@NTXISSA #NTXISSACSC3

How I Hacked The Government

And Got Away With It

Steven Hatfield II

@drb0n3z

Security System Senior Advisor

Dell

10/03/2015

@NTXISSA #NTXISSACSC3

Topics

• Legal Disclaimer

• Explanation

• Walkthrough

• Ways to Improve

• In Summary

NTX ISSA Cyber Security Conference – October 2-3, 2015 2

@NTXISSA #NTXISSACSC3 3

Legal Disclaimer

@NTXISSA #NTXISSACSC3 4

Explanation

@NTXISSA #NTXISSACSC3 5

Walkthrough

• Certified Ethical Hacker (CEHv7)

Course DescriptionThis Advanced Network Assessment prep course is a self-study resource designed to help students prepare to sit for the Certified Ethical Hacker CEHv7 exam. Specialty Area(s): Systems Security Analysis, Computer Network Defense, Vulnerability Assessment and Management Training Proficiency Level: Level 3 – Advanced

Certified Ethical Hacker CEHv7 OverviewCEHv7 Overview Download

Ethical Hacking Introduction DownloadEthical Hacking Terminology DownloadHacking Phases and Vul Research Download

@NTXISSA #NTXISSACSC3 6

Walkthrough

Let’s look closer at the PDF’s and “Downloads” by viewing page source

*/launcher.php?course=20&group=1

*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T01_STEP.pdf‘*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T02_STEP.pdf‘*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T03_STEP.pdf‘*'courses/CEHv7/course/videos/pdf/CEHv7_D01_S01_T04_STEP.pdf‘…*'courses/CEHv7/course/videos/pdf/CEHv7_D05_S03_T04_STEP.pdf‘…*'courses/CEHv7/course/videos/pdf/CEHv7_Demo 3 - SQL Injection_STEP.pdf'

@NTXISSA #NTXISSACSC3 7

Walkthrough

Now the videos…

@NTXISSA #NTXISSACSC3 8

Walkthrough

Can you download that too? Let’s look at the PAGE source…

*/courses/CEHv7/index01.htm

@NTXISSA #NTXISSACSC3 9

Walkthrough

Well that was jibberish. Let’s look at the FRAME source…

*/courses/CEHv7/course/container_01.htm

@NTXISSA #NTXISSACSC3 10

Walkthrough

Familiarity among the urls….what happens if we try the video url in a page?

@NTXISSA #NTXISSACSC3 11

Walkthrough

And 02…?

@NTXISSA #NTXISSACSC3 12

Walkthrough

And 03…?

@NTXISSA #NTXISSACSC3 13

Walkthrough

Now let’s get scary…

Can I download from the command line?

@NTXISSA #NTXISSACSC3 14

Walkthrough

And there you have an UNAUTHENTICATED WGET to the website pulling a copy of the video.

Can you guess how stupid this is?

So, now that we have a vulnerability….how do we report it?

@NTXISSA #NTXISSACSC3 15

Walkthrough

Email is one way…

That didn’t get ANY responses of course.

How about Twitter? All the three letters are on Twitter!

@NTXISSA #NTXISSACSC3 16

Walkthrough

Attempt 1…

@NTXISSA #NTXISSACSC3 17

Walkthrough

Attempt 1……ok REALLY attempt 1….

@NTXISSA #NTXISSACSC3 18

Walkthrough

Attempt 2…

@NTXISSA #NTXISSACSC3 19

Walkthrough

Attempt 3 & 4 & 5…

@NTXISSA #NTXISSACSC3 20

Walkthrough

Attempt 6…

@NTXISSA #NTXISSACSC3 21

Walkthrough

Jokes…

@NTXISSA #NTXISSACSC3 22

Walkthrough

Attempt 7…

@NTXISSA #NTXISSACSC3 23

Walkthrough

Attempt 8…

@NTXISSA #NTXISSACSC3 24

Walkthrough

Attempt 8…

@NTXISSA #NTXISSACSC3 25

Ways to Improve

• Bug Bounties- Provides responsible disclosure- Allows for “hackers” to earn cash responsibly- Has proven to be responsive- (Google)Rewards for qualifying bugs typically range from $500 to $50,000.

• BugCrowd (https://bugcrowd.com/list-of-bug-bounty-programs)

@NTXISSA #NTXISSACSC3 26

Ways to Improve

• Even if they don’t/won’t provide a bug bounty program…- A central email/Twitter/Anonymous submission program to report vulnerabilities

• Doing Code Audit…

• Running a real Vulnerability Management Program…

@NTXISSA #NTXISSACSC3 27

In Summary

• The Government SUCKS at security. Look at OPM…

• With the right people in place, there is tons of room for improvement.

• Current means of connecting and reporting is going on deaf ears.

• Even current Government employees are wanting this to improve, but when they bring this up, it also falls on deaf ears or falls through budget cracks.

@NTXISSA #NTXISSACSC3 28

Questions

@NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3

The Collin College Engineering Department

Collin College Student Chapter of the North Texas ISSA

North Texas ISSA (Information Systems Security Association)

NTX ISSA Cyber Security Conference – October 2-3, 2015 29

Thank you