viernes, 21 de agosto de 2020

Blockchain Exploitation Labs - Part 1 Smart Contract Re-Entrancy


Why/What Blockchain Exploitation?

In this blog series we will analyze blockchain vulnerabilities and exploit them ourselves in various lab and development environments. If you would like to stay up to date on new posts follow and subscribe to the following:
Twitter: @ficti0n
Youtube: https://www.youtube.com/c/ConsoleCowboys
URL: http://cclabs.io
          http://consolecowboys.com

As of late I have been un-naturally obsessed with blockchains and crypto currency. With that obsession comes the normal curiosity of "How do I hack this and steal all the monies?"

However, as usual I could not find any actual walk thorough or solid examples of actually exploiting real code live. Just theory and half way explained examples.

That question with labs is exactly what we are going to cover in this series, starting with the topic title above of Re-Entrancy attacks which allow an attacker to siphon out all of the money held within a smart contract, far beyond that of their own contribution to the contract.
This will be a lab based series and I will show you how to use demo the code within various test environments and local environments in order to perform and re-create each attacks for yourself.  

Note: As usual this is live ongoing research and info will be released as it is coded and exploited.

If you are bored of reading already and just want to watch videos for this info or are only here for the demos and labs check out the first set of videos in the series at the link below and skip to the relevant parts for you, otherwise lets get into it:


Background Info:

This is a bit of a harder topic to write about considering most of my audience are hackers not Ethereum developers or blockchain architects. So you may not know what a smart contract is nor how it is situated within the blockchain development model. So I am going to cover a little bit of context to help with understanding.  I will cover the bare minimum needed as an attacker.

A Standard Application Model:
  • In client server we generally have the following:
  • Front End - what the user sees (HTML Etc)
  • Server Side - code that handles business logic
  • Back End - Your database for example MySQL

A Decentralized Application Model:

Now with a Decentralized applications (DAPP) on the blockchain you have similar front end server side technology however
  • Smart contracts are your access into the blockchain.
  • Your smart contract is kind of like an API
  • Essentially DAPPs are Ethereum enabled applications using smart contracts as an API to the blockchain data ledger
  • DAPPs can be banking applications, wallets, video games etc.

A blockchain is a trust-less peer to peer decentralized database or ledger

The back-end is distributed across thousands of nodes in its entirety on each node. Meaning every single node has a Full "database" of information called a ledger.  The second difference is that this ledger is immutable, meaning once data goes in, data cannot be changed. This will come into play later in this discussion about smart contracts.

Consensus:

The blockchain of these decentralized ledgers is synchronized by a consensus mechanism you may be familiar with called "mining" or more accurately, proof of work or optionally Proof of stake.

Proof of stake is simply staking large sums of coins which are at risk of loss if one were to perform a malicious action while helping to perform consensus of data.   

Much like proof of stake, proof of work(mining) validates hashing calculations to come to a consensus but instead of loss of coins there is a loss of energy, which costs money, without reward if malicious actions were to take place.

Each block contains transactions from the transaction pool combined with a nonce that meets the difficulty requirements.  Once a block is found and accepted it places them on the blockchain in which more then half of the network must reach a consensus on. 

The point is that no central authority controls the nodes or can shut them down. Instead there is consensus from all nodes using either proof of work or proof of stake. They are spread across the whole world leaving a single centralized jurisdiction as an impossibility.

Things to Note: 

First Note: Immutability

  • So, the thing to note is that our smart contracts are located on the blockchain
  • And the blockchain is immutable
  • This means an Agile development model is not going to work once a contract is deployed.
  • This means that updates to contracts is next to impossible
  • All you can really do is createa kill-switch or fail safe functions to disable and execute some actions if something goes wrong before going permanently dormant.
  • If you don't include a kill switch the contract is open and available and you can't remove it

Second Note:  Code Is Open Source
  • Smart Contracts are generally open source
  • Which means people like ourselves are manually bug hunting smart contracts and running static analysis tools against smart contract code looking for bugs.

When issues are found the only course of action is:
  • Kill the current contract which stays on the blockchain
  • Then deploy a whole new version.
  • If there is no killSwitch the contract will be available forever.
Now I know what you're thinking, these things are ripe for exploitation.
And you would be correct based on the 3rd note


Third Note: Security in the development process is lacking
  • Many contracts and projects do not even think about and SDLC.
  • They rarely add penetration testing and vulnerability testing in the development stages if at all
  • At best there is a bug bounty before the release of their main-nets
  • Which usually get hacked to hell and delayed because of it.
  • Things are getting better but they are still behind the curve, as the technology is new and blockchain mostly developers and marketers.  Not hackers or security testers.


Forth Note:  Potential Data Exposure via Future Broken Crypto
  • If sensitive data is placed on the blockchain it is there forever
  • Which means that if a cryptographic algorithm is broken anything which is encrypted with that algorithm is now accessible
  • We all know that algorithms are eventually broken!
  • So its always advisable to keep sensitive data hashed for integrity on the blockchain but not actually stored on the blockchain directly


 Exploitation of Re-Entrancy Vulnerabilities:

With a bit of the background out of the way let's get into the first attack in this series.

Re-Entrancy attacks allow an attacker to create a re-cursive loop within a contract by having the contract call the target function rather than a single request from a  user. Instead the request comes from the attackers contract which does not let the target contracts execution complete until the tasks intended by the attacker are complete. Usually this task will be draining the money out of the contract until all of the money for every user is in the attackers account.

Example Scenario:

Let's say that you are using a bank and you have deposited 100 dollars into your bank account.  Now when you withdraw your money from your bank account the bank account first sends you 100 dollars before updating your account balance.

Well what if when you received your 100 dollars, it was sent to malicious code that called the withdraw function again not letting  the initial target deduct your balance ?

With this scenario you could then request 100 dollars, then request 100 again and you now have 200 dollars sent to you from the bank. But 50% of that money is not yours. It's from the whole collection of money that the bank is tasked to maintain for its accounts.

Ok that's pretty cool, but what if that was in a re-cursive loop that did not BREAK until all accounts at the bank were empty?  

That is Re-Entrancy in a nutshell.   So let's look at some code.

Example Target Code:


           function withdraw(uint withdrawAmount) public returns (uint) {
       
1.         require(withdrawAmount <= balances[msg.sender]);
2.         require(msg.sender.call.value(withdrawAmount)());

3.          balances[msg.sender] -= withdrawAmount;
4.          return balances[msg.sender];
        }

Line 1: Checks that you are only withdrawing the amount you have in your account or sends back an error.
Line 2: Sends your requested amount to the address the requested that withdrawal.
Line 3: Deducts the amount you withdrew from your account from your total balance.
Line 4. Simply returns your current balance.

Ok this all seems logical.. however the issue is in Line 2 - Line 3.   The balance is being sent back to you before the balance is deducted. So if you were to call this from a piece of code which just accepts anything which is sent to it, but then re-calls the withdraw function you have a problem as it never gets to Line 3 which deducts the balance from your total. This means that Line 1 will always have enough money to keep withdrawing.

Let's take a look at how we would do that:

Example Attacking Code:


          function attack() public payable {
1.           bankAddress.withdraw(amount);
         }

2.    function () public payable {
         
3.            if (address(bankAddress).balance >= amount) {
4.               bankAddress.withdraw(amount);
                }
}

Line 1: This function is calling the banks withdraw function with an amount less than the total in your account
Line 2: This second function is something called a fallback function. This function is used to accept payments that come into the contract when no function is specified. You will notice this function does not have a name but is set to payable.
Line 3:  This line is checking that the target accounts balance is greater than the amount being withdrawn.
Line 4:  Then again calling the withdraw function to continue the loop which will in turn be sent back to the fallback function and repeat lines over and over until the target contracts balance is less than the amount being requested.



Review the diagram above which shows the code paths between the target and attacking code. During this whole process the first code example from the withdraw function is only ever getting to lines 1-2 until the bank is drained of money. It never actually deducts your requested amount until the end when the full contract balance is lower then your withdraw amount. At this point it's too late and there is no money left in the contract.


Setting up a Lab Environment and coding your Attack:

Hopefully that all made sense. If you watch the videos associated with this blog you will see it all in action.  We will now analyze code of a simple smart contract banking application. We will interface with this contract via our own smart contract we code manually and turn into an exploit to take advantage of the vulnerability.

Download the target code from the following link:

Then lets open up an online ethereum development platform at the following link where we will begin analyzing and exploiting smart contracts in real time in the video below:

Coding your Exploit and Interfacing with a Contract Programmatically:

The rest of this blog will continue in the video below where we will  manually code an interface to a full smart contract and write an exploit to take advantage of a Re-Entrency Vulnerability:

 


Conclusion: 

In this smart contract exploit writing intro we showed a vulnerability that allowed for re entry to a contract in a recursive loop. We then manually created an exploit to take advantage of the vulnerability. This is just the beginning, as this series progresses you will see other types of vulnerabilities and have the ability to code and exploit them yourself.  On this journey through the decentralized world you will learn how to code and craft exploits in solidity using various development environments and test nets.

More articles


  1. How To Hack
  2. Hacking Tools For Kali Linux
  3. Hack Tools For Games
  4. Hacking Tools 2020
  5. Hack Tools Pc
  6. Nsa Hack Tools Download
  7. Android Hack Tools Github
  8. Pentest Automation Tools
  9. Bluetooth Hacking Tools Kali
  10. Github Hacking Tools
  11. Game Hacking
  12. Pentest Tools Kali Linux
  13. Hacker Tools Mac
  14. Top Pentest Tools
  15. Hacking Tools Mac
  16. Hack Tools
  17. Hacking Tools Usb
  18. Hack Tools For Games
  19. What Are Hacking Tools
  20. Hacking Tools Name
  21. Hacking Tools Download
  22. Pentest Tools
  23. Hack App
  24. Hacker Tools Hardware
  25. Hacking Tools For Windows Free Download
  26. Pentest Tools Github
  27. Hacking App
  28. Computer Hacker
  29. Hack Tool Apk
  30. What Is Hacking Tools
  31. Pentest Tools Apk
  32. Nsa Hack Tools
  33. Hacking Tools For Pc
  34. Hack Tools For Games
  35. How To Hack
  36. Best Hacking Tools 2019
  37. Hack Tools
  38. Pentest Tools Apk
  39. Tools 4 Hack
  40. Hacking Tools For Windows 7
  41. Hacking Tools Kit
  42. Pentest Tools Open Source
  43. Game Hacking
  44. Hacker Security Tools
  45. Hacker Search Tools
  46. Hack Tools 2019
  47. Hacker Tools For Ios
  48. Hacking Tools Kit
  49. Pentest Tools Port Scanner
  50. Hacker Tools Free
  51. Pentest Tools Subdomain
  52. Hacker Security Tools
  53. Hacker Techniques Tools And Incident Handling
  54. Ethical Hacker Tools
  55. Pentest Tools Online
  56. Tools Used For Hacking
  57. Hacking Tools For Windows 7
  58. Pentest Tools Port Scanner
  59. Blackhat Hacker Tools
  60. Pentest Tools Subdomain
  61. Pentest Tools For Windows
  62. Hacking Tools Online
  63. Pentest Tools Windows
  64. New Hacker Tools
  65. Tools For Hacker
  66. Hacking Tools Mac
  67. Nsa Hacker Tools
  68. Underground Hacker Sites
  69. Pentest Tools Open Source
  70. Black Hat Hacker Tools
  71. Pentest Tools Free
  72. Github Hacking Tools
  73. Hacking Tools 2019
  74. Tools Used For Hacking
  75. Hacker Tools For Mac
  76. New Hacker Tools
  77. Hacker Tool Kit
  78. Pentest Recon Tools
  79. Pentest Box Tools Download
  80. Hacking Tools Kit
  81. Pentest Tools Subdomain
  82. Pentest Tools Android
  83. Hacking Tools Name
  84. Hacker Tool Kit
  85. Pentest Tools Website Vulnerability
  86. Hack Tools For Mac
  87. Hack Tools Pc
  88. Best Pentesting Tools 2018
  89. Hacker Tools Apk
  90. Nsa Hacker Tools
  91. New Hack Tools
  92. Pentest Tools Nmap
  93. Hack And Tools
  94. Hack Rom Tools
  95. Pentest Tools Linux
  96. Hack Tools For Mac
  97. Hack Apps
  98. Kik Hack Tools
  99. Pentest Tools Subdomain
  100. Hacker Hardware Tools
  101. Hacker Tools For Pc
  102. Tools For Hacker
  103. Hacking App
  104. Pentest Tools Windows
  105. New Hacker Tools
  106. Pentest Tools Windows
  107. Pentest Tools Android
  108. Hack Tools Pc
  109. Growth Hacker Tools
  110. Android Hack Tools Github
  111. Hacking Tools Online
  112. Pentest Tools Website
  113. Hacker Tools For Ios
  114. Hacking Tools Software
  115. How To Make Hacking Tools
  116. Best Hacking Tools 2019
  117. Pentest Tools Alternative
  118. Hack Tools
  119. Pentest Automation Tools
  120. Beginner Hacker Tools
  121. Hack Tools Online
  122. Blackhat Hacker Tools
  123. Growth Hacker Tools
  124. Hacks And Tools
  125. Usb Pentest Tools
  126. Pentest Tools Alternative
  127. Hacking Tools For Pc
  128. Best Hacking Tools 2020
  129. Pentest Box Tools Download
  130. Pentest Tools List
  131. Hack App
  132. Pentest Tools Apk
  133. Android Hack Tools Github
  134. Bluetooth Hacking Tools Kali
  135. Hacking Tools For Games
  136. Bluetooth Hacking Tools Kali
  137. Pentest Tools Open Source
  138. Pentest Tools Windows
  139. Hack Tools For Windows
  140. Hacker Tools List
  141. Beginner Hacker Tools
  142. Hacker Techniques Tools And Incident Handling
  143. New Hack Tools
  144. Hacking Tools And Software
  145. Hack And Tools
  146. Kik Hack Tools
  147. What Is Hacking Tools
  148. Hacking Tools For Pc
  149. Hackers Toolbox
  150. Best Hacking Tools 2019
  151. Hacking Tools For Games
  152. How To Install Pentest Tools In Ubuntu
  153. Pentest Tools Framework
  154. Hacker Tools Mac
  155. Hack Tools For Ubuntu
  156. Hack Tools For Pc
  157. Black Hat Hacker Tools
  158. Pentest Tools Website
  159. Hacking Tools Software
  160. Hacker Hardware Tools
  161. Pentest Recon Tools
  162. Kik Hack Tools
  163. Pentest Tools Website Vulnerability
  164. Hackrf Tools
  165. Hacking Tools Hardware
  166. Hacking Apps
  167. Hacking Tools And Software
  168. Hackrf Tools
  169. Hack Tool Apk
  170. Pentest Tools List
  171. Hack Tools For Ubuntu
  172. Hacker Tools Hardware
  173. Hacker Tools Windows
  174. Hack Tools For Games
Publicado por en No hay comentarios:

ADVANTAGE OF ETHICAL HACKING

Advantage of Ethical Hacking

Hacking is quite useful in the following purpose-

1-To recover lost information, especially in case you lost your password.

2-To perform penetration testing to strengthen computer and network security.

3-To put adequate preventative measure in place to prevent security breaches.

4-To have a computer system that prevents malicious hackers from gaining access.

5-Fighting against terrorism and national security breaches.


Read more


  1. Pentest Tools Online
  2. Hack And Tools
  3. Hacker Security Tools
  4. How To Install Pentest Tools In Ubuntu
  5. Beginner Hacker Tools
  6. Kik Hack Tools
  7. Hacker
  8. Hacker Tools Linux
  9. Pentest Tools For Ubuntu
  10. Pentest Box Tools Download
  11. Pentest Tools Open Source
  12. How To Install Pentest Tools In Ubuntu
  13. Hacking Tools For Games
  14. Hack Tools 2019
  15. Pentest Tools List
  16. Hacker Tools Software
  17. New Hacker Tools
  18. Hacker Tools For Pc
  19. Hacker Search Tools
  20. Hacking Tools Mac
  21. Hacker Tools 2020
  22. Hack Rom Tools
  23. Nsa Hack Tools Download
  24. Pentest Tools Framework
  25. Physical Pentest Tools
  26. Hacking Tools Download
  27. Pentest Tools Online
  28. Best Hacking Tools 2019
  29. Pentest Tools Github
  30. Best Hacking Tools 2019
  31. Pentest Tools Android
  32. Hacking Tools For Games
  33. Pentest Tools Subdomain
  34. Nsa Hacker Tools
  35. Pentest Tools For Mac
  36. Pentest Box Tools Download
  37. Pentest Tools Framework
  38. Hacking Tools Online
  39. Hacking Tools Github
  40. Hacker Tools For Mac
  41. Pentest Tools Android
  42. Hack Tools Pc
  43. Blackhat Hacker Tools
  44. Hacking Tools Download
  45. Pentest Tools Free
  46. Hack Tools Pc
  47. Hack Tools For Games
  48. Wifi Hacker Tools For Windows
  49. Physical Pentest Tools
  50. Hacker Tools Linux
  51. Hacker Tools 2020
  52. Tools Used For Hacking
  53. How To Hack
  54. Hacker Tools For Windows
  55. Pentest Tools Download
  56. Pentest Tools Nmap
  57. Pentest Tools Website
  58. Hacking Tools Mac
  59. Hacks And Tools
  60. Kik Hack Tools
  61. Hacker Hardware Tools
  62. Hacker Tools Software
  63. Black Hat Hacker Tools
  64. Pentest Tools Windows
  65. Hacking Tools Online
  66. Hack Tools For Games
  67. Hack Tools For Windows
  68. Pentest Box Tools Download
  69. Hacking Tools Download
  70. Hacker Tool Kit
  71. Hacking Tools And Software
  72. Hacking Tools Free Download
  73. Ethical Hacker Tools
  74. Hacking Apps
  75. Wifi Hacker Tools For Windows
  76. Hackrf Tools
  77. Pentest Tools Apk
  78. Best Hacking Tools 2020
  79. Hacker Security Tools
  80. Pentest Tools Bluekeep
  81. Hack Tools For Windows
  82. Hacking Tools And Software
  83. Hack Tools
  84. How To Install Pentest Tools In Ubuntu
  85. Hacking Tools 2020
  86. Pentest Tools Free
  87. Pentest Tools Bluekeep
  88. Free Pentest Tools For Windows
  89. Hacker Tools Apk Download
  90. Pentest Tools Download
  91. Hack Tools For Games
  92. Hacking Tools Download
  93. Pentest Tools Free
  94. Best Pentesting Tools 2018
  95. Hacker Tools
  96. Game Hacking
  97. Hacker Tools For Windows
  98. Hack Tools For Games
  99. Top Pentest Tools
  100. Hacking Tools Windows 10
  101. Nsa Hack Tools Download
  102. Hacking Tools
  103. What Is Hacking Tools
  104. How To Hack
  105. Free Pentest Tools For Windows
  106. Hack Apps
Publicado por en No hay comentarios:

CEH: Gathering Host And Network Information | Scanning

Scanning

It is important that the information-gathering stage be as complete as possible to identify the best location and targets to scan. After the completion of  footprinting and information gathering methodologies, scanning is performed.
During scanning, the hacker has vision to get information about network an hosts which are connected to that network that can help hackers to determine which type of exploit to use in hacking a system precisely. Information such as an IP addresses, operating system, services, and installed applications.

Scanning is the methodology used to detect the system that are alive and respond on the network or not. Ethical hackers use these type of scanning to identify the IP address of target system. Scanning is also used to determine the availability of the system whether it is connected to the network or not.

Types Of Scanning 

Network ScanningIdentifies IP addresses on a given network or subnet
Port ScanningDetermines open, close, filtered and unfiltered ports and services
Vulnerability ScannerDetect the vulnerability on the target system

Port Scanning ​

Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. Each service or application on a machine is associated with a well-known port number. Port Numbers are divided into three ranges:
  • Well-Known Ports: 0-1023
  • Registered Ports: 1024-49151
  • Dynamic Ports: 49152-6553

Network Scanning

Network scanning is performed for the detection of active hosts on a network either you wanna attack them or as a network administrator. Network-scanning tools attempt to identify all the live or responding hosts on the network and their corresponding IP addresses. Hosts are identified by their individual IP addresses.

Vulnerability Scanning

This methodology is used to detect vulnerabilities of computer systems on a network. A vulnerability scanner typically identifies the operating system and version number, including applications that are installed. After that the scanner will try to detect vulnerabilities and weakness in the operating system. During the later attack phase, a hacker can exploit those weaknesses in order to gain access to the system. Moreover, the vulnerability scanner can be detected as well, because the scanner must interact over the network with target machine.

The CEH Scanning Methodology

As a CEH, you should understand the methodology about scanning presented in the figure below. Because this is the actual need of hackers to perform further attacks after the information about network and hosts which are connected to the network. It detects the vulnerabilities in the system bu which hackers can be accessible to that system by exploitation of that vulnerabilities.



More info


  1. Tools For Hacker
  2. Hacking Tools Online
  3. Hacker Tools Github
  4. Hacking Tools For Mac
  5. What Are Hacking Tools
  6. Pentest Tools Find Subdomains
  7. Pentest Tools Port Scanner
  8. Top Pentest Tools
  9. Hacking Tools Kit
  10. Hacking Tools Usb
  11. Hacker Tools Software
  12. Pentest Tools Find Subdomains
  13. New Hack Tools
  14. Hacker Tools Free
  15. Beginner Hacker Tools
  16. Hack Tools Pc
  17. Pentest Tools Framework
  18. World No 1 Hacker Software
  19. Hacking Tools Free Download
  20. Hacker Tools Online
  21. Hacker Tools Github
  22. Hacker Tools For Mac
  23. New Hack Tools
  24. Underground Hacker Sites
  25. Hacker Techniques Tools And Incident Handling
  26. Termux Hacking Tools 2019
  27. Pentest Box Tools Download
  28. What Are Hacking Tools
  29. Hacks And Tools
  30. Hack And Tools
  31. Pentest Tools For Ubuntu
  32. Hacking Tools Hardware
  33. Hack Tools
  34. Hacking Tools Usb
  35. Hack Tools
  36. Hacking Tools For Kali Linux
  37. Pentest Tools Url Fuzzer
  38. Tools 4 Hack
  39. Nsa Hack Tools Download
  40. Hacking Tools Windows 10
  41. Pentest Tools Framework
  42. Hack App
  43. Android Hack Tools Github
  44. Hacker Tools For Mac
  45. Hacker Tools Github
  46. Hacking Tools For Windows Free Download
  47. Kik Hack Tools
  48. How To Install Pentest Tools In Ubuntu
  49. Underground Hacker Sites
  50. Hacking Tools For Windows 7
  51. Pentest Tools Port Scanner
  52. Hacker Techniques Tools And Incident Handling
  53. Hack Tools Pc
  54. Hacker Tools Apk Download
  55. Free Pentest Tools For Windows
  56. Hacker Tools For Mac
  57. Pentest Tools Url Fuzzer
  58. Hacking Tools For Windows
  59. Top Pentest Tools
  60. Hacking Apps
  61. Hacking Tools Pc
  62. Pentest Reporting Tools
  63. Physical Pentest Tools
  64. Usb Pentest Tools
  65. Pentest Tools Kali Linux
  66. Pentest Tools Subdomain
  67. Hack Rom Tools
  68. Hacking Tools Kit
  69. Hacker Tools For Pc
  70. Hack Tools Online
  71. Physical Pentest Tools
  72. Hacker Tools Windows
  73. Hacking Tools Online
  74. Nsa Hack Tools
  75. Hacker Tools Free Download
  76. Tools Used For Hacking
  77. Pentest Recon Tools
  78. How To Hack
  79. Hack Tools For Pc
  80. Hacking Tools Windows
  81. Hacking Tools And Software
  82. Pentest Box Tools Download
  83. Black Hat Hacker Tools
  84. Hak5 Tools
  85. Hacker Tools Apk
  86. Hack Tool Apk
  87. Hackrf Tools
  88. Pentest Tools Online
  89. Tools Used For Hacking
  90. Top Pentest Tools
  91. Hacking Tools Github
  92. Pentest Tools Nmap
  93. Pentest Tools Url Fuzzer
  94. Hacker Techniques Tools And Incident Handling
Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)