Password Hacking Done Easy

Size: px

Start display at page:

Download "Password Hacking Done Easy"

Warren Bradley
7 years ago
Views:

1 November 2006 Password Hacking Done Easy Ofer Maor CTO

2 Agenda Introduction to the Modern Password Hacking Client-Side Threats Password Theft Demo Real Hacking Stories Questions & Answers 2 of 26

3 About Hacktics Security Services Company Provides wide range of services with focus on the application security field. Relies on vast experience in application level penetration testing and secure development Hacktics offers unique expertise in the technology and methodology of application security, together with out of the box thinking abilities and a keen understanding of the operational patterns of Hackers. 3 of 26

4 Introduction to Modern Hacking

5 Overview Today, most organizations create, use and externalize distributed applications implementing business processes. The increasing numbers of such applications attracts more hackers to this space In the past few years we see an increase in indirect attacks by taking over relevant clients and performing password theft 5 of 26

6 Modern Attacks Not just script kiddies professional hackers create actual exploits Target the organization s core business operations rather than technology Used by attackers with specific agenda (criminals, industrial espionage, etc.). 6 of 26

7 Client-Side Hacking Attempts to attack clients of the attacked system in order to obtain passwords, thus gaining access through the back door Client side attacks can include Phishing Trojans Complete Takeover 7 of 26

8 Client Side Hacking

9 Trojans/Malware Malicious software that is installed on the client computer Installation is either done by taking advantage of user s lack of awareness or by utilizing various exploits Trojan can perform any task in the system and allow the attacker to control it 9 of 26

10 Phishing One of the most widely used attacks in the last 2 years A mockup site is created, and users are convinced to access it rather than the original site The user then logins to the mockup site, thus providing the username and password to the attacker 10 of 26

11 Scripts Injection/XSS Attacks Most common web application vulnerability Used to bypass browser security in order to launch malicious scripts in the right context Performs an HTML injection of a JavaScript or VBScript on returning data Allows attacker to steal cookie information, steal data, execute operations on behalf of user, perform advanced phishing, etc. 11 of 26

12 Demo

13 Real Hacking Stories

14 MySpace XSS/JavaScript Worm Emerged on October 2005 First Script Based Worm in the Wild Took advantage of a script injection (persistent XSS) vulnerability in MySpace Create by a non malicious user wanting to add more friends 14 of 26

15 MySpace XSS/JavaScript Worm 15 of 26

16 The MySpace Worm Utilized Persistent XSS Script was sent via a private message Once invoked: Added samy (original creator) to friends list Changed personal description to most of all, samy is my hero Redistributed to all friends Reached over 1 MILLION MySpace users in less than 24 Hours 16 of 26

17 MySpace Fiasco Not Over 17 of 26 Many new XSS Vulnerabilities Since December Critical MySpace Vulnerabilities Leave Every Active Account Exploitable April MySpace.com - Intricate Script Injection Vulnerability June Making money with MySpace bulletin system! July 2006 MySpace Hack Spreading

18 PayPal XSS Identity Theft Used XSS to create an advanced Phishing scam stealing hundreds of users accounts credentials The XSS vulnerable page was used to redirect to a phished site (original URL was valid, making it harder to detect) Took advantage of a vulnerability in PayPal reported two years earlier! 18 of 26

19 PayPal XSS Identity Theft 19 of 26

20 SuperPhishing Attacks New Age of Phishing Solves user awareness problem One of the most organized online attacks ever to be seen Organized Russian group attacking tens to hundreds of thousands of users of over 400 online banks 20 of 26

21 SuperPhishing: The Attack Malware installed on attacked PC Works as a root-kit and creates hooks into the Internet Explorer DLLs When a site in the malware s database is accessed by the user traffic is redirected to phishing site Site then gathers login credentials as well as other user information 21 of 26

22 SuperPhishing: The Infection Uses effective infection Infection can be done through various mechanisms: Direct machine exploitation Browser vulnerabilities Mail vulnerabilities Infection takes advantage of 0-day attacks! 22 of 26

23 SuperPhishing: MultiLayer Marketing Make Cash Now! No more natural spread Users spread malware for cash A unique instance of the malware is created for each distributing user User gets paid 500$ for every 1000 hosts Organization is superb sales and support ICQ contacts are available 23 of 26

24 Summary

25 Summary Client-side password theft is one of today s most significant security threats Enterprises must therefore take the appropriate measures to provide password security Such solutions include centralizes SSO, SSL/VPN and Tokens as well as PC protection 25 of 26

26 Thank You Q & A ofer@hacktics.com

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM Agenda Introduction to Application Hacking Demonstration of Attack Tool Common Web Application Attacks Live Bank Hacking Demonstration