Explaining SMBv3 CVE-2020-0796 or SMBGhost

Hello, today I’m going to explain the vulnerability on SMBv3 aka SMBGhost, for the time being Microsoft has released an urgent patch ” KB4551762 “, and for the record I wrote a small script to apply a workaround until the users update there systems “Click Here” , So how this vulnerability works? in the the SMB protocol there is a parameter called compression, and this will allow to compress and decompress data and guess what Microsoft pass it without checking and validating the buffer size and the result is an integer overflow vulnerability in the ” Srv2DecompressData” function in srv2.sys. check the picture below and you can see the assembly instructions

And from this an attacker can take a full RCE without any username or password. That’s why Microsoft recommended to to disable the compression option until they fixes the problem, the issue is just a validation for the buffer size before passing it to the argument. and for sure you can take a blue screen of death just for exploiting it since it’s a driver and an overflow can cause this easily. sometimes I find that even big companies can easily fall into the trap of not checking their inputs or they just treat it as something clean and no one can reach there or find it.

Write up for the Parallel Vulnerability CVE-2020-7213

Before Months started to get this annoying update popup for updating my Parallel Desktop and I kept cancelling the update by clicking “Remind me Later” but the last time I was free and I thought lets see what will happen If I clicked install now and check what will happen after. it wasn’t my intention to really update the app I was carious of how to get rid of the alert without actually updating the software and that’s how it all started.

The Vulnerability Information as follows:

It will allow a remote attacker to give false and fake updates to the user remotely with a text of the attacker choice like which features are available on the app, and he can put malicious links as will to trick the user of clicking it and download entirely not related martial. And in the same time an attacker can supply the path of the application he wish to download into the user machine if the user choose to click on “update now” button. This of course will allow the attacker to gain access to the user machine with higher privileges. usually it’s root. This attack can take place as Man in the middle aka MITM or a local attacker can perform it to get higher access on the same machine. Tried to inform the company with no single reply from there side. I will not release the exploit code until the company fixes the vulnerability since we don’t need more attacks. What happened in the first of 2020 is more than enough ūüôā

The proof of concept “PoC”

Explaining DNS Over HTTPS DoH – Briefly

Hi Guys, Long Time ago since I wrote here. but normally I like to talk about things I face problem with or feel like it will add value to the user. otherwise I’ll skip it and let the news or people in infosec talk about. anyway, today I have a really simple subject concept wise but a powerful technique, and deadly if it over looked! since this technique can be used by Malware creators or anyone want to bypass the local DNS available. lets start simple, DNS is a huge database containing domains and its corresponding IPs. for example you want to access “almorabea.net” you will type the domain and the DNS will look the IP address, for the site so it can connect to simple right

So it is just a translation process. and it uses port 53 TCP/UDP , So if I want to access any site I’ll pay DNS service a visit, and then I will be redirected to the site, in other words my footprint will be in the DNS record. because I just asked it for a record. but what if I ignored all of this, and used HTTPS to make a request to public DNS service, and got the results I need to be redirected to the site I want to visit, and my footprints are not available on my local DNS. This kind of technique can be used by Malware Creators to hide their actual destination, or can get the IPs of websites that already blocked in your environment, and all of this will be done through HTTPS on port 443 so you will not be suspicious of any weird behavior. I made a small video explaining the whole situation, this is not all maybe I’ll explain more about the topic on upcoming posts but for now enjoy the video

Simple Demonstration of DNS Over HTTPS

RC4 Algorithm

This post is a special request from someone who is interested in this topic .. normally I don’t do easy ¬†ciphers because there are many references on the internet, writing about it will be redundant .. anyway ¬†today i’m going to briefly explain it hope that someone will get some benefit from it “finger crossed” ¬†… so here we start :

RC4 one of the great ciphers of all times in my opinion (though I don’t recommend that you use it now cause it’s broken) what makes it interesting¬†that it’s really easy¬†and it’s really really ¬†fast¬†in software .. it’s developed by Ron Rivest ..

RC4 Specs :

RC4 cipher consists of two parts:

1. The Key Scheduling Algorithm (KSA).

2. The Pseudo Random (Byte) Generation Algorithm (PRGA).

The State of RC4 is 256-byte array they always denoted ¬†by S but maybe it’s different in some other implementations .. this array contains a permutation of the elements from 0 to 256 .. it takes key size up to 2048 bits

and you can see a hint of how this is working on reality .. you can develop this on any programming language you want

Note : All additions done modulo 256

KSA:
       for(i=0; i<256; i++) S[i] := i; // initialize the array
j := 0
      for(i=0; i<256; i++){
j := (j + S[i] + key[i mod keylength]) mod 256;
swap(S[i], S[j]);

}

PRGA:
i := 0; j := 0;
              do{
i := (i + 1) mod 256;
j := (j + S[i]) mod 256;
swap(S[i], S[j]);
K := S[(S[i] + S[j]) mod 256];
output K;
                  }   while(required);

RC4 was not designed to take an IV as input … but because RC4 can accept a large key size in practice people concatenate ¬†the secret key with some random values

There are many applications and protocols that runs RC4 like (SSL optionally, SSH optionally, Microsoft Point-to-Point Encryption) but the most important protocol is WEB .. and once again i’m telling you please don’t you ever use this algorithm in your application and in fact don’t use this protocol too !

Some Vulnribility of WEB Protocol:

-Short IV length and some time week IVs

– Clear Text IV as part of the key : 24 bits of every key in cleartext ! can you imagine this !!

———–

I hope at the end of this post you got a glance of how RC4 work ..

 

Privacy or Stupidity

Hello Guys ..

I think we all (I mean people who are interested in Infosec) know what happened with WikiLeaks and Vault7 So I don’t have to tell you, otherwise for those of you who don’t know what happened long story short¬†Wikileaks leaked CIA documents, methods and important files that is really classified .. so my goal today is to explain somethings that I think it‚Äôs already has bean explained a lot but let me just explain it one more time.. privacy is one of the great things that we have in life and we really have to protect it, But sadly people don’t do an efforts to protect it and you could see this more easily in social media when people share almost everything in their entire life from 7 O’clock in the morning till they sleep at night, They share every single detail of their daily life including their problems! Don’t they think this is a stupid thing to do because there are many companies who lives on your information, they collect information about you to analysis it¬†and build a profile about you and they sell it to highest bidder! For the sake of this argument, let assume that you don‚Äôt share your information on public social media like Twitter or Facebook for example but you share your entire life on snapchat capture every single corner in your house!! why you do that? ..Haven’t you ever once suspicious that Snapchat doesn’t delete your photos or¬†videos! believe it or not they know you better than you know yourself! ¬†So why you store your life in companies databases, ¬† You know why because you forget but they don’t forget all of your shameful moments that apparently will be public¬†as soon as this company get hacked and most hackers publish the data to the whole world and guess what your information will be with this stream of data ! But also let’ assume that you don’t share your information on social media, still you have to communicate with your friends so you will have to use some messaging services which share your data with 3rd party companies and you accept that without full knowledge since you haven’t read privacy policy. ¬†and then you will go with some commercial apps that you don’t know anything about, what I write above is some examples of some situations that we see everyday and I can go all night long with these situations but the moral of the story is you have to change your online habits you have to be careful about what you are using and what information you provide to these companies, the wikileaks documents are very important to follow because they cover what the intelligence agencies are doing and what methods they use to hijack and store out information, and these documents will give you the latest applications and services that we should stop using because it effect our privacy ..So, what’s your decision .. Maintaining your Privacy or Maintaining your Stupidity?

large key space in encryption schemes

Hi Guys .. today I will try my best to explain why we need to use larger key space in our encryption schemes ..

Okay so lets get something out of the way first .. key size is a factor among many others to make an encryption scheme secure .. so using large key size will give you a better security but it will not prevent attacking your scheme .. okay to start this let me demonstrate with an example, let suppose we have 3 elements {1,2,3} and we want to arrange them in every possible way, so it will be like this

{1 -> 2 -> 3} , {1 -> 3 -> 2} , { 2 -> 1 -> 3} , {2 -> 3 -> 1} , ¬†{ 3 -> 1 -> 2 } , { 3 -> 2 ->1 } ¬†.. as you can see 3 elements produced 6 different possibilities ¬† “3! factorial” .. but in computers we tend to use binary as a way to represent data and binary system consist¬†only with (0,1) ¬†so if we want to represent 4 bits {0,0,1,1} it will be represented like this ¬†24¬† and this will produce 24 different possibilities so I think you know got the idea the more permutations you use the more possibilities you have .. some old encryption schemes used small key sizes like “DES” used key size of 56-bit length and this is considered easy to brake by brute force with modern hardware .. but on the other hand modern encryption schemes uses large key sizes starting from 128-bit and this is considered good to use, 2128 = 340282366920938463463374607431768211456 possible keys of 128 bits, that’s a lot and trying all of them will take millions of years.. I know what you think right now! because we are using modern encryption with large keys why we are vulnerable against attacks ? you ready to hear the answer ? it’s because there is a human factor and¬†humans are lazy and will prefer short passwords ..¬†Any decent password cracking software will first try all possible very short passwords less or equal to 6 characters and then it will try meaningful words and if the user is lazy enough his password will be decrypted in a matter of ¬†seconds.

Power of “Integrity” property in Cryptography

Today’s post is about property in Cryptography called “Integrity” and It’s simply something that guarantee that what you send is what the intended ¬†recipient received.. And you know what’s weird ?

Most of the people now a days don’t think about this property anymore and this is shocking.. and this is not just the ¬†normal people or the tech people there is some people who call them self security professionals they are ignoring this property and they think “Encryption” is what matters !!

but let me explain in this post briefly why this is important :

let say that me (Ahmad) I want to send a message to my friend Bob and let say that message is (Hello) I will be very upset ¬†if my message delivered to Bob as (Hi) I know it’s funny but this is a real situation.. And the reason is that Encryption algorithms by nature don’t check for authenticity of the message they only check if the message is applicable to be decrypted by this specific algorithm So this is when this property “Integrity” become very useful to check if the message is encrypted and delivered to the recipient as it is without any single change .. let me define this more formally :

IF the sender Encrypt message¬†m ‚ąą M and he send it to the receiver but this message got intercepted by a third party in the middle and this party encrypt another message¬†m ‚ąą M ¬†that he want to deliver to the original receiver .. the receiver now will decrypt¬†m‘¬† and this is resulting¬†c¬†and you can notice that the receiver have no clue that he decrypted the wrong message.

I know maybe this was confusing for you so let me give you an example to make it more clear :

Example ¬†(XOR-Malleability of the one-time pad). For the one-time pad encryption, the adversary can replace the transmitted ciphertext c by an arbitrary ciphertext¬†c . Assume that c = m ‚äē őļ and |c| = |c |, then this means that the receiver will compute¬†m =c‘¬†‚äē őļ =¬†c‘¬†‚äē c ‚äē m. Hence, replacing c by¬†c corresponds to selecting the function m ‚Üí m ‚äē (c ‚äē¬†c ).

Thoughts About PRNGs and some Attack Models

For a while now I’ve been thinking about Randomness and uniform data sets , Believe it or not it’s a really fascinating subject¬†but in the same time really complicated .. So In this post I’m going to talk about some models of attacking it.. So lets start !

I suggest that you read this article first if you don’t know what is PRNGs

The Idea behind PRNGs is to provide some random values that is hard to predict but as I mentioned earlier that computers are deterministic machines and so difficult to get new real random data .. In this case we need some Algorithm to give us real random data .. but most of these algorithms have an ‘Internal State’ to seed the generator and every time¬†this internal state should be updated to ensure that the next round will give different data. and in practice this is very easy to do you can use some hash function to do that …

Attacks :

There is a straightforward method for it and that is simply require the attacker to reconstruct the internal state from the output of the function .. personally I think this is a classic attack and you can’t guarantee¬†the output every time .. but maybe the attacker can succeed if there is any flow in the implementation but this is a story for another day for now lets assume that the ¬†system is really good “smiley face”…

Issue number 2: lets assume that the computer is just got booted so this mean that the computer has no enough entropy to take seed from .. so you will end up with predicted values.

Issue number 3 : lets assume that you managed to feed the pool with different event like mouse movement or any type of events .. you will still have small number of entropy and the attacker simply can put many requests to construct the internal state ..

So the best defense against these problem is to have huge number of entropy so you can mix it and feed it to the internal state and you make the attacker guess let say over  2128 .. but this is just a theoretical solution making estimate of the number of entropy is kinda difficult .. but at least you got the idea .. you have to consider a large number of entropy and you have to consider  it in the implementation phase.

Anyway I think you got the idea that achieving true randomness is really hard and if you messed it up your whole system will fall apart.

What is new In Crypto Ghost ?

Hello People who care about privacy  !!!

Finally I had time to update Crypto Ghost and Honestly I’m really happy with this update… And in this post I’m going to explain the latest development .. So what’s new ?

First of All I added new Feature and that is “Removing Images Metadata” ¬†So what is Images metadata ?

With every image you take there are some information stored¬†simultaneously with it .. and this information considered dangerous for those who care about privacy .. for example the image could contain some GPS coordinates !! and there is more but if you are interested you can read about it here .. bottom line is use Crypto Ghost to remove it from your Photos “How simple is that”.

Second Feature is removing Cache after every process .. and this is good to wipe any information that Crypto Ghost may leave after any process .. and this is good to prevent offline attacks..

Yes one more thing .. I fixed some programming bugs ..

Happy Encrypting.

 

What is Diffie Hellman Key Exchange Protocol and Does the NSA really broke the algorithm ?

There are a lot of rumors going on that NSA has attempted to break Diffie Hellman key exchange protocol.. Former NSA¬†contractor Edward Snowden revealed in the leaked documents that NSA had already decrypted a tons of encrypted Internet traffic, and¬†James Bamford published an article titled : “The NSA Is Building the Country‚Äôs Biggest Spy Center (Watch What You Say)” comments that NSA had a computing breakthrough, and that fit exactly as what Snowden said, In the leaked documents Snowden stated that NSA has decrypted VPN, HTTPS and SSH ¬†traffics that specifically¬†used the implementation of Diffie Hellman 1024-bit primes, Till now we don’t have a full details about how much they could achieved from the attack ¬†but if they do a major threat will occure on the users cause Diffie Hellman is fundamental to many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS. And here is the 2 major Attacks:

1- Logjam attack against the TLS protocol

2- Threats from state-level adversaries

now every major browsers don’t support¬†512-bit prime though they still support 1024-bit that the NSA trying to break , The problem is most of the people who implemented Diffie Hellman they implemented a common prime number that appear to be safe to use as long as you generate different private key for, But the case now is different because NSA trying to break the prime number and the best way to do this is by Sieve algorithm the¬†most efficient classical algorithm known for factoring integers and of course this will take a lot of computational power and money to deploy but I think NSA will pay this amount of money to collect users information for their massive surveillance program, but what concerns me that bunch of VPN users ¬†and HTTPS website still using the algorithms which make them vulnerable against the attack and when NSA will do this and break the algorithm this will make even the american companies in danger.

And you know that most of the applications online uses the Diffie Hellman Algorithm and some hackers could decrypt the results it’s not the matter of a week algorithm but sadly most of the people who deploy the algorithm don’t care about the factors they just implement with no prior knowledge of the risks or what the criteria of how the algorithm works so bottom line is always try to read the specification don’t just trust the vendor or the website by the name of the algorithm

Okay I’m going to explain how ¬†Diffie Hellman Algorithm works briefly, Diffie Hellman is a key exchange protocol to share a secret¬†key without the need of two parties to meet in person, note here that Diffie Hellman is not an encryption scheme it’s just way to exchange the key then we take the key and put it in one of the¬†¬†encryption algorithms let say AES or Blowfish.

let say that we have to people (Alice,BoB) who never met in person and they want to share some secret key k without putting the key in the traffic:

1- First they have to choose a multiplicative group of integers modulo p, where p is prime, and g is a primitive root modulo p, this P and G will be publicly know for the attacker and for the whole world.

2- Alice have to choose a secret key¬† a, This key should remain secret so no one should know about it, Then she have to¬†compute it like this ¬†ga mod p ,¬† g will be as the generator and a is the secret key that Alice choose, let say that we assign the result into the variable A ¬†so it’s like this : ¬†A =¬†ga mod p

3- BoB also will do the same thing will choose a secret key b,  and he should also keep it a secret and he will compute it like this gb mod p and I will assign it to the variable B 

4- Now Alice will send her results (A) to Bob and Bob will compute the following ¬†Abmod p. he will put the value that he received and compute the power of his secret key ¬†and let’s assign the results to the variable S =¬†¬†Abmod p and Alice will do the same thing she will take the result of Bob (B) and she will compute the same thing¬†¬†Bamod p and let denote the result by the variable S and believe it or not the result (S)¬†of Alice BoB is the same¬†¬†and now they have that same key without leaking the actual key in the traffic,

Just a small note this is just a brief description of how Diffie Hellman works (you have to read the full spesification to understand it in a perfect way) but please don’t implement it by your self, and I have to say that Diffie Hellman it self dosn’t guarantee authenticity and it’s vulnerable against man-in-the-middle-attacks

Okay now you understand how Diffie Hellman works in a brief way,  So  how can I be safe from this, If you have a server that runs Diffie Hellman you should disable support for export cipher suites and use a 2048-bit Diffie-Hellman group. or switch to Diffie Hellman over Elliptic Curve

If you are Interested in the topic I suggest that you read the following paper :

–¬†https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf