DeepSec2020 Talk: Pivoting – As an Attack Weapon – Filipi Pires
Demonstrating an exploit in a container environment (three dockers) across three different networks, I will demonstrate different pivot, vulnerability exploit, and privilege escalation techniques on all machines using Alpine linux, Gogs app, and other Linux platforms using Pentest methodologies such as recon, enumeration, exploitation, post exploitation.
By the end of this presentation everyone will be able to see different ways that exist in working with a single form of pivot and how to overcome different obstacles in different networks within this “new” environment called Docker.
We asked Filipi a few more questions about his talk.
Please tell us the top 5 facts about your talk.
During this presentation, we are looking at some important facts such as:
Observability in different environment, vulnerability exploit, use of privilege escalation techniques, some misconfigurations or maybe no good behaviour, one of those most important for me (in my opinion) to be creative.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
When conducting a web application penetration test there are times when you want to be able to pivot through a system to which you have gained access, and to other systems in order to continue testing. There are many channels that can be used as avenues for pivoting.
This presentation presents the most common used channels for pivoting like: SSH local port forwarding, and during one of my activities, I talked to a friend who presented me with an excellent tool for executing the pivoting technique, this tool is known as Chisel. This technique can be used in many different activities in Penetration Testing and/or many CTFs – Capture the Flags
Why do you think this is an important topic?
This technique can be used in many different activities in Penetration Testing or/and different kind of CTFs – Capture the Flags within the context of using them with key tools in the penetration tester’s arsenal including: Nmap, netcat, etc. Each tool that you use to progress in your test environment, can guarantee many benefits, but the important thing that we’ll talk about during this presentation, such as ease of implementation, performance of execution, among others and so the more knowledge of how the packaging of the protocol works and how this communication is done, the better the application of the tool will be.
Is there something you want everybody to know – some good advice for our readers maybe?
Pivoting helps an attacker to configure the working environment to use the tools in such a way as if he were in the organization’s local network, that is, using pivoting is achieved, you can get access to local resources and the ability to use tools to scan and search for vulnerabilities from your computer in a remote local network, as if they were installed right there. So, hacker tools gain access to the local network, which under normal conditions is impossible for non-routable traffic and you can create yourself environment to be compromised in the end of this presentation and you can apply some concepts that are extremely important to be understood, mainly the concepts of Networks, Routing and how it all works.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
Each tool that you use to progress in your test environment, can guarantee many benefits such as ease of implementation, performance of execution, among others. Some points that are important to evaluate when using tools for pivot are what kind of blocks you may face during the performance of your penetration testing. Many times, when we get access to a vulnerable machine our “shell” is totally limited, so the more knowledge of how the packaging of the protocol works and how this communication is done, the better the application of the tool will be.
Which pivoting technique is best?
There is no one correct answer. The answer depends of course, on what the pen tester is trying to do and on the situation.
Is the port open? Is the prerequisite software installed? In order to choose the best pivoting technique, the pen tester needs to match the technique to the situation.
When it comes to future topics, it is interesting to work with different scenarios, such as different operating systems, in addition to the use of containers, as mentioned superficially in this presentation.
Filipi has been working as a researcher and Cyber Security Manager at ZUP Security Labs at Zup Innovation and as a Global Research Manager at Hacker Security, has talked at security events in US, Germany, Poland, Hungary, Czech Republic, Brazil and others countries, worked as University Professor at Undergraduate / MBA courses at colleges as FIAP / Mackenzie / UNIBTA and UNICIV. In addition, he’s founder and instructor of the course – Malware Analysis – Fundamentals (HackerSec Company – Online Course – Portuguese Language).