23
Hacking Web File Servers for iOS Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs

Hacking Web File Servers for iOS

  • Upload
    qabil

  • View
    31

  • Download
    0

Tags:

Embed Size (px)

DESCRIPTION

Hacking Web File Servers for iOS. Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs. About Me. # whoami Bruno Gonçalves de Oliveira Senior Security Consultant @ Trustwave’s SpiderLabs MSc Candidate Computer Engineer Offensive Security Talks: - PowerPoint PPT Presentation

Citation preview

Page 1: Hacking Web File Servers for iOS

Hacking Web File Servers for iOS

Bruno Gonçalves de Oliveira

Senior Security Consultant – Trustwave’s SpiderLabs

Page 2: Hacking Web File Servers for iOS

About Me

#whoami• Bruno Gonçalves de Oliveira• Senior Security Consultant @ Trustwave’s SpiderLabs

• MSc Candidate• Computer Engineer• Offensive Security• Talks:

Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC.

Hosted by OWASP & the NYC Chapter

Page 3: Hacking Web File Servers for iOS

INTRO• Smartphones

– A LOT OF information– iPhone is VERY popular

• Mobile Applications– (MOST) Poorly designed

• Old fashion vulnerabilities

Hosted by OWASP & the NYC Chapter

Page 4: Hacking Web File Servers for iOS

What are those apps?

• Designed to provide a storage system to iOS devices.

• Data can be transferred utilizing bluetooth, iTunes and FTP.

• Easiest way: HTTP protocol.

• They are very popular.

Page 5: Hacking Web File Servers for iOS

Examples

Page 6: Hacking Web File Servers for iOS

Features

• Manage/Storage files

• Create Albums, etc.

• Share Data

Page 7: Hacking Web File Servers for iOS

VULNERABILITIES

Page 8: Hacking Web File Servers for iOS

• No encryption (SSL):

Page 9: Hacking Web File Servers for iOS

• No authentication (by default):

Page 10: Hacking Web File Servers for iOS

• (Reflected) XSS

Page 11: Hacking Web File Servers for iOS

• (Persistent) XSS

Page 12: Hacking Web File Servers for iOS

• (Persistent) XSS

http://www.vulnerability-lab.com/get_content.php?id=932

Page 13: Hacking Web File Servers for iOS

• Vulnerability-Lab Advisories:http://www.vulnerability-lab.com/show.php?cat=mobile

Page 14: Hacking Web File Servers for iOS

Disclaimer

• Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.

Page 15: Hacking Web File Servers for iOS

• Path Traversal

• WiFi HD Free Path Traversal (CVE-2013-3923)• FTPDrive Path Traversal (CVE-2013-3922)• Easy File Manager Path Traversal (CVE-2013-

3921)

You probably want to test the app that you use.

Page 16: Hacking Web File Servers for iOS

• Path Traversal (DEMO)

Page 17: Hacking Web File Servers for iOS

• Easy File Manager

• Unauthorized Access to File System (CVE-2013-3960)

Page 18: Hacking Web File Servers for iOS

• Unauthorized Access to File System (CVE-2013-3960)

Page 19: Hacking Web File Servers for iOS

• Getting worst with a jailbroken device.

Page 20: Hacking Web File Servers for iOS

• Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device

Page 21: Hacking Web File Servers for iOS

• iOS 7 Security Improvement

Page 22: Hacking Web File Servers for iOS

How to find vulnerable systems

<= mDNS Watch for iOS

mDNS Queries

Page 23: Hacking Web File Servers for iOS

• Conclusions

• Mobile Apps (already) are the future.• Mobile Apps designers still don’t care too

much about security.• Too many apps, we have to take care.• Old fashion vulnerabilities still rock.


Google Hacking against Privacy - Karlstad University · called Google Hacking vulnerable servers, files and applications, files containing usernames-passwords, sensitive directories,

Google Hacking against Privacy - Karlstad University · called Google Hacking vulnerable servers, files and applications, files containing usernames-passwords, sensitive directories,

Documents
Ethical Hacking and Countermeasures - · PDF fileEthical Hacking and Countermeasures Version 6 Mod le XVIModule XVI Hacking Web Servers

Ethical Hacking and Countermeasures - · PDF fileEthical Hacking and Countermeasures Version 6 Mod le XVIModule XVI Hacking Web Servers

Documents
Hacking Pebble on iOS

Hacking Pebble on iOS

Technology
Hacking iOS on the Run: Using Cycript - Where The … · SESSION ID: Hacking iOS on the Run: Using Cycript . HTA-R04A . Sebastián Guerrero . Mobile Security Analyst . viaForensics

Hacking iOS on the Run: Using Cycript - Where The … · SESSION ID: Hacking iOS on the Run: Using Cycript . HTA-R04A . Sebastián Guerrero . Mobile Security Analyst . viaForensics

Documents
Practical iOS Applications Hacking WP

Practical iOS Applications Hacking WP

Documents
Hacking from iOS 8 to iOS 9 - PUT.ASWho We Are Team Pangu is known for releasing jailbreak tools for iOS 7.1, iOS 8, and iOS 9 We have broad security research interests Our research

Hacking from iOS 8 to iOS 9 - PUT.ASWho We Are Team Pangu is known for releasing jailbreak tools for iOS 7.1, iOS 8, and iOS 9 We have broad security research interests Our research

Documents
Hacking iOS on the Run: Using Cycript - RSA Conference · SESSION ID: Hacking iOS on the Run: Using Cycript . HTA-R04A . Sebastián Guerrero . Mobile Security Analyst . viaForensics

Hacking iOS on the Run: Using Cycript - RSA Conference · SESSION ID: Hacking iOS on the Run: Using Cycript . HTA-R04A . Sebastián Guerrero . Mobile Security Analyst . viaForensics

Documents
Hacking from iOS 8 to iOS 9 - Power Of Communitypowerofcommunity.net/poc2015/pangu.pdf · Team Pangu is known for releasing jailbreak tools for iOS 7.1, iOS 8, and iOS 9 We have broad

Hacking from iOS 8 to iOS 9 - Power Of Communitypowerofcommunity.net/poc2015/pangu.pdf · Team Pangu is known for releasing jailbreak tools for iOS 7.1, iOS 8, and iOS 9 We have broad

Documents
Hacking phones from 2013 to 2016 - Power Of Communitypowerofcommunity.net/poc2016/keen.pdf · Hacking phones from 2013 to 2016 ... iOS hacking • Part 2: Android hacking ... •

Hacking phones from 2013 to 2016 - Power Of Communitypowerofcommunity.net/poc2016/keen.pdf · Hacking phones from 2013 to 2016 ... iOS hacking • Part 2: Android hacking ... •

Documents
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Documents
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg

Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg

Technology
CNIT 128 Hacking Mobile Devices · 2020-04-29 · Hacking Mobile Devices 3. Attacking iOS Apps Part 1. Topics: Part 1 ... apps •Must install the

CNIT 128 Hacking Mobile Devices · 2020-04-29 · Hacking Mobile Devices 3. Attacking iOS Apps Part 1. Topics: Part 1 ... apps •Must install the

Documents
CEH Module 16: Hacking Web Servers

CEH Module 16: Hacking Web Servers

Documents
GreHack - SecurityLearn Resources/Practical... · Mathieu Renard/ Practical iOS Apps hacking GreHack 2012, Grenoble, France 3 Accepted Papers 3.1 Mathieu Renard/ Practical iOS Apps

GreHack - SecurityLearn Resources/Practical... · Mathieu Renard/ Practical iOS Apps hacking GreHack 2012, Grenoble, France 3 Accepted Papers 3.1 Mathieu Renard/ Practical iOS Apps

Documents
HHS Lesson 17: Hacking MobilesTitle: HHS Lesson 17: Hacking Mobiles Keywords: Cellphones, Cell, Mobiles, Devices, Gadgets, Mobile Computing, Handy, Android, iPhone, ios Created Date

HHS Lesson 17: Hacking MobilesTitle: HHS Lesson 17: Hacking Mobiles Keywords: Cellphones, Cell, Mobiles, Devices, Gadgets, Mobile Computing, Handy, Android, iPhone, ios Created Date

Documents
Hacking iOS Applications Cliquezpourmodifierlestyledu( tre( · Cliquezpourmodifierlestyledu(tre(Cliquez pour modifier le style des sous-titres du masque 1 Hacking iOS Applications

Hacking iOS Applications Cliquezpourmodifierlestyledu( tre( · Cliquezpourmodifierlestyledu(tre(Cliquez pour modifier le style des sous-titres du masque 1 Hacking iOS Applications

Documents
Ch 10: Hacking Web Servers

Ch 10: Hacking Web Servers

Education
Ch10 Hacking Web Servers it-slideshares.blogspot.com

Ch10 Hacking Web Servers it-slideshares.blogspot.com

Education
Short History Hacking Case Studies Cracked Windows Servers

Short History Hacking Case Studies Cracked Windows Servers

Documents
Hacking and Securing iOS Apps : Part 1

Hacking and Securing iOS Apps : Part 1

Technology
iOS Hacking: Advanced Pentest & Forensic Techniques

iOS Hacking: Advanced Pentest & Forensic Techniques

Science
Information About Cisco IOS SLB · Information About Cisco IOS SLB ... By distributing user requests across a cluster of servers, IOS SLB optimizes responsiveness and system capacity,

Information About Cisco IOS SLB · Information About Cisco IOS SLB ... By distributing user requests across a cluster of servers, IOS SLB optimizes responsiveness and system capacity,

Documents
Hacking and securing ios applications

Hacking and securing ios applications

Education
Ethical Hacking - sevenmentor.com1.0 Introduction to Ethical Hacking 2.0 Footprinting, Scanning, and Enumeration 3.0 Hacking Web servers and Web applications 4.0 DoS, SQL injection,

Ethical Hacking - sevenmentor.com1.0 Introduction to Ethical Hacking 2.0 Footprinting, Scanning, and Enumeration 3.0 Hacking Web servers and Web applications 4.0 DoS, SQL injection,

Documents
CrikeyCon 2015 - iOS Runtime Hacking Crash Course

CrikeyCon 2015 - iOS Runtime Hacking Crash Course

Mobile
Hacking and Securing iOS Applications Resources/Hacking an… · HACKING AND SECURING IOS APPLICATIONS -Satish B . ... Verifies the integrity of the app code at rest & runtime

Hacking and Securing iOS Applications Resources/Hacking an… · HACKING AND SECURING IOS APPLICATIONS -Satish B . ... Verifies the integrity of the app code at rest & runtime

Documents
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014

Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014

Education
IOS security and hacking

IOS security and hacking

Documents
Hacking from iOS 8 to iOS 9 - pangublog.pangu.io/wp-content/uploads/2015/11/POC2015_RUXCON2015.pdf · Who We Are Team Pangu is known for releasing jailbreak tools for iOS 7.1, iOS

Hacking from iOS 8 to iOS 9 - pangublog.pangu.io/wp-content/uploads/2015/11/POC2015_RUXCON2015.pdf · Who We Are Team Pangu is known for releasing jailbreak tools for iOS 7.1, iOS

Documents
Hacking apple accessories to pown iDevices2013.hackitoergosum.org/presentations/Day3-04.Hacking apple accessories to pown... · – HACK.lu 2012 • Hacking iOS Application . 3

Hacking apple accessories to pown iDevices2013.hackitoergosum.org/presentations/Day3-04.Hacking apple accessories to pown... · – HACK.lu 2012 • Hacking iOS Application . 3

Documents