23C3 - 1.5
23rd Chaos Communication Congress
Who can you trust?
Referenten | |
---|---|
Raven |
Programm | |
---|---|
Tag | 2 |
Raum | Saal 2 |
Beginn | 11:30 |
Dauer | 01:00 |
Info | |
ID | 1700 |
Veranstaltungstyp | Vortrag |
Track | Hacking |
Sprache | englisch |
Feedback | |
---|---|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
Router and Infrastructure Hacking
"First we take Manhattan, then we take Berlin..."
The security of backbone devices has been under increasing focus for the past few years, but infrastructure hacking techniques remain in their infancy and are still not even used in most penetration tests. This talk will discuss how to find and exploit vulnerabilities in infrastructure devices and their service dependencies, including vulnerability development as necessary.
While the overall flow of systematically attacking a network's infrastructure is similar to attacking any network -- recon, find vulnerable points, gather data, harvest authentication credentials, attack, recurse -- there are several useful vectors still not common among network engineers or penetration testers. This talk will outline some useful lateral techniques for backbone and infrastructure device hacking, as well as discussing how to assess a network and develop your own attacks if there are no known ones to be found.
When in the reconnaissance phase, there are several differences between infrastructure analysis and normal network mapping that are useful to know. Stack fingerprinting is a bit spottier, making OS identification somewhat more difficult. The proliferation of varying code trains on popular network devices makes using traditional scanners a bit more uncertain, though efforts are being made to address this. However, default passwords are much more widely deployed on infrastructure devices, and brute-force tools are starting to become more common. While many of these tools are still young (cisco_torch, for example), they are easily extensible and will often yield good results when properly tweaked. Add to this the network admin's toolkit
- BGP looking glasses, for example -- and old-school techniques such as