has not yet been formulated, three risk-reduction workarounds are provided which should be considered by application developers using npm in node.js based web application systems they are developing for their clients or organizations.
http://www.kb.cert.org/vuls/id/319816

Question for Class:  Does someone with some relevant work experience have interest in helping me develop and deliver a 1/2 day workshop for the Urban Regional Information Association introducing Cybersecurity to managers of Geographic Information Systems at their October conference in Toronto?

Readings:

Aircrack-ng tool set is very powerful when it comes to wireless transmissions Monitoring, Attacking, Testing and Cracking. It is available in different suite options, such as: VM, Live CD and installer for linux OS. While LiveCD and VM versions are simpler to use, these packages have limitations and vulnerabilities. So, the best option is to use Suite for Linux OS, run suite within Linux environment to take full advantage of all functions; however, it would require deep knowledge of Linux. Aircrack can be used to crack WEP passcode using basic approach of capturing Initialization Vectors and then injecting collected IVs into packets via ARP Replay mode.

Question to the Class:

Is it worth it to write your own DLL for Windows in order to manually link drivers for aircrack to work? Would it not be more beneficial and easier to learn Linux, thus gaining more useful and broad experience?

In the News:

Mac OS X Zero-Day Exploit Can Bypass Apple’s Latest Protection Feature

A critical zero-day vulnerability has been discovered in all versions of Apple’s OS X operating system that allows hackers to exploit the company’s newest protection feature and steal sensitive data from affected devices.

http://thehackernews.com/2016/03/system-integrity-protection.html

P.S. After reading this news, I updated my Apple products right away!

Assigned Reading:

Aircrack-ng Suite should be used in a  Linux environment and not in a Windows OS since there is not much support for it. For someone who has not been previously exposed to this tool, the simplest process is as follows: determining the chipset in the wireless card, determining which of the three options can be used to run the aircrack-ng suite, and getting starting to use this tool. It is important to properly determine the wireless card chipsets since it needs to be compatible with the aircrack-ng suite. Once that first step is complete, then the user can choose the best option to run that suite. There are three various methods that can run this tool, such as in Linux, a live CD, or a VMWare image.

Question for the class:
What are your experiences thus far running the aircrack-ng suite? What is your preferred method to run it and why?

In the news: “18 million stolen IDs discovered on server/criminals in China got illegal access”
The IDs and passwords of about 18 million Internet users have been found on computer server set up by a company named Nicchu Shinsei Corp. in Toshima Ward, Tokyo. The police alleged that the company had provided its customers in China with other people’s IDs to allow them illegal Internet access. The company’s president and other staff were arrested and indicted. The victims were users of major Internet search engine Yahoo Japan, online shopping giant Rakuten, Twitter, Facebook, credit card company Mitsubishi UFJ NICOS Co. and others. It is important to note that the illegal access were conducted from June to November 2015 and the Nicchu Shinsei’s server was used to illegally send money via the Internet banking systems of more than 10 financial institutions.

For more information on the above article, please click here.