Sticky Keys To The Kingdom: Pre-auth RCE Is More Common Than You Think

Presented at DEF CON 24 (2016), Aug. 6, 2016, 5 p.m. (30 minutes)

With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin's innocent attempt to fix an issue, turns into complete compromise of entire servers/workstations with no effort needed from the attacker. Tim and Dennis will discuss how we came to this realization and explain how we automated looking for these issues in order to find hundreds of vulnerable machines over the internet. Tim and Dennis explain the tool developed for automation, provide statistics discovered from our research, and go over ways to protect yourself from falling victim to the issue.

Presenters:

• Tim McGuffin / Medic - Security Consultant - LARES Consulting   as Medic (Tim McGuffin)
  Tim was voted "most likely to be indicted" by his high school senior class, but has since gone on to gain the trust of large organizations and their executive management, which may or may not be a good thing. He holds a few industry certifications and is a member of a few security organizations, but considers his insomnia and attention deficit problems far more important to his career. Twitter: @NotMedic
• Dennis Maldonado / Linuz - Security Consultant - LARES Consulting   as Dennis Maldonado (AKA Linuz)
  Dennis Maldonado is a Security Consultant at LARES Consulting. His current work includes penetration testing, infrastructure assessments, red teaming, and security research. Dennis’ focus is encompassing all forms information security into an assessment in order to better simulate a real world attack against systems and infrastructure. As a security researcher and evangelist, Dennis spends his time sharing what he knows about Information Security with anyone willing to learn. Dennis is a returning speaker to DEF CON and has presented at numerous workshops and meet-ups in the Houston area. Dennis co-founded Houston Locksport in Houston, Texas where he shares his love for lock-picking physical security as well as Houston Area Hackers Anonymous (HAHA), a meet-up for hackers and InfoSec professionals in the Houston area. Twitter: @DennisMald

Links:

• https://defcon.org/html/defcon-24/dc-24-speakers.html#Maldonado
• https://infocon.org/cons/DEF CON/DEF CON 24/DEF CON 24 video and slides/DEF CON 24 - Linuz and Medic - Sticky Keys To The Kingdom - Pre-auth RCE - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=EAYtRQKfna0

Similar Presentations:

• BalCCon2k22 - Loading (2022) / Reviving the TIM-011 (plus Workshop)
• 44CON 2019 / Breaking Badge - Tim Wilkes and Phyushin Workshop