November 26, 2012

Attacking MongoDB

Mikhail Firstov, an expert at Positive Technologies, spoke at ZeroNights 2012, which lately took place in Moscow. The talk was about attacking a popular DBMS — MongoDB.

The presentation and attack video demo are under the cut.

Attacking MongoDB

I'm not going to describe the way a database is installed: developers make everything possible to ease this process even without using manuals. Let's focus on features that seem really interesting. The first thing is a REST interface. It is a web interface, which runs by default on port 28017 and allows an administrator to control their databases remotely via a browser. Working with this DBMS option, I found several vulnerabilities: two stored XSS vulnerabilities, undocumented SSJS (Server Side Java Script) code execution, and multiple CSRF.

November 22, 2012

Workshop «Random Numbers. Take Two» at ZeroNights 2012

Authors: Arseny Reutov, Timur Yunusov, Dmitry Nagibin


CUDA PHPSESSID Bruteforcer – a program to bruteforce PHPSESSID and predict pseudorandom numbers in PHP: 

CPU PHPSESSID Bruteforcer: CPU version that supports distributed computing: 

Relevant article: Not So Random Numbers. Take Two

Exploits will be published later.

November 6, 2012

SCADA Safety in Numbers

Nuclear power plants, hydroelectricity plants, oil and gas pipelines, transport systems (subway and high speed trains) and a great many other vital systems are managed through various computer technologies.

Industry systems’ security gained a great deal of interest after a series of incidents involving the computer viruses Flame and Stuxnet. This was the herald of the age of cyberwarfare. In Russia, there is another reason to consider the security of such systems: new requirements for controllers developed to improve industry systems safety.

To find proper security methods, it is necessary to understand what skills the attacker possesses and what method of attack is to be chosen. In order to answer these questions, the experts of Positive Technologies explored the ICS systems security (ICS/SCADA/PLC). The results are shown below.