October 21, 2018

New Methods of Attack?

Back in the late 90’s, we saw methodologies of exploitation that relied heavily upon poor programming practices within core services on computers. One example of that is the FTP PASV vulnerability, which allowed a hacker to dump the password hashes for all users contained in the /etc/shadow file, simply by following a series of steps, and causing a segmentation fault. The resulting “core” file would contain a full memory dump of the system, including the shadow file, if it had recently been pulled into memory.

As time progressed, hackers became obsessed with other methods of attack, such as¬†buffer and heap overflows, and web application hacking. I’m not convinced that those initial style of attacks ever actually disappeared, but perhaps were dormant; waiting for their time to shine again. It looks like we may be on the threshold of a sort of Hacking Renaissance, where the old is new again.

In late September of this year, bugs were released in one of the pillars of the *NIX operating system, the BASH shell (/bin/bash). The security industry was caught off guard, because we haven’t seen this style of exploit in a couple of decades, but the ramifications were immediately understood; and reminiscent of old school hacking techniques. The new technique was dubbed “Shellshock”, and has been making the rounds in the media world.

It’s important to note, however, that this isn’t a single exploit. It’s actually a collection of similar exploits that all provide hackers with a notable escalation of privileges on the local system. In fact, security researchers have begun looking into remote methods for conducting these same attacks. One page (linked below) goes into detail about how these same BASH techniques can be used across a Secure Shell (SSH) session. It’s interesting stuff, and could indicate that the winds of change have once again blown through the security world, as hackers and researchers start looking for similar exploits in this, and other similar local applications.

I encourage you to do some of your own research, and see if you can replicate the attack vector on your own systems. The best pathway to becoming a better hacker is researching these topics in your spare time. Hackers don’t do it because they’re told to; they do it because they can’t resist the call.

How can shellshock be exploited over SSH? http://unix.stackexchange.com/questions/157477/how-can-shellshock-be-exploited-over-ssh

Happy Hacking,

-Russ Rogers, Program Champion

Network Security, UAT

Leave A Comment