SlideShare ist ein Scribd-Unternehmen logo

Hogy jussunk ki lezárt hálózatokból?

Als PPTX, PDF herunterladen
H
hackersuli

https://www.meetup.com/Budapest-Hackersuli-Meetup/events/249419257/

Internet
1 von 38
XFLTReaT: Hogy jussunk ki lezárt hálózatokból? Balázs Bucsay / @xoreipeip Senior Security Consultant @ NCC Group
Workshop • Needed: • VMware OR VirtualBox • Windows Vista SP1 or later installed • Virtual Machine distributed • 5-6Gb free space • Windows and Linux BASIC skills • Grab it: • USB sticks • http://192.168.121.1/
Bio / Balázs Bucsay • Senior Security Consultant @ NCC Group • Strictly technical certificates: OSCE, OSCP, OSWP, GIAC GPEN, CREST CCT Inf • Former Research Director @ MRG Effitas • Twitter: @xoreipeip • Linkedin: https://www.linkedin.com/in/bucsayb
Presentations • Talks around the world: • North America: Hacker Halted, Shakacon • Australia: RuxCon • Asia: Hack in the Box GSEC • Europe: • DeepSec / Vienna (AT) • BruCON / Ghent (BE) • PHDays / Moscow (RU) • HackCon / Oslo (NO) • Hacktivity / Budapest (HU) • Inf. Gov. & eDisc. Summit / London (UK) @xoreipeip
DISCLAIMER
MAC Address Change • MAC => Media Access Control • Every modern network device has a MAC address • It can be changed • When/why to change? • Free limited sessions (20 min) • Steal other ppl session • Don’t be a jerk! • MAC collision would make both of you miserable
Alternative gateways • Gateways/routers are routing the traffic • Very rare • Maybe there is another gateway on the network • Change router to the unfiltered one
Misconfigured proxies • Check if the proxy allows: • to connect to external sites • GET http://external.host HTTP/1.0 • to make a connection to HTTP ports (tcp/80; 8080; 8443…) • HTTP CONNECT • to connect specific ports (tcp/21; 25) • Broken HTTP or byte streams • One of the mobile operators was an example
Misconfigured firewalls • ICMP is allowed (ping) • UDP on 53 allowed (DNS) • TCP on 21/80/443/465/587 Not really misconfiguration but: • Protocol specific traffic is allowed: • DNS is allowed • HTTP • etc.
Tunnels
Without a tunnel @xoreipeip
With a tunnel @xoreipeip
Tunnelling theory 101 / MTU @xoreipeip
What is XFLTReaT? XFLTReaT (say exfil-treat or exfiltrate) • Tunnelling framework • Open-source • Python based • OOP • Modular • Multi client • Plug and Play (at least as easy as it can be) • Check functionality • STILL NOT PRODUCTION GRADE @xoreipeip
Check functionality • Easy way to figure out, which protocol is not filtered on the network • Automated approach: No deep knowledge is needed • Client sends a challenge over the selected (or all) modules to the server • If the server responses with the solution: • We know that the server is up and running • The specific module/protocol is working over the network • Connection can be made @xoreipeip
Multi Operating System Support @xoreipeip Linux MacOS(X) Windows FreeBSD OpenBSD NetBSD TCP Generic Supported Supported Supported N/A N/A N/A UDP Generic Supported Supported N/A N/A N/A N/A ICMP Supported Supported N/A N/A N/A N/A SOCKS Supported Supported Supported N/A N/A N/A HTTP CONNECT Supported Supported Supported N/A N/A N/A DNS PoC N/A N/A N/A N/A N/A SCTP Supported N/A N/A N/A N/A N/A WebSocket Supported Supported N/A N/A N/A N/A RDP N/A N/A Supported N/A N/A N/A
Module tree @xoreipeip
WORKSHOP 1
Install • Ubuntu VM • Network should be NAT’d (Share with my Windows/Mac) • Default user: user ; password: user • # sudo bash • # dhclient ens33 OR dhclient enp0s3 • # ping 8.8.8.8 • # cd /home/user/xfltreat/ • Use text editor to open xfltreat.conf • CHANGE YOUR CLIENT PRIVATE IP ADDRESS (clientip = 10.9.0.XXX) • Enable modules: TCP, UDP, ICMP @xoreipeip
Check + Client mode • python2.7 xfltreat.py --check • Open browser • http://www.whatismyipaddress.com • Change config, enable ONLY ONE module that worked • python2.7 xfltreat.py --client --verbose=2 • Check your IP again in the browser • Repeat with a different module @xoreipeip
Dynamic Virtual Channels • Introduced in Window Server 2008 & Windows Vista SP1 • Bi-directional channels can be created in the active RDP session • How it works: • DLL plugin have to be loaded in the mstsc.exe process’ context • When initialized it creates a listener with the channel name • Magic happens only when the server connects to channel explicitly • This is how Copy&Paste, Remote drives, remote hardware are working thru RDP • Plugin could be implemented for Unices (FreeRDP) @xoreipeip
Universal Dynamic Virtual Channel Connector • https://github.com/earthquake/UniversalDVC/ • Two parts: • .DLL that needs to be registered on the client (mstsc.exe) • .REG file if other user is used than the Administrator • .EXE that can be used on the server • Three modes for both sides: • listen() • connect() • Named Pipe @xoreipeip
Universal DVC Connector example use cases/1 @xoreipeip
Universal DVC Connector example use cases/2 @xoreipeip
Universal DVC Connector example use cases/3 @xoreipeip
Elevator pitch • Have you ever struggled testing over a Windows Jump box? • Have you been asked to provide a list of tools that you need for testing? • Have you spent a day or half a day installing your tools and still forgot something to get approved? @xoreipeip
RDP module • Windows only + Server mode only • Disappointing bit that all stuff needs to be configured/installed • 8 Mbps with the module itself • 18 Mbps with UDVC + TCP Generic module • Win32 API calls from Python is not a good idea • Threading could help, maybe calling functions directly too • NAT’d – because it is TUN and not TAP @xoreipeip
WORKSHOP 2
Install • Windows • Are you using Vista SP1 or newer? • Are you using 32bit or 64bit Windows? • Install vc_redist.x86 / x64.exe • Unzip the right zip file • Open a cmd/powershell with Administrator rights • regsvr32.exe /u UDVC-Plugin[x86 | x64].dll @xoreipeip
Install • Windows • Is your user not an Administrator? • Double click on UDVC-Plugin.reg (from Github) • Start regedit.exe and go to: HKEY_CURRENT_USERSOFTWAREMicrosoftTerminal Server ClientDefaultAddInsUDVC-Plugin • Change ip to 0.0.0.0 @xoreipeip
Config UDVC + connect RDP • enabled -> 1 • mode -> 0 • ip -> 0.0.0.0 • port -> 31337 • Start mstsc.exe (Remote Desktop Client) • Connect: 18.184.9.137 • User: xfl[your number] • Password: HekkerSuli18 @xoreipeip
Start XFLTReaT • Server side: • C:xfltreat • python xfltreat.py --server • Client side • edit xfltreat.py • Set the IP of the RDP Client (RDP Client IP!) • Enable only TCP Generic module • Modify port to 31337 • python xfltreat.py --client @xoreipeip
Find the secret service • Target: 172.31.34.175 • Command: nmap -vvv -n 172.31.34.175 • What does it say? Netcat it! @xoreipeip
Offense • Bypass basic obstacles • Specific ports are unfiltered (TCP / UDP) • DNS allowed • ICMP allowed • Bypass not that basic obstacles • Specific protocol allowed (IPS or any other active device in place) • Special authentication required • Test over jump boxes – segregated networks • Exfiltrate information from internal networks • Get unfiltered internet access @xoreipeip
Already released @xoreipeip http://xfltreat.info https://github.com/earthquake/XFLTReaT
TODO + Help me! @xoreipeip • What to do next? • Commenting • Bug fixes • Authentication + encryption modules • New modules • How can you help? • Help develop stuff (use next-version branch) • Follow me on twitter, retweet XFLTReaT related tweets
Q&A - Thank you for your attention Balazs Bucsay / @xoreipeip
Office Locations Europe Manchester - Head Office Amsterdam Basingstoke Cambridge Copenhagen Cheltenham Delft Edinburgh Glasgow The Hague Leatherhead Leeds London Madrid Malmö Milton Keynes Munich Vilnius Zurich North America Atlanta, GA Austin, TX Boston, MA Campbell, CA Chicago, IL Kitchener, ON New York, NY San Francisco, CA Seattle, WA Sunnyvale, CA Toronto, ON Asia-Pacific Singapore Sydney Middle East Dubai

Empfohlen

Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
 
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)Balazs Bucsay
 
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)Balazs Bucsay
 
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)Balazs Bucsay
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)Balazs Bucsay
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsBalazs Bucsay
 
China.z / Trojan.XorDDOS - Analysis of a hack
China.z / Trojan.XorDDOS - Analysis of a hackChina.z / Trojan.XorDDOS - Analysis of a hack
China.z / Trojan.XorDDOS - Analysis of a hackhendrikvb
 
Build and deployment
Build and deploymentBuild and deployment
Build and deploymentWO Community
 

Empfohlen

Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
 
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)Balazs Bucsay
 
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)Balazs Bucsay
 
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)Balazs Bucsay
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)Balazs Bucsay
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsBalazs Bucsay
 
China.z / Trojan.XorDDOS - Analysis of a hack
China.z / Trojan.XorDDOS - Analysis of a hackChina.z / Trojan.XorDDOS - Analysis of a hack
China.z / Trojan.XorDDOS - Analysis of a hackhendrikvb
 
Build and deployment
Build and deploymentBuild and deployment
Build and deploymentWO Community
 
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsWO Community
 
.NET on Linux: Entity Framework Core 1.0
.NET on Linux: Entity Framework Core 1.0.NET on Linux: Entity Framework Core 1.0
.NET on Linux: Entity Framework Core 1.0All Things Open
 
Powering up on power shell avengercon - 2018
Powering up on power shell avengercon - 2018Powering up on power shell avengercon - 2018
Powering up on power shell avengercon - 2018Fernando Tomlinson, CISSP, MBA
 
UCL All of the Things (MeetBSD California 2014 Lightning Talk)
UCL All of the Things (MeetBSD California 2014 Lightning Talk)UCL All of the Things (MeetBSD California 2014 Lightning Talk)
UCL All of the Things (MeetBSD California 2014 Lightning Talk)iXsystems
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Chris Tankersley
 
Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Shahriman .
 
Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?inaz2
 
Injection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesInjection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesenSilo
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
 
The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10mark-smith
 
Salt at school
Salt at schoolSalt at school
Salt at schoolFlavio Castelli
 
OpenZFS - BSDcan 2014
OpenZFS - BSDcan 2014OpenZFS - BSDcan 2014
OpenZFS - BSDcan 2014Matthew Ahrens
 
Burp Suite Extensions
Burp Suite ExtensionsBurp Suite Extensions
Burp Suite ExtensionsNeelu Tripathy
 
Bypassing patchguard on Windows 8.1 and Windows 10
Bypassing patchguard on Windows 8.1 and Windows 10Bypassing patchguard on Windows 8.1 and Windows 10
Bypassing patchguard on Windows 8.1 and Windows 10Honorary_BoT
 
From P0W3R to SH3LL
From P0W3R to SH3LLFrom P0W3R to SH3LL
From P0W3R to SH3LLArthur Paixão
 
Keynote - Fluentd meetup v14
Keynote - Fluentd meetup v14Keynote - Fluentd meetup v14
Keynote - Fluentd meetup v14Treasure Data, Inc.
 
OpenZFS code repository
OpenZFS code repositoryOpenZFS code repository
OpenZFS code repositoryMatthew Ahrens
 
Project Basecamp: News From Camp 4
Project Basecamp: News From Camp 4Project Basecamp: News From Camp 4
Project Basecamp: News From Camp 4Digital Bond
 
Containers: Anti Pattern
Containers: Anti PatternContainers: Anti Pattern
Containers: Anti PatternJeeva Chelladhurai
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxWO Community
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingShakacon
 

Weitere ähnliche Inhalte

Was ist angesagt?

Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsWO Community
 
.NET on Linux: Entity Framework Core 1.0
.NET on Linux: Entity Framework Core 1.0.NET on Linux: Entity Framework Core 1.0
.NET on Linux: Entity Framework Core 1.0All Things Open
 
UCL All of the Things (MeetBSD California 2014 Lightning Talk)
UCL All of the Things (MeetBSD California 2014 Lightning Talk)UCL All of the Things (MeetBSD California 2014 Lightning Talk)
UCL All of the Things (MeetBSD California 2014 Lightning Talk)iXsystems
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Chris Tankersley
 
Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Shahriman .
 
Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?inaz2
 
Injection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesInjection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesenSilo
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
 
The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10mark-smith
 
Bypassing patchguard on Windows 8.1 and Windows 10
Bypassing patchguard on Windows 8.1 and Windows 10Bypassing patchguard on Windows 8.1 and Windows 10
Bypassing patchguard on Windows 8.1 and Windows 10Honorary_BoT
 
OpenZFS code repository
OpenZFS code repositoryOpenZFS code repository
OpenZFS code repositoryMatthew Ahrens
 
Project Basecamp: News From Camp 4
Project Basecamp: News From Camp 4Project Basecamp: News From Camp 4
Project Basecamp: News From Camp 4Digital Bond
 

Was ist angesagt? (20)

Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systems
 
.NET on Linux: Entity Framework Core 1.0
.NET on Linux: Entity Framework Core 1.0.NET on Linux: Entity Framework Core 1.0
.NET on Linux: Entity Framework Core 1.0
 
Powering up on power shell avengercon - 2018
Powering up on power shell avengercon - 2018Powering up on power shell avengercon - 2018
Powering up on power shell avengercon - 2018
 
UCL All of the Things (MeetBSD California 2014 Lightning Talk)
UCL All of the Things (MeetBSD California 2014 Lightning Talk)UCL All of the Things (MeetBSD California 2014 Lightning Talk)
UCL All of the Things (MeetBSD California 2014 Lightning Talk)
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015
 
Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.
 
Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?
 
Injection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesInjection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniques
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 
The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10
 
Salt at school
Salt at schoolSalt at school
Salt at school
 
OpenZFS - BSDcan 2014
OpenZFS - BSDcan 2014OpenZFS - BSDcan 2014
OpenZFS - BSDcan 2014
 
Burp Suite Extensions
Burp Suite ExtensionsBurp Suite Extensions
Burp Suite Extensions
 
Bypassing patchguard on Windows 8.1 and Windows 10
Bypassing patchguard on Windows 8.1 and Windows 10Bypassing patchguard on Windows 8.1 and Windows 10
Bypassing patchguard on Windows 8.1 and Windows 10
 
From P0W3R to SH3LL
From P0W3R to SH3LLFrom P0W3R to SH3LL
From P0W3R to SH3LL
 
Keynote - Fluentd meetup v14
Keynote - Fluentd meetup v14Keynote - Fluentd meetup v14
Keynote - Fluentd meetup v14
 
OpenZFS code repository
OpenZFS code repositoryOpenZFS code repository
OpenZFS code repository
 
Project Basecamp: News From Camp 4
Project Basecamp: News From Camp 4Project Basecamp: News From Camp 4
Project Basecamp: News From Camp 4
 
Containers: Anti Pattern
Containers: Anti PatternContainers: Anti Pattern
Containers: Anti Pattern
 

Ähnlich wie Hogy jussunk ki lezárt hálózatokból?

Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxWO Community
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingShakacon
 
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesVorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesDefconRussia
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
 
Windows internals
Windows internalsWindows internals
Windows internalsPiyush Jain
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshootingSkillspire LLC
 
Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)Hajime Tazaki
 
OpenStack - JobShop @Iași, 2016
OpenStack - JobShop @Iași, 2016OpenStack - JobShop @Iași, 2016
OpenStack - JobShop @Iași, 2016Alexandru Coman
 
Opening last bits of the infrastructure
Opening last bits of the infrastructureOpening last bits of the infrastructure
Opening last bits of the infrastructureErwan Velu
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingDonnie Berkholz
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
 
introduction to node.js
introduction to node.jsintroduction to node.js
introduction to node.jsorkaplan
 
Puppet Camp Boston 2014: Keynote
Puppet Camp Boston 2014: Keynote Puppet Camp Boston 2014: Keynote
Puppet Camp Boston 2014: Keynote Puppet
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016Ben Chou
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellN Masahiro
 

Ähnlich wie Hogy jussunk ki lezárt hálózatokból? (20)

Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS Linux
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnelling
 
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesVorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
 
Powering up on PowerShell - BSides Greenville 2019
Powering up on PowerShell - BSides Greenville 2019Powering up on PowerShell - BSides Greenville 2019
Powering up on PowerShell - BSides Greenville 2019
 
How we use Twisted in Launchpad
How we use Twisted in LaunchpadHow we use Twisted in Launchpad
How we use Twisted in Launchpad
 
Windows internals
Windows internalsWindows internals
Windows internals
 
PROCESS WARP
PROCESS WARPPROCESS WARP
PROCESS WARP
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshooting
 
Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)
 
OpenStack - JobShop @Iași, 2016
OpenStack - JobShop @Iași, 2016OpenStack - JobShop @Iași, 2016
OpenStack - JobShop @Iași, 2016
 
Opening last bits of the infrastructure
Opening last bits of the infrastructureOpening last bits of the infrastructure
Opening last bits of the infrastructure
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
introduction to node.js
introduction to node.jsintroduction to node.js
introduction to node.js
 
Puppet Camp Boston 2014: Keynote
Puppet Camp Boston 2014: Keynote Puppet Camp Boston 2014: Keynote
Puppet Camp Boston 2014: Keynote
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
 
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
 

Mehr von hackersuli

2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______hackersuli
 
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiájahackersuli
 
[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchainhackersuli
 
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptxhackersuli
 
[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelesehackersuli
 
Hackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknekHackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknekhackersuli
 
HUN Hackersuli - How to hack an airplane
HUN Hackersuli - How to hack an airplaneHUN Hackersuli - How to hack an airplane
HUN Hackersuli - How to hack an airplanehackersuli
 
[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scamshackersuli
 
[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknanhackersuli
 
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapokhackersuli
 
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, futurehackersuli
 
Hackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOADHackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOADhackersuli
 
[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengershackersuli
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Holehackersuli
 
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...hackersuli
 
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...hackersuli
 
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...hackersuli
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákhackersuli
 
Hardware hacking 1x1 by Dnet
Hardware hacking 1x1 by DnetHardware hacking 1x1 by Dnet
Hardware hacking 1x1 by Dnethackersuli
 
Hogy néz ki egy pentest meló a gyakorlatban?
Hogy néz ki egy pentest meló a gyakorlatban?Hogy néz ki egy pentest meló a gyakorlatban?
Hogy néz ki egy pentest meló a gyakorlatban?hackersuli
 

Mehr von hackersuli (20)

2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______
 
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
 
[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain
 
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
 
[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese
 
Hackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknekHackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknek
 
HUN Hackersuli - How to hack an airplane
HUN Hackersuli - How to hack an airplaneHUN Hackersuli - How to hack an airplane
HUN Hackersuli - How to hack an airplane
 
[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams
 
[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan
 
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
 
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
 
Hackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOADHackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOAD
 
[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
 
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
 
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
 
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicák
 
Hardware hacking 1x1 by Dnet
Hardware hacking 1x1 by DnetHardware hacking 1x1 by Dnet
Hardware hacking 1x1 by Dnet
 
Hogy néz ki egy pentest meló a gyakorlatban?
Hogy néz ki egy pentest meló a gyakorlatban?Hogy néz ki egy pentest meló a gyakorlatban?
Hogy néz ki egy pentest meló a gyakorlatban?
 

Kürzlich hochgeladen

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxBipin Adhikari
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 

Kürzlich hochgeladen (20)

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptx
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 

Hogy jussunk ki lezárt hálózatokból?

  • 1. XFLTReaT: Hogy jussunk ki lezárt hálózatokból? Balázs Bucsay / @xoreipeip Senior Security Consultant @ NCC Group
  • 2. Workshop • Needed: • VMware OR VirtualBox • Windows Vista SP1 or later installed • Virtual Machine distributed • 5-6Gb free space • Windows and Linux BASIC skills • Grab it: • USB sticks • http://192.168.121.1/
  • 3. Bio / Balázs Bucsay • Senior Security Consultant @ NCC Group • Strictly technical certificates: OSCE, OSCP, OSWP, GIAC GPEN, CREST CCT Inf • Former Research Director @ MRG Effitas • Twitter: @xoreipeip • Linkedin: https://www.linkedin.com/in/bucsayb
  • 4. Presentations • Talks around the world: • North America: Hacker Halted, Shakacon • Australia: RuxCon • Asia: Hack in the Box GSEC • Europe: • DeepSec / Vienna (AT) • BruCON / Ghent (BE) • PHDays / Moscow (RU) • HackCon / Oslo (NO) • Hacktivity / Budapest (HU) • Inf. Gov. & eDisc. Summit / London (UK) @xoreipeip
  • 6. MAC Address Change • MAC => Media Access Control • Every modern network device has a MAC address • It can be changed • When/why to change? • Free limited sessions (20 min) • Steal other ppl session • Don’t be a jerk! • MAC collision would make both of you miserable
  • 7. Alternative gateways • Gateways/routers are routing the traffic • Very rare • Maybe there is another gateway on the network • Change router to the unfiltered one
  • 8. Misconfigured proxies • Check if the proxy allows: • to connect to external sites • GET http://external.host HTTP/1.0 • to make a connection to HTTP ports (tcp/80; 8080; 8443…) • HTTP CONNECT • to connect specific ports (tcp/21; 25) • Broken HTTP or byte streams • One of the mobile operators was an example
  • 9. Misconfigured firewalls • ICMP is allowed (ping) • UDP on 53 allowed (DNS) • TCP on 21/80/443/465/587 Not really misconfiguration but: • Protocol specific traffic is allowed: • DNS is allowed • HTTP • etc.
  • 13. Tunnelling theory 101 / MTU @xoreipeip
  • 14. What is XFLTReaT? XFLTReaT (say exfil-treat or exfiltrate) • Tunnelling framework • Open-source • Python based • OOP • Modular • Multi client • Plug and Play (at least as easy as it can be) • Check functionality • STILL NOT PRODUCTION GRADE @xoreipeip
  • 15. Check functionality • Easy way to figure out, which protocol is not filtered on the network • Automated approach: No deep knowledge is needed • Client sends a challenge over the selected (or all) modules to the server • If the server responses with the solution: • We know that the server is up and running • The specific module/protocol is working over the network • Connection can be made @xoreipeip
  • 16. Multi Operating System Support @xoreipeip Linux MacOS(X) Windows FreeBSD OpenBSD NetBSD TCP Generic Supported Supported Supported N/A N/A N/A UDP Generic Supported Supported N/A N/A N/A N/A ICMP Supported Supported N/A N/A N/A N/A SOCKS Supported Supported Supported N/A N/A N/A HTTP CONNECT Supported Supported Supported N/A N/A N/A DNS PoC N/A N/A N/A N/A N/A SCTP Supported N/A N/A N/A N/A N/A WebSocket Supported Supported N/A N/A N/A N/A RDP N/A N/A Supported N/A N/A N/A
  • 19. Install • Ubuntu VM • Network should be NAT’d (Share with my Windows/Mac) • Default user: user ; password: user • # sudo bash • # dhclient ens33 OR dhclient enp0s3 • # ping 8.8.8.8 • # cd /home/user/xfltreat/ • Use text editor to open xfltreat.conf • CHANGE YOUR CLIENT PRIVATE IP ADDRESS (clientip = 10.9.0.XXX) • Enable modules: TCP, UDP, ICMP @xoreipeip
  • 20. Check + Client mode • python2.7 xfltreat.py --check • Open browser • http://www.whatismyipaddress.com • Change config, enable ONLY ONE module that worked • python2.7 xfltreat.py --client --verbose=2 • Check your IP again in the browser • Repeat with a different module @xoreipeip
  • 21. Dynamic Virtual Channels • Introduced in Window Server 2008 & Windows Vista SP1 • Bi-directional channels can be created in the active RDP session • How it works: • DLL plugin have to be loaded in the mstsc.exe process’ context • When initialized it creates a listener with the channel name • Magic happens only when the server connects to channel explicitly • This is how Copy&Paste, Remote drives, remote hardware are working thru RDP • Plugin could be implemented for Unices (FreeRDP) @xoreipeip
  • 22. Universal Dynamic Virtual Channel Connector • https://github.com/earthquake/UniversalDVC/ • Two parts: • .DLL that needs to be registered on the client (mstsc.exe) • .REG file if other user is used than the Administrator • .EXE that can be used on the server • Three modes for both sides: • listen() • connect() • Named Pipe @xoreipeip
  • 23. Universal DVC Connector example use cases/1 @xoreipeip
  • 24. Universal DVC Connector example use cases/2 @xoreipeip
  • 25. Universal DVC Connector example use cases/3 @xoreipeip
  • 26. Elevator pitch • Have you ever struggled testing over a Windows Jump box? • Have you been asked to provide a list of tools that you need for testing? • Have you spent a day or half a day installing your tools and still forgot something to get approved? @xoreipeip
  • 27. RDP module • Windows only + Server mode only • Disappointing bit that all stuff needs to be configured/installed • 8 Mbps with the module itself • 18 Mbps with UDVC + TCP Generic module • Win32 API calls from Python is not a good idea • Threading could help, maybe calling functions directly too • NAT’d – because it is TUN and not TAP @xoreipeip
  • 29. Install • Windows • Are you using Vista SP1 or newer? • Are you using 32bit or 64bit Windows? • Install vc_redist.x86 / x64.exe • Unzip the right zip file • Open a cmd/powershell with Administrator rights • regsvr32.exe /u UDVC-Plugin[x86 | x64].dll @xoreipeip
  • 30. Install • Windows • Is your user not an Administrator? • Double click on UDVC-Plugin.reg (from Github) • Start regedit.exe and go to: HKEY_CURRENT_USERSOFTWAREMicrosoftTerminal Server ClientDefaultAddInsUDVC-Plugin • Change ip to 0.0.0.0 @xoreipeip
  • 31. Config UDVC + connect RDP • enabled -> 1 • mode -> 0 • ip -> 0.0.0.0 • port -> 31337 • Start mstsc.exe (Remote Desktop Client) • Connect: 18.184.9.137 • User: xfl[your number] • Password: HekkerSuli18 @xoreipeip
  • 32. Start XFLTReaT • Server side: • C:xfltreat • python xfltreat.py --server • Client side • edit xfltreat.py • Set the IP of the RDP Client (RDP Client IP!) • Enable only TCP Generic module • Modify port to 31337 • python xfltreat.py --client @xoreipeip
  • 33. Find the secret service • Target: 172.31.34.175 • Command: nmap -vvv -n 172.31.34.175 • What does it say? Netcat it! @xoreipeip
  • 34. Offense • Bypass basic obstacles • Specific ports are unfiltered (TCP / UDP) • DNS allowed • ICMP allowed • Bypass not that basic obstacles • Specific protocol allowed (IPS or any other active device in place) • Special authentication required • Test over jump boxes – segregated networks • Exfiltrate information from internal networks • Get unfiltered internet access @xoreipeip
  • 36. TODO + Help me! @xoreipeip • What to do next? • Commenting • Bug fixes • Authentication + encryption modules • New modules • How can you help? • Help develop stuff (use next-version branch) • Follow me on twitter, retweet XFLTReaT related tweets
  • 37. Q&A - Thank you for your attention Balazs Bucsay / @xoreipeip
  • 38. Office Locations Europe Manchester - Head Office Amsterdam Basingstoke Cambridge Copenhagen Cheltenham Delft Edinburgh Glasgow The Hague Leatherhead Leeds London Madrid Malmö Milton Keynes Munich Vilnius Zurich North America Atlanta, GA Austin, TX Boston, MA Campbell, CA Chicago, IL Kitchener, ON New York, NY San Francisco, CA Seattle, WA Sunnyvale, CA Toronto, ON Asia-Pacific Singapore Sydney Middle East Dubai

Hinweis der Redaktion

  1. Kicsit clickbait-es cim Mi a hacker? Hackeles. Nem megyunk bele, nem is tudnam kifejteni. Nem lehet mindent kijatszani, nem arrol van szo h mikent lopj meg masokat Technologiat alapjaiban kell megerteni, megnezni mi mire valo, mi mukodik az aktualis helyzetben es atgondolni, hogy ez mikent hasznalhato ki. Amit megtanulsz: hasznalni egy toolt ami jo erre. Par otletet kapni mikent valosithato meg a cel
  2. Mi az h tunnel, vpn? Ismeros?
  3. TCP 334 HTTP CONNECT 147