Tuesday, October 5, 2010

"Flash Crash", Targeted Attacks And Global Security

Almost 6 month later of the "Flash Crash" on the stock market two agencies of USA (SEC/CFCT) have released an executive summary with the "official" explanation to this crash.

Basically, the Dow Jones drop around 10% on minutes, affecting heavily to a foreign markets and some companies. For example, this day Accenture (ACN) dropped its value from $30 to $0.01... in 7 seconds!

From $30 to $0.01 in 7 seconds (!)

Officially, the blame is over one company "Waddell & Reed" as seems that it started to sell a lot of futures contracts (around 75000) on the S&P 500 stock market without explanation. However, there are some dark points on the history (unexplained) like how the "market makers" were not able to keep the liquidity of the market on safe limits.

So now I saw a great flaw on all of this system, and I fear about a targeted attack from bad guys. You don't need to compromise a lot of companies. Only need to focus on small groups of investment companies, compromise successfully only one broker computer and wait...

Then, it is only required to trigger a "human error" that could make enormous profit for the bad guys. Imagine the ROI of buying 1 million of Accenture stocks at 1 cent, and then wait (5 min) until the markets recover from that. Yep, around x3000 boost (!). Sure a lot of people will invest millions to obtain this profit.

Luckily the famous Stuxnet focused on SCADA systems, because if it has been focused on the stock market we could have seen a complete different history.

Another good thing is that, after this "flash crash", some measures have been taken (Circuit Breaker) in order to mitigate things like that, but I'm don't know why I'm don't feel safe enough...

Saturday, October 2, 2010

CSAW CTF - Crypto Writeup (crypto1-crypto3): The easy way

UPDATE #1 (2010-10-06): Marcin has updated his blog with the description of all the CRYPTO challenges. Take a look here if you want to learn the proper way to solve that ;p.

UPDATE #2 (2010-10-11): The CSAW CTF Team has published the official solutions of all of the challenges. Take a look here.


First, thanks for CSAW team for creating this CTF, it was amazing :). Also, thanks to the people in my team, the next time we´ll do better ;p.

I'm usually scared of crypto challenges, but on CSAW i approach them on a creative/lazy way. Forget your crypto, the latest padding attacks and whatever. We are hackers, we usually find a way to solve things, but this time won't be on the elegant way ;p.

Do you want to solve 3 challenges (1200 points) on 30 min?

Challenge 1

After entering your username/team name, the server issue a new cookie (SID) that contains a value ciphered with Base64.

Looking at the page, we obtain a role=5, but we need to obtain a role 0 to obtain the key. So let's play a bit with the cookie, changing its values to see what happen...


Normal message:
  You're role is level 5, but you need a role level of 0 to continue (normal message)

Error messages:
  ('need more than 1 value to unpack',)

  Reason: Sorry, an error had occurred.

  Reason: Sorry, an error has occurred.  (strange, "has" instead of "had")

  File "csaw.py", line 372, in challenge1
    padding_length = struct.unpack("B", ptext[-1])[0]
IndexError: string index out of range


  File "csaw.py", line 367, in challenge1
    ptext = aes_decrypt(sid.value, CSAW_CRYPTO_1_KEY, codec='base64')

  File "/home/csaw/csaw/utils.py", line 122, in aes_decrypt
    raise IllegalBlockSizeError(16)
IllegalBlockSizeError: Input length must be multiple of 16 when decrypting with padded cipher


Ok, so we have an AES crypto scheme with padding, with a lot of error messages, but wait... As the application decrypt the cookie, can we manage to create a cookie which decrypted fool the application to give us a role=0?.

Let's launch Burp (an amazing tool, btw) and use the Intruder feature, selecting the payload "bit flipper". Burp will flip one bit of every char of the original cookie.

GET /challenge1 HTTP/1.1
Host: 128.238.66.100:30008
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SID=§1VPLGn4HRGWuoSZUKm1LJVCCQ00Wde6F7rF69B6lbdrcjfimsRn1fR5Xj-cMXacA6Tk0-nq-opzgBolRezQJ_Q§


We wait Burp to finish the attack, and after 688 request, we take a look of the results. Luckily, I found 7 different cookies values that give us the flag...

     Cookie: SID=1VPLGn4HRGWeoSZUKm1LJVCCQ00Wde6F7rF69B6lbdrcjfimsRn1fR5Xj-cMXacA6Tk0-nq-opzgBolRezQJ_Q

    Congratuations CHA (of team LENGE)!  You have successfully completed

       CSAW 2010 Crypto Challenge #1.

    Here's your flag: 43fb994b59e8bb99d99ef969d773ea98


Challenge 2

Similar challenge that before, however the previous trick is not working. However, on some errors it can be spotted the following error message.

   You're role is currently level L, however this area requires a role level of 0.

So, we managed to alter the level with a modified cookie. I analysed the cookie, looking for which modifications on the original cookie allows changing the user level.

On my case, seems that 3 chars could potentially affect the role level...
   Cookie:   c2=jif5p_ozkevQZR5PPRk1YOvFhXuguXGfRclYWXn8oadaFywF7jdTjEWDP3Km6775aSmy-sgPL7qgeD1Lo5eHNw

So, again, launch Burp and create an "Intruder attack", but this time, we'll create a brute force of this 3 characters, using the following charset [a-zA-Z0-9]. Yep, around 200k request, but we'll finish before that.

Launch the attack, and after 1800 requests we take a look of the results...
    Congratuations guest (of team guest)!  You have successfully completed
       CSAW 2010 Crypto Challenge #2.

    Here's your flag: 8ee38021f40ef94e6725e9be07b49951


We solved that! and around 20 requests (of 1800) gave the correct answer...


Challenge 3

I lost the logs for this challenge, but seem that it contains a critical bug. As it can be observed on the statistics, 33 Teams solved the CRYPTO 3, too high compared to the teams which solved CRYPTO1 or CRYPTO2 (16-18), so something was wrong with this challenge ;p.

If we read the tip from the previous challenge:
   
For the next challenge, you need to specify to impersonate the Administrator user
User 

Key  

So, if we issue the following GET request, we had been solved this challenge (observe that it's a silly modification of the username, from Guest to Administrator)

http://128.238.66.100:30008/challenge3?user=Administrator&key=NGmPjZ4zfUlwl4DJdyoCfw


Flag: 2051dfd6eba0c8e4a989a4a575501506

Conclusions

As promised, I solved the challenges very quickly (around 30 min):

13CRYPTO24002010-09-25 21:17:23
12CRYPTO13002010-09-25 21:30:27
14CRYPTO35002010-09-25 21:38:34

It is necessary to remember that sometimes it doesn't matter how you solve the challenges, just need to solve it quickly, specifically on CTF :).