Overview
Delve into a comprehensive analysis of remote root vulnerabilities in SSL-VPN appliances through this Hack In The Box Security Conference presentation. Explore the internals of the F5 FirePass SSL-VPN Appliance, uncovering hidden vulnerabilities despite existing security protections. Follow the journey from reverse engineering to binary planting, decrypting file systems, and examining the environment. Discover how web vulnerabilities, format string vulnerabilities, and persistence lead to overcoming multiple limitations and protections, ultimately gaining a remote unauthenticated root shell. Learn about the responsible disclosure process and the exemplary vendor response from F5. Gain insights into the misconceptions surrounding "security appliances" and the potential impact on Fortune 500 companies. Benefit from the expertise of Israeli security researcher Tal Zeltzer as he shares his findings, research methods, and tools developed during this in-depth investigation.
Syllabus
Introduction
Tals Bio
Research
Disadvantages
Vulnerability
Attack Surface
Analysis
Virtual Machines
Boot Partition
Busy Box Shell
Decrypt Command
Debug Shell
Linux
Slackware
Character Distribution
PHP Encryption
XDebug
MySQL Log
Setup
Tunnel Handler
Tunnel Error
SQL Injection Vulnerability
SQL Log
Propagation
Stack trace
Block comments
Failed
Stack Overflow
Field Terminator
Vulnerability Disclosure Process
Demo
Thanking the EFF
Thanking others
Questions
Taught by
Hack In The Box Security Conference