Saturday, March 5, 2016

DROWN (Decrypting RSA with Obsolete and Weakened eNcryption)

03-04-2016. Joseph M Gant.

SSL and TLS servers have fallen prey to a newly developed attack. Though SSLv2 has been considered obsolete for some time, it still exists on many servers. This is due mostly to poorly maintained systems or older servers that still make their connections via SSLv2, either by default or due to poor configuration.

DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) steals information through VPN connections made to web and mail servers that use SSLv2. Even systems using a more modern encryption method are prone to this exploit if they connect to systems which still employ the obsolete SSLv2. Thirty-three percent of browser-trusted HTTPS sites are in fact vulnerable to DROWN attacks. This is because faults in SSLv2 are used by DROWN to exploit TLS connections when these protocols communicate with each other. It is a serious, cross-platform threat.

To counter DROWN, one should ensure that SSLv2 is disabled on their systems and prevent the sharing of private keys to servers that use the protocol. There is no need to reissue certificates. And as always, be sure that one's crypo packages are up to date. Tools like public_drown_scanner and drowncheck are hosted on Github and are recommended if one fears that a compromise has occurred. OpenSSL released a patch last Tuesday to address this threat.

Focused on antivirus evasion, the Veil Framework is a suite of security implementations geared toward detection evasion: Veil-Evasion uses a variety of techniques to generate antivirus-evasion. Veil-PowerView is a powershell tool used to gain network access in Windows machines. Veil-Catapult is a psexec-type of system that works with Veil-Evasion, and Veil-Pillage is a post-exploitation integration of Veil-Evasion. The recently updated Veil Framework is aimed at pentesters, but is likewise a threat to be aware of.

The glibc DNS client, libresolv, has had a vulnerability exposed which makes it susceptible to stack overflow attacks. This allows for remote execution of code including ssh, php, sudo, as well as others. Under prime conditions for attack, a discrepancy in the stack buffer, generated by larger than normal DNS requests, creates a stack buffer overflow. Most exploitable fronts are protected by technologies like ASLR and stack-overflow-protection which can be built into the software when compiling applications locally. Information on building software with a hardened toolchain  can be read here Hardened Gentoo.

Linset is an 'evil twin' bash script circulating through darknet circles. 'Linset' is a recursive acronym-- 'Linset Is Not A Social Engineering Tool.' Linset performs the following:
  • Scan networks
  • Capture handshakes
  • Mounts FakeAP
  • Serves DHCP on FakeAP
  • Creates DNS server to redirect traffic from the host
  • Deauthenticates users on the network in order to connect to  FakeAP and introduce passwords
  • The validity of introduced passwords is checked
  • The attack ends upon successful, authenticated, password capture
Linset is simply a bash script implementing a number of applications such as aircrack-ng, dhcpcd, and hostapd to name a few. Most of these tools are found on any Linux distribution that ships a full suite of applications, and the well known pentester distro, Kali Linux contains all of these tools and more to round out Linset as a threat. Linset ships in Spanish and in the hands of any scrip kiddie with a working knowledge of Espanol and a keyboard, can be dangerous. While its unlikely Linset will be able to hijack an enterprise server, the cyber vandalism it can cause is troublesome to repair.


Joseph Gant is a guess blogger, a security junky and a glassblower by trade. Though he holds degrees a degree in Scientific Glass technology, his life's study encompasses many variables --a long-time student of Tibetan region and culture, science, music, and a lover of literature.