Challenges

Desde siempre me han gustado los retos.

Empecé en http://hispabyte.net/ realizando lo más básico en el foro (Gracias @Cabrero1964)… Viví Boinas negras e Izhal… Continué con algunos más completos como http://www.hackthissite.org/… Colaboré en algunos mucho más currados como http://yoire.com/… Rompí mi cabeza en sitios como http://bright-shadows.net/ (Gracias @Phas, con quien intenté elaborar un sitio de retos)… y finalmente se me han pasado muchisimos otros, como los de SecurityByDefault, otros del Maligno, etc, etc, etc (no recuerdo el nombre de los que van por terminal… pero han sido siempre muy interesantes). Aún así, superé 0 retos en la última DEFCON CTF (olé!).

Estos últimos días estoy dedicando bastante tiempo a un nuevo site… http://securitytraps.no-ip.pl (Gracias al equipo Activalink http://blog.activalink.org/ (¡que buenos son los cabroncetes!)).

Lo que más me ha impacto respecto a muchos de los otros retos vividos es lo que llegas a aprender. A diferencia del resto de retos, los cuales son pasables sólo si tienes una idea feliz, es que estos son bastante sencillos y simples, pero necesitas ENTENDER y optimizar lo que estas haciendo. La mayoria de pruebas son con el código fuente y el objetivo es conseguir la excepción de ese pedazito de código.

A mi me ha enseñado a ser más paciente y persistente los retos más jodidos, yendo pasito a pasito, y finalmente, poder decir que has aprendido cosas nuevas. Es cuestión de leer bien, localizar los conceptos clave, y buscar información hasta entender perfectamente que esta sucediendo. Sí, es un RTFM bien grande. (RTFM=Read The Fuck Manual)

Lamentablemente, hacer retos, tener 2 papers que terminar, un servidor que configurar, y muchas más cosas que aprender no se puede hacer en un verano entero. ¡Espero postear mejores aportaciones la próxima! 🙂 ¡Sed pacientes!

Challenges

Your entire SDcard in my webhost ~ Proof Of Concept

Note: I do not care if you want to share or translate the document, but please, quote me ;) . Thanks!

Brief

I have developed a Application for Android which stoles the File List of the SD-Card of the victim.

I do not use any kind of special trick. That is the real problem.

What does the exploit need?

It only needs “Internet” permission, so it is very easy to use in malicious apps (and persuade the user to get into the trap).

How it works…

You can read by DEFAULT the files in the SD-Card, so you only have to read them and send into Internet. I have deployed a webservice in a webhost that I can manage to do this PoC.

Download it here: (pname:poc.SDCard)Proof of Concept - Stealing SD-Card with an Android application

Why am I doing it?

Because I care about your security. I want you that you will experiment HOW EASILY it is. And then…

1) Think twice what kind of information you have in your SDCard

2) Think twice what apps you allow 🙂 The 90% of apps use the “Internet” permission.

Where is the real problem?

The problem is that the Google Developers have say: “Do not store sensitive information into your SDCard! only shared data!” … but the application developers (like Dropbox, whatapps, your camera, …) does not care a bit and they save your files there.

First, the application developers SHOULD care about you. And second, you should care about YOURSELF. If they do not care about you, do not use them.

Can you show us the source-code?

Main function: (yeah… too easy)


private void getFiles(File F) {
 for (File t : F.listFiles()) {
  DATA.add(t.getAbsolutePath()+"\n");
  if (t.canRead() && t.isDirectory()) {
   getFiles(t);
  }
 }
}

Are you storing my data with this App??

Calm. I am only sending your File List (it is a slow app… I know… I did not use Threads) to my webhost. I do not want your data (I could have send it too :P). I promise you that I am going to remove all the uploaded files of the webhost… BUT…. you can delete it too. Just click the button that appears in the app.

Argg!! It goes really slow…

Yes, I know. It gets the list of files, it is put in a string, it is sent to the webhost, and then it shows you the screen…

I promise it works… so start deleting all your data of the SDcard right now ;-).

Special Note: Do you use CyanogenMod or another custom Rom? They save by default a backup of your data as *.img files. Do you know that they contain ALL YOUR DATA OF YOUR ACCOUNTS? It is overLOL!…(this image was taken when I was coding the app…)

cyanogen-mod backups in *.img files

Conclusion

Any application that you have stored could do it. I hope you will learn something about it. Use a sniffer to know what the fuck your apps are sending… (yeah… they could send the data by a SSL channel).

Greets!

and if you have any question, contact me, of course!!

Note: If you see any spell mistakes, you can say me it. I would appreciate it ;) . Thanks!

Your entire SDcard in my webhost ~ Proof Of Concept

How to do a presentation with Teensy

Note: I do not care if you want to share or translate the document, but please, quote me ;) . Thanks!

Brief

I am going to tell you how to do a presentation with Teensy, a USB development board that let automatize keystrokes and mouse movements. There are a lot of tools for doing presentations, like Beamer (LaTeX), MS PowerPoint, LibreOffice Presentation, Prezi, … but I wanted to expose a bit more creative.

What do you need?

This is the toolkit we need:

As you can see, the most important thing is the Teensy board, that you will have to buy it in the official webpage. The other things are just to do it better. But we need some software tools too. I will be using the Teensy Loader Application and the Teensyduino IDE. (I am sorry but I cannot explain here all that you need to configure it. You can find all the instructions in the links. It is easy.)

How to do it

Well, Teensy does it a bit hard when you do not have a U.S. keyboard, so you will be have to write less code if you have this keyboard. I will send any special key with a ALT+XX combination (lol, yeah).

I will paste a code to print some lines and you will understand what is the idea:

#include <usb_private.h>

void setup() { }

void loop() {

// Hold until the keyboard is initiallized
while(Keyboard.isInit()){
Keyboard.set_key1(KEY_NUM_LOCK);
Keyboard.send_now();
delay(500);
}

// We open the notepad ( Gui + R -> notepad -> enter )
Keyboard.set_modifier(MODIFIERKEY_GUI);
Keyboard.set_key1(KEY_R);
Keyboard.send_now();
sendNull();
delay(1000);

Keyboard.print("notepad");
enter();

// maximize window ( Alt + Space -> x )
Keyboard.set_modifier(MODIFIERKEY_ALT);
Keyboard.set_key1(KEY_SPACE);
Keyboard.send_now();
sendNull();
delay(200);

Keyboard.set_key1(KEY_X);
Keyboard.send_now();
sendNull();
delay(200);

// we change the font-size ( Alt + o -> f -> Alt + m -> "50" -> Enter )
Keyboard.set_modifier(MODIFIERKEY_ALT);
Keyboard.set_key1(KEY_O);
Keyboard.send_now();
sendNull();
delay(200);

Keyboard.set_key1(KEY_F);
Keyboard.send_now();
sendNull();
delay(200);

Keyboard.set_modifier(MODIFIERKEY_ALT);
Keyboard.set_key1(KEY_M);
Keyboard.send_now();
sendNull();
delay(200);

Keyboard.print("50");
enter();

// here starts the presentation

Keyboard.print("I am Martes13");
enter();

numCapsOn();
while (isNumCapsOn());

Keyboard.print("and this presentation is quite simple");
enter();

numCapsOn();
while (isNumCapsOn());

Keyboard.print("isnt it");

// We need to send the character "?" . It is ALT+63

Keyboard.set_modifier(MODIFIERKEY_ALT);
Keyboard.set_key1(KEYPAD_6);
Keyboard.send_now();
Keyboard.set_key1(KEYPAD_3);
Keyboard.send_now();
sendNull();

enter();

while(true);
}

// Release the key
void sendNull() {
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
}

// Sends the Enter key
void enter() {
delay(200);
Keyboard.set_key1(KEY_ENTER);
Keyboard.send_now();
sendNull();
delay(200);
}

// Checks if the NUM is on
bool isNumLockOn() {
return bitRead(int(keyboard_leds), 0);
}

// Checks if the CAPS is on
bool isCapsLockOn() {
return bitRead(int(keyboard_leds), 1);
}

// Sends the CAPS LOCK key
void putCapsLockOn() {
Keyboard.set_key1(KEY_CAPS_LOCK);
Keyboard.send_now();
delay(1000);
}

Ok, there are some important things to tell:

– This is a simple example. You can do WHATEVER you could do with a KEYBOARD and a MOUSE. It is really useful if you want to do a live presentation through some different applications. From now, you cannot have an excuse to say “I tested in home and it worked”. Noo.

How to stop the presentation is the most important detail. I am using the CAPS LOCK KEY. When I want to code it, I have to activate the key and wait ( while (isNumCapsOn()); ) until the user deactivates it. It is the WHY of the Bluetooth keyboard ;).

– You can forget the last line (how to stop it) and do it ALL with a delay(-(int)time-); function, but if you have any problem and it goes too fast I hope you will have an alternative presentation.

It is only an introduction to this kind of live-awesome presentations, but you will have spend quite time coding it. It should be nice to have a good library… but it does not exist yet.

Greets!

and if you have any question, contact me, of course!!

Note: If you see any spell mistakes, you can say me it. I would appreciate it ;) . Thanks!

How to do a presentation with Teensy