1. No category

Hacking the Virtual World

Hacking the Virtual World
Jason Hart CISSP CISMt
SafeNet, Inc.
Session ID: HTA-302
Session Classification: Advanced
About Me
© SafeNet Confidential and Proprietary
2
Legal Disclaimer
ALWAYS GET PERMISSION IN WRITING.
•
Performing “scans” against networked systems without
permission is illegal. Password cracking too
•
You are responsible for your own actions!
•
If you go to jail because of this material it’s not my fault,
although I would appreciate it if you dropped me a postcard.
•
This presentation references tools and URLs - use them at your
own risk and with permission
© SafeNet Confidential and Proprietary
3
Accepted Security Principles
• Confidentiality
• Integrity
• Availability
HOW DO I ACHIEVE THIS
IN A VIRTUAL WORLD?
• Accountability
• Auditability
© SafeNet Confidential and Proprietary
4
Welcome to the next Generation
1st Age: Servers
Servers
FTP, Telnet, Mail, Web.
These were the things that consumed bytes from a bad guy
The hack left a foot print
2nd Age: Browsers:
Javascript, ActiveX, Java, Image Formats, DOMs
These are the things that are getting locked down
Slowly
Incompletely
3rd Age: Virtual Hacking: - Simplest and getting easier
Gaining someone's password is the skeleton key to their life and your
business
Accessing data from the virtual world can be simple
© SafeNet Confidential and Proprietary
5
Virtual Word – With Virtual Back Doors
Welcome to the Future
• Cloud Computing
• Virtual Environment
• With Virtual Security holes
During the past 15 years with learnt nothing
© SafeNet Confidential and Proprietary
6
Lets Start
v C e n t e r s e r v e r s d i r e c t l y c o n n e c t e d t o t h e w e b . . . . .WOW
© SafeNet Confidential and Proprietary
7
How do the hackers hack
VMware vCenter in 60 seconds?
© SafeNet Confidential and Proprietary
8
The Target
V m wa r e v C e n t e r Ve r s i o n 4 . 1 u p d a t e 1 . . . . . .
• Services running:
• Update Manager
• vCenter Orchestrator
• Chargeback
• Each Service has a web server running
Web Attack 101
. . . . . .History repeating
© SafeNet Confidential and Proprietary
9
The Attack
vCenter Orchestrator attack vector 1. . . . . .
Installed by default within vCenter is an very interesting file:
C:\Programfiles\VMware\Infrastructure\Orchestrator\
configuration\jetty\etc\passwd.properties
This file contains md5 passwords and can easily be
bruteforced using rainbow tables
© SafeNet Confidential and Proprietary
10
We are in
After bruteforcing the MD5. . . . . .
© SafeNet Confidential and Proprietary
11
Point & Click
Any one can do . . . . . .
T h i s mo d u l e w il l l o g i n to th e Web API o f VMWare
and try to enumerate all the login sessions
© SafeNet Confidential and Proprietary
12
Look
M o r e a n d M o r e V u l n e r a b i l i t i e s . .by Year . . . .
S o u r c e : h t t p : / / w w w. c v e d e t a i l s . c o m / v e n d o r / 2 5 2 / V m w a r e . h t m l
© SafeNet Confidential and Proprietary
13
Total
C u r r e n t Vu l n e r a b i l i t i e s t o d a t e
b y . . . . Typ e
S o u r c e : h t t p : / / w w w. c v e d e t a i l s . c o m / v e n d o r / 2 5 2 / V m w a r e . h t m l
© SafeNet Confidential and Proprietary
14
Detail
S u m m a y o f t h e Vu l n e r a b i l i t i e s
h t t p : / /w w w. cved et ai l s. co m/ vu l n erab i l i t y - l i st / ven d o r_i d 252/opgpriv-1/Vmware.html
© SafeNet Confidential and Proprietary
15
© SafeNet Confidential and Proprietary
16
Live Attack
Against a the Cloud
. . . . ARP Attack
Probe requests
Probe requests
www
© SafeNet Confidential and Proprietary
17
Virtual World
With Virtual access by any one ……. With only a click
© SafeNet Confidential and Proprietary
18
© SafeNet Confidential and Proprietary
19
site:dropbox.com/gallery
© SafeNet Confidential and Proprietary
20
site:live.com "skydrive" ext:dmp
© SafeNet Confidential and Proprietary
21
© SafeNet Confidential and Proprietary
22
Data Loss In The News
Yale Alumni 43,000 SSNs Exposed in Excel Spreadsheet
© SafeNet Confidential and Proprietary
23
Cloud Security
NO PROMISES......
A m a z o n AW S C u s t o m e r A g r e e m e n t
• http://aws.amazon.com/agreement/#10
In summary no guarantee of confidentiality integrity or
availability (CIA) of your data in anyway
© SafeNet Confidential and Proprietary
24
CodeSearch Diggity
AMAZON CLOUD SECRET KEYS
© SafeNet Confidential and Proprietary
25
Hyperlink
© SafeNet Confidential and Proprietary
26
© SafeNet Confidential and Proprietary
27
The Battle
For the Virtual
World Has
Begun
© SafeNet Confidential and Proprietary
28
Thank you
J a s o n H a r t CISSP CISM
VP Cloud Solutions
[email protected]
Vi s i t u s t o d a y a t S t a n d # # #
© SafeNet Confidential and Proprietary
29

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2025 Paperzz