SlideShare ist ein Scribd-Unternehmen logo
1 von 30
Downloaden Sie, um offline zu lesen
What hacking
really looks like
Skylar Simmons
SWIFT Red Team
WOW! It’s only taken me 3
seconds to hack into this
secure computer system
Misconceptions
about hacking…
The organization and people mentioned
throughout the remainder of this
presentation are not real
But….The techniques are!
Target...
BankGlobal is a medium sized bank.
We over heard some of their
employees talking in the hotel bar
about their security and we decided
to look into it.
Objectives…
See if we can find a way to access
sensitive financial information
belonging to the bank.
Steal the data, and modify it, so it’s
no longer useful to them.
Scenario 1#
Recon
From searching around online we
found one of BankGlobal’s IP
addresses <10.10.10.1>
Let’s see what we can figure out
from it via a port scan
DEMO
Scenario 1#
Recon.
The first thing we do is identify the IP of the GlobalBank
website so that we can perform a port scan
Port 22 Secure Shell (SSH) – secure remote connection
Port 25 Simple Mail Transfer Protocol (SMTP)
Port 53 Domain Name Service (DNS)
Port 80 Webserver – which we know already
Port 443 Webserver – secure connection
Port 8080 - Non standard port used for various services
Scenario 1#
Port Scan, Zone Transfer, etc.
We browse to the web application and notice a
login screen. What can we do from here?
Looking at the page source we can see the
admin appears to have taken a shortcut by
attempting to hide the password in plain sight
Can we decode the value?
DEMO
Scenario #2
SQL injection
Logging in successfully redirects us to a Staff
Directory page where we can verify employees
of Bank Global
A quick search of LinkedIn reveals the name
of a manager, Sarah Connor
I wonder if we can get any useful information
from the Staff Directory page?
Scenario #2
SQL injection
Let’s put some unexpected characters in the input fields
and see what happens
One of the parameters appears to be vulnerable to SQL
Injection, but doesn’t display the output on the page. Try
to inject Always True or Always False statements
Use the SUBSTR function to progress letter by letter and
observe how the application responds until you retrieve
Sarah Connor’s password
DEMO
Scenario #3
Grab the hashes
Now that we have Sarah Connor’s password, I
wonder if we can login to 10.10.10.1 via SSH?
Let’s see what Sarah has rights to do
Scenario #3
Grab the hashes
In unix machines, user passwords are encrypted
and stored in a file called /etc/shadow.
What about other interesting files?
DEMO
Scenario #4
Default credentials
and WAR file
Our port scan also showed that port 8080 was
open, let’s browse to it and see what it is.
DEMO
Scenario #4
Default credentials and WAR file
Excellent! It’s an Apache Tomcat server. What
can we do with this?
Let’s see if we can find a way to gain better
access than what Sarah Connor had…
Scenario #4
Default credentials and WAR file
The server allows access to a Tomcat web
application called the Manager. Through this
application we can deploy a custom WAR file
It appears the manager requires authentication
to access it. I wonder if they assigned a good
password to the admin account?
DEMO
Scenario #5
Password
protected .xls
We have obtained access to a confidential
spreadsheet belonging to Bank Global
They decided that password protecting sheets
would prevent unintended modification
Can we find a way to modify this file?
DEMO
Scenario #6
Buffer Overflow
Bank Global has written their own program to
send MT103 messages without using SWIFT
interfaces
It is designed to ensure that only authorized
personnel can send messages.
Scenario #6
Buffer Overflow
A Buffer Overflow can occur when we input more
characters than the memory buffer can process
We were able to decompile the binary.
Look at the code to see if it tells you anything
Can we find a way to bypass authentication?
DEMO
Mission Accomplished!
We were able to hack into BankGlobal,
steal the data, and modify it so they can’t
use it, and then send a MT103 to an
account we control.
Would this really work?
76% of breaches in 2018 were financially motivated (2018 Verizon Data Breach Report)
81% of hacking-related breaches leveraged either stolen or weak passwords ( 2017 Verizon Data Breach)
Heartland Payment Systems (2010) – SQL injection attacks resulting in more than $300 million loss
Magento (2019)– SQL injection exposed over 300,000 E-commerce websites and millions of users to attack
Questions?
www.swift.com

Weitere ähnliche Inhalte

Was ist angesagt?

Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger Abhishek Hirapara
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET-  	  Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET-  	  Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET Journal
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolIJERD Editor
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5  Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5  Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Nuzhat Memon
 
DEFEATING MITM ATTACKS ON CRYPTOCURRENCY EXCHANGE ACCOUNTS WITH INDIVIDUAL US...
DEFEATING MITM ATTACKS ON CRYPTOCURRENCY EXCHANGE ACCOUNTS WITH INDIVIDUAL US...DEFEATING MITM ATTACKS ON CRYPTOCURRENCY EXCHANGE ACCOUNTS WITH INDIVIDUAL US...
DEFEATING MITM ATTACKS ON CRYPTOCURRENCY EXCHANGE ACCOUNTS WITH INDIVIDUAL US...IJNSA Journal
 
Security analysis of a single sign on mechanism for distributed computer netw...
Security analysis of a single sign on mechanism for distributed computer netw...Security analysis of a single sign on mechanism for distributed computer netw...
Security analysis of a single sign on mechanism for distributed computer netw...IEEEFINALYEARPROJECTS
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET-  	  Phishing and Anti-Phishing TechniquesIRJET-  	  Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 

Was ist angesagt? (10)

Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
 
secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET-  	  Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET-  	  Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5  Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5  Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
 
E0962833
E0962833E0962833
E0962833
 
DEFEATING MITM ATTACKS ON CRYPTOCURRENCY EXCHANGE ACCOUNTS WITH INDIVIDUAL US...
DEFEATING MITM ATTACKS ON CRYPTOCURRENCY EXCHANGE ACCOUNTS WITH INDIVIDUAL US...DEFEATING MITM ATTACKS ON CRYPTOCURRENCY EXCHANGE ACCOUNTS WITH INDIVIDUAL US...
DEFEATING MITM ATTACKS ON CRYPTOCURRENCY EXCHANGE ACCOUNTS WITH INDIVIDUAL US...
 
Security analysis of a single sign on mechanism for distributed computer netw...
Security analysis of a single sign on mechanism for distributed computer netw...Security analysis of a single sign on mechanism for distributed computer netw...
Security analysis of a single sign on mechanism for distributed computer netw...
 
Phishing Incident Response Playbook
Phishing Incident Response PlaybookPhishing Incident Response Playbook
Phishing Incident Response Playbook
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET-  	  Phishing and Anti-Phishing TechniquesIRJET-  	  Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 

Ähnlich wie SWIFT LARC 2019 - Live Hacking Session

How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsAll Things Open
 
Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Tomek Cejner
 
Cybersecurity Interview Questions_Part1.pdf
Cybersecurity Interview Questions_Part1.pdfCybersecurity Interview Questions_Part1.pdf
Cybersecurity Interview Questions_Part1.pdfinfosec train
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
Se578 Course Project
Se578 Course ProjectSe578 Course Project
Se578 Course ProjectShannon Joy
 
iOS Application Security.pdf
iOS Application Security.pdfiOS Application Security.pdf
iOS Application Security.pdfRavi Aggarwal
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
LNK Payload exploit in windows
LNK Payload exploit in windowsLNK Payload exploit in windows
LNK Payload exploit in windowsssuser1d7287
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
NetworkWorld-SafeBreach
NetworkWorld-SafeBreachNetworkWorld-SafeBreach
NetworkWorld-SafeBreachDan Kunkel
 
Duck Hunter - The return of autorun
Duck Hunter - The return of autorunDuck Hunter - The return of autorun
Duck Hunter - The return of autorunNimrod Levy
 
Nimrod duck hunter copy
Nimrod duck hunter   copyNimrod duck hunter   copy
Nimrod duck hunter copyNimrod Levy
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...Quek Lilian
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
The State of Credential Stuffing and the Future of Account Takeovers.
The State of Credential Stuffing and the Future of Account Takeovers.The State of Credential Stuffing and the Future of Account Takeovers.
The State of Credential Stuffing and the Future of Account Takeovers.Jarrod Overson
 

Ähnlich wie SWIFT LARC 2019 - Live Hacking Session (20)

How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
 
Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.
 
Cybersecurity Interview Questions_Part1.pdf
Cybersecurity Interview Questions_Part1.pdfCybersecurity Interview Questions_Part1.pdf
Cybersecurity Interview Questions_Part1.pdf
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
 
Se578 Course Project
Se578 Course ProjectSe578 Course Project
Se578 Course Project
 
iOS Application Security.pdf
iOS Application Security.pdfiOS Application Security.pdf
iOS Application Security.pdf
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
 
LNK Payload exploit in windows
LNK Payload exploit in windowsLNK Payload exploit in windows
LNK Payload exploit in windows
 
Milestone 3 FINAL
Milestone 3 FINALMilestone 3 FINAL
Milestone 3 FINAL
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
NetworkWorld-SafeBreach
NetworkWorld-SafeBreachNetworkWorld-SafeBreach
NetworkWorld-SafeBreach
 
Duck Hunter - The return of autorun
Duck Hunter - The return of autorunDuck Hunter - The return of autorun
Duck Hunter - The return of autorun
 
Nimrod duck hunter copy
Nimrod duck hunter   copyNimrod duck hunter   copy
Nimrod duck hunter copy
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Secure Software Engineering
Secure Software EngineeringSecure Software Engineering
Secure Software Engineering
 
The State of Credential Stuffing and the Future of Account Takeovers.
The State of Credential Stuffing and the Future of Account Takeovers.The State of Credential Stuffing and the Future of Account Takeovers.
The State of Credential Stuffing and the Future of Account Takeovers.
 

Mehr von SWIFT

SWIFT LARC 2019 - The Rise of Artificial Intelligence in Financial Services ...
SWIFT LARC 2019 -  The Rise of Artificial Intelligence in Financial Services ...SWIFT LARC 2019 -  The Rise of Artificial Intelligence in Financial Services ...
SWIFT LARC 2019 - The Rise of Artificial Intelligence in Financial Services ...SWIFT
 
SWIFT LARC 2019 - Innovation in Latin America_Village Capital
SWIFT LARC 2019 - Innovation in Latin America_Village CapitalSWIFT LARC 2019 - Innovation in Latin America_Village Capital
SWIFT LARC 2019 - Innovation in Latin America_Village CapitalSWIFT
 
SWIFT LARC 2019 - Innovation in Latin America_BAML
SWIFT LARC 2019 - Innovation in Latin America_BAMLSWIFT LARC 2019 - Innovation in Latin America_BAML
SWIFT LARC 2019 - Innovation in Latin America_BAMLSWIFT
 
SWIFT LARC 2019- Increase Fintech Session
SWIFT LARC 2019- Increase Fintech SessionSWIFT LARC 2019- Increase Fintech Session
SWIFT LARC 2019- Increase Fintech SessionSWIFT
 
SWIFT LARC 2019- Enabling the Digital Economy Session_SWIFT
SWIFT LARC 2019-  Enabling the Digital Economy Session_SWIFTSWIFT LARC 2019-  Enabling the Digital Economy Session_SWIFT
SWIFT LARC 2019- Enabling the Digital Economy Session_SWIFTSWIFT
 
SWIFT LARC 2019- Alkanza Fintech Session
SWIFT LARC 2019- Alkanza Fintech SessionSWIFT LARC 2019- Alkanza Fintech Session
SWIFT LARC 2019- Alkanza Fintech SessionSWIFT
 
SWIFT LARC 2019- Banco General
SWIFT LARC 2019-  Banco General SWIFT LARC 2019-  Banco General
SWIFT LARC 2019- Banco General SWIFT
 
4:00 pm - Lisa O'Connor
4:00 pm - Lisa O'Connor4:00 pm - Lisa O'Connor
4:00 pm - Lisa O'ConnorSWIFT
 
4:00 pm - Kazushi Ishijima
4:00 pm - Kazushi Ishijima4:00 pm - Kazushi Ishijima
4:00 pm - Kazushi IshijimaSWIFT
 
3:00 pm -Guy Sheppard
3:00 pm -Guy Sheppard3:00 pm -Guy Sheppard
3:00 pm -Guy SheppardSWIFT
 
2:00 pm - Mitsuru Kayahana
2:00 pm - Mitsuru Kayahana2:00 pm - Mitsuru Kayahana
2:00 pm - Mitsuru KayahanaSWIFT
 
11:30 am - Masashi Nakajima
11:30 am - Masashi Nakajima11:30 am - Masashi Nakajima
11:30 am - Masashi NakajimaSWIFT
 
11:00 am - Michael Moon
11:00 am - Michael Moon11:00 am - Michael Moon
11:00 am - Michael MoonSWIFT
 
10:10 am - Sakiko Suzuki
10:10 am - Sakiko Suzuki10:10 am - Sakiko Suzuki
10:10 am - Sakiko SuzukiSWIFT
 
9:30 am - Adrian Lovney
9:30 am - Adrian Lovney9:30 am - Adrian Lovney
9:30 am - Adrian LovneySWIFT
 
9:15 am - Eddie Haddad
9:15 am - Eddie Haddad9:15 am - Eddie Haddad
9:15 am - Eddie HaddadSWIFT
 
9:00 am - Alain Delfosse
9:00 am - Alain Delfosse9:00 am - Alain Delfosse
9:00 am - Alain DelfosseSWIFT
 
SWIFT Latin American Regional Conference 2018
SWIFT Latin American Regional Conference 2018SWIFT Latin American Regional Conference 2018
SWIFT Latin American Regional Conference 2018SWIFT
 
Standards Session
Standards SessionStandards Session
Standards SessionSWIFT
 
Securities and FX Session
Securities and FX SessionSecurities and FX Session
Securities and FX SessionSWIFT
 

Mehr von SWIFT (20)

SWIFT LARC 2019 - The Rise of Artificial Intelligence in Financial Services ...
SWIFT LARC 2019 -  The Rise of Artificial Intelligence in Financial Services ...SWIFT LARC 2019 -  The Rise of Artificial Intelligence in Financial Services ...
SWIFT LARC 2019 - The Rise of Artificial Intelligence in Financial Services ...
 
SWIFT LARC 2019 - Innovation in Latin America_Village Capital
SWIFT LARC 2019 - Innovation in Latin America_Village CapitalSWIFT LARC 2019 - Innovation in Latin America_Village Capital
SWIFT LARC 2019 - Innovation in Latin America_Village Capital
 
SWIFT LARC 2019 - Innovation in Latin America_BAML
SWIFT LARC 2019 - Innovation in Latin America_BAMLSWIFT LARC 2019 - Innovation in Latin America_BAML
SWIFT LARC 2019 - Innovation in Latin America_BAML
 
SWIFT LARC 2019- Increase Fintech Session
SWIFT LARC 2019- Increase Fintech SessionSWIFT LARC 2019- Increase Fintech Session
SWIFT LARC 2019- Increase Fintech Session
 
SWIFT LARC 2019- Enabling the Digital Economy Session_SWIFT
SWIFT LARC 2019-  Enabling the Digital Economy Session_SWIFTSWIFT LARC 2019-  Enabling the Digital Economy Session_SWIFT
SWIFT LARC 2019- Enabling the Digital Economy Session_SWIFT
 
SWIFT LARC 2019- Alkanza Fintech Session
SWIFT LARC 2019- Alkanza Fintech SessionSWIFT LARC 2019- Alkanza Fintech Session
SWIFT LARC 2019- Alkanza Fintech Session
 
SWIFT LARC 2019- Banco General
SWIFT LARC 2019-  Banco General SWIFT LARC 2019-  Banco General
SWIFT LARC 2019- Banco General
 
4:00 pm - Lisa O'Connor
4:00 pm - Lisa O'Connor4:00 pm - Lisa O'Connor
4:00 pm - Lisa O'Connor
 
4:00 pm - Kazushi Ishijima
4:00 pm - Kazushi Ishijima4:00 pm - Kazushi Ishijima
4:00 pm - Kazushi Ishijima
 
3:00 pm -Guy Sheppard
3:00 pm -Guy Sheppard3:00 pm -Guy Sheppard
3:00 pm -Guy Sheppard
 
2:00 pm - Mitsuru Kayahana
2:00 pm - Mitsuru Kayahana2:00 pm - Mitsuru Kayahana
2:00 pm - Mitsuru Kayahana
 
11:30 am - Masashi Nakajima
11:30 am - Masashi Nakajima11:30 am - Masashi Nakajima
11:30 am - Masashi Nakajima
 
11:00 am - Michael Moon
11:00 am - Michael Moon11:00 am - Michael Moon
11:00 am - Michael Moon
 
10:10 am - Sakiko Suzuki
10:10 am - Sakiko Suzuki10:10 am - Sakiko Suzuki
10:10 am - Sakiko Suzuki
 
9:30 am - Adrian Lovney
9:30 am - Adrian Lovney9:30 am - Adrian Lovney
9:30 am - Adrian Lovney
 
9:15 am - Eddie Haddad
9:15 am - Eddie Haddad9:15 am - Eddie Haddad
9:15 am - Eddie Haddad
 
9:00 am - Alain Delfosse
9:00 am - Alain Delfosse9:00 am - Alain Delfosse
9:00 am - Alain Delfosse
 
SWIFT Latin American Regional Conference 2018
SWIFT Latin American Regional Conference 2018SWIFT Latin American Regional Conference 2018
SWIFT Latin American Regional Conference 2018
 
Standards Session
Standards SessionStandards Session
Standards Session
 
Securities and FX Session
Securities and FX SessionSecurities and FX Session
Securities and FX Session
 

Kürzlich hochgeladen

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 

Kürzlich hochgeladen (20)

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 

SWIFT LARC 2019 - Live Hacking Session

  • 1. What hacking really looks like Skylar Simmons SWIFT Red Team
  • 2. WOW! It’s only taken me 3 seconds to hack into this secure computer system Misconceptions about hacking…
  • 3. The organization and people mentioned throughout the remainder of this presentation are not real But….The techniques are!
  • 4. Target... BankGlobal is a medium sized bank. We over heard some of their employees talking in the hotel bar about their security and we decided to look into it.
  • 5. Objectives… See if we can find a way to access sensitive financial information belonging to the bank. Steal the data, and modify it, so it’s no longer useful to them.
  • 6. Scenario 1# Recon From searching around online we found one of BankGlobal’s IP addresses <10.10.10.1> Let’s see what we can figure out from it via a port scan
  • 8. Scenario 1# Recon. The first thing we do is identify the IP of the GlobalBank website so that we can perform a port scan Port 22 Secure Shell (SSH) – secure remote connection Port 25 Simple Mail Transfer Protocol (SMTP) Port 53 Domain Name Service (DNS) Port 80 Webserver – which we know already Port 443 Webserver – secure connection Port 8080 - Non standard port used for various services
  • 9. Scenario 1# Port Scan, Zone Transfer, etc. We browse to the web application and notice a login screen. What can we do from here? Looking at the page source we can see the admin appears to have taken a shortcut by attempting to hide the password in plain sight Can we decode the value?
  • 10. DEMO
  • 11. Scenario #2 SQL injection Logging in successfully redirects us to a Staff Directory page where we can verify employees of Bank Global A quick search of LinkedIn reveals the name of a manager, Sarah Connor I wonder if we can get any useful information from the Staff Directory page?
  • 12. Scenario #2 SQL injection Let’s put some unexpected characters in the input fields and see what happens One of the parameters appears to be vulnerable to SQL Injection, but doesn’t display the output on the page. Try to inject Always True or Always False statements Use the SUBSTR function to progress letter by letter and observe how the application responds until you retrieve Sarah Connor’s password
  • 13. DEMO
  • 14. Scenario #3 Grab the hashes Now that we have Sarah Connor’s password, I wonder if we can login to 10.10.10.1 via SSH? Let’s see what Sarah has rights to do
  • 15. Scenario #3 Grab the hashes In unix machines, user passwords are encrypted and stored in a file called /etc/shadow. What about other interesting files?
  • 16. DEMO
  • 17. Scenario #4 Default credentials and WAR file Our port scan also showed that port 8080 was open, let’s browse to it and see what it is.
  • 18. DEMO
  • 19. Scenario #4 Default credentials and WAR file Excellent! It’s an Apache Tomcat server. What can we do with this? Let’s see if we can find a way to gain better access than what Sarah Connor had…
  • 20. Scenario #4 Default credentials and WAR file The server allows access to a Tomcat web application called the Manager. Through this application we can deploy a custom WAR file It appears the manager requires authentication to access it. I wonder if they assigned a good password to the admin account?
  • 21. DEMO
  • 22. Scenario #5 Password protected .xls We have obtained access to a confidential spreadsheet belonging to Bank Global They decided that password protecting sheets would prevent unintended modification Can we find a way to modify this file?
  • 23. DEMO
  • 24. Scenario #6 Buffer Overflow Bank Global has written their own program to send MT103 messages without using SWIFT interfaces It is designed to ensure that only authorized personnel can send messages.
  • 25. Scenario #6 Buffer Overflow A Buffer Overflow can occur when we input more characters than the memory buffer can process We were able to decompile the binary. Look at the code to see if it tells you anything Can we find a way to bypass authentication?
  • 26. DEMO
  • 27. Mission Accomplished! We were able to hack into BankGlobal, steal the data, and modify it so they can’t use it, and then send a MT103 to an account we control.
  • 28. Would this really work? 76% of breaches in 2018 were financially motivated (2018 Verizon Data Breach Report) 81% of hacking-related breaches leveraged either stolen or weak passwords ( 2017 Verizon Data Breach) Heartland Payment Systems (2010) – SQL injection attacks resulting in more than $300 million loss Magento (2019)– SQL injection exposed over 300,000 E-commerce websites and millions of users to attack

Hinweis der Redaktion

  1. Misconceptions about hacking TV shows and movies make hacking look really spectacular It takes a Hollywood actor an average of 3 seconds to hack the most secure computer system They are ALWAYS successful and NEVER caught Anything can be instantly hacked: Banks, Schools, Hospitals, even time itself! Don’t believe me???? Check out one of our all time favorite hacking scenes!
  2. Lets See what this really looks like! We have developed a series of “realistic” hacking challenges These target common poor security practices The scenario is that we are a hacker targeting a fictitious financial institution called “Bank Global”
  3. Objective . See if we can find a way to access sensitive financial information belonging to the bank 2. Steal the data, and modify it so it is no longer useful to them
  4. Clue #1 Let’s put some unexpected characters in the input fields and see what happens
  5. You browse to 10.10.10.1 over port 80 and find a Bank Global web application It’s asking for authentication…. I wonder if we can bypass the authentication?
  6. Clue #2 The admin appears to have taken a shortcut by attempting to hide the password in plain sight
  7. Clue #1 Let’s put some unexpected characters in the input fields and see what happens
  8. Logging in successfully redirects us to a Staff Directory page where we can verify employees of Bank Global We overheard an employee in the hotel bar talking about an upcoming meeting with his boss, Sarah Connor I wonder if we can get any useful information from the Staff Directory page?
  9. Clue #1 Let’s put some unexpected characters in the input fields and see what happens
  10. Clue #1 Let’s put some unexpected characters in the input fields and see what happens
  11. Now that you have Sarah Connor’s password, I wonder if you can login to 10.10.10.1 via SSH? Let’s see what Sarah has rights to do Clue #1 in unix machines, user passwords are encrypted and stored in a file called /etc/shadow Did we get the hashes?
  12. Now that you have Sarah Connor’s password, I wonder if you can login to 10.10.10.1 via SSH? Let’s see what Sarah has rights to do Clue #1 in unix machines, user passwords are encrypted and stored in a file called /etc/shadow Did we get the hashes?
  13. Now that you have Sarah Connor’s password, I wonder if you can login to 10.10.10.1 via SSH? Let’s see what Sarah has rights to do Clue #1 in unix machines, user passwords are encrypted and stored in a file called /etc/shadow Did we get the hashes?
  14. Our port scan also showed that port 8080 was open, let’s browse to it and see what it is
  15. Our port scan also showed that port 8080 was open, let’s browse to it and see what it is
  16. Excellent! It’s an Apache Tomcat server. I heard there are ways to exploit this Let’s see if we can find a way to gain better access than what Sarah Connor had…..
  17. Clue #1 The server allows access to a Tomcat web application called the Manager. Through this application we can deploy a custom WAR file
  18. Our port scan also showed that port 8080 was open, let’s browse to it and see what it is
  19. Scenario #1 Password protected .xls We have obtained network access to a confidential spreadsheet belonging to Bank Global They decided that password protecting sheets would prevent unintended modification Will we ever find a way to modify this file???? This will be helpful later 
  20. Our port scan also showed that port 8080 was open, let’s browse to it and see what it is
  21. Scenario #2 Buffer Overflow Bank Global has written their own program to send MT103 messages without using SWIFT interfaces It is designed to ensure that only authorized personnel can send messages We have heard that it isn’t coded very well and may have some vulnerabilities present Let’s see if we can bypass the authorization required
  22. If their custom-developed program has such basic security flaws, I wonder how secure the rest of their network is?
  23. Now that you have Sarah Connor’s password, I wonder if you can login to 10.10.10.1 via SSH? Let’s see what Sarah has rights to do Clue #1 in unix machines, user passwords are encrypted and stored in a file called /etc/shadow Did we get the hashes?
  24. Misconceptions about hacking TV shows and movies make hacking look really spectacular It takes a Hollywood actor an average of 3 seconds to hack the most secure computer system They are ALWAYS successful and NEVER caught Anything can be instantly hacked: Banks, Schools, Hospitals, even time itself! Don’t believe me???? Check out one of our all time favorite hacking scenes!