Reverse Shell via Voice (SIP, Skype) Project Thesis Department of Computer Science University of Applied Science Rapperswil Fall Term 2019 Author(s): Dominique Illi, Michel Bongard Advisor: Cyrill Brunschwiler Project Partner: Cyrill Brunschwiler Compass Security Network Computing AG Werkstrasse 20 CH-8645 Jona Project Thesis: Reverse Shell via Voice (SIP, Skype) Reverse Shell via Voice (SIP, Skype) A – Content Authors: Dominique Illi, Michel Bongard Fall Term 2019 2 Project Thesis: Reverse Shell via Voice (SIP, Skype) A – Content ....................................................................................................... 2 B – Scope of Thesis ........................................................................................... 4 C – Abstract .................................................................................................... 10 D – Lay-Summary ............................................................................................ 12 E – Management Summary ............................................................................ 14 F – Technical Report ....................................................................................... 16 G - Attachments ............................................................................................ 130 G-1 – Declaration of Originality .................................................................. 131 G-2 – Rights of Use ..................................................................................... 133 G-3 – Requirement Analysis ....................................................................... 135 G-4 – Project Plan ....................................................................................... 141 G-5 – Software Architecture Document ..................................................... 153 G-6 – PJSIP Instructions .............................................................................. 167 3 Project Thesis: Reverse Shell via Voice (SIP, Skype) Reverse Shell via Voice (SIP, Skype) B – Scope of Thesis Authors: Dominique Illi, Michel Bongard Fall Term 2019 4 Project Thesis: Reverse Shell via Voice (SIP, Skype) 5 Project Thesis: Reverse Shell via Voice (SIP, Skype) 6 Project Thesis: Reverse Shell via Voice (SIP, Skype) 7 Project Thesis: Reverse Shell via Voice (SIP, Skype) 8 Project Thesis: Reverse Shell via Voice (SIP, Skype) 9 Project Thesis: Reverse Shell via Voice (SIP, Skype) Reverse Shell via Voice (SIP, Skype) C – Abstract Authors: Dominique Illi, Michel Bongard Fall Term 2019 10 Project Thesis: Reverse Shell via Voice (SIP, Skype) Initial Situation Nowadays, there are less and less points of entry for a hacker to attack a network. Modern network infrastructures are specifically designed to deny any attempt of direct access from the internet into an internal network. To circumvent those restrictions, it is often easier to initiate a data-channel from within the internal network. There already exist certain ways to establish such inside out channels such as the TCP reverse shell. However, most of these attacks are not very difficult to detect by network intrusion detection systems. One alternative is the encapsulation of payload inside of VoIP packets. This thesis is a feasibility study containing a proof of concept to establish the practicality of a reverse shell over VoIP. Approach / Technology Due to the popularity of SIP and Skype, this thesis focuses on these two VoIP protocols. First, a thorough understanding of both protocols had to be acquired. After an initial research phase, the decision was made to develop the proof of concept for SIP. Because SIP is open source, existing libraries can be used as a foundation. Skype's proprietary nature would require reverse engineering the protocol. In the final proof of concept an open source C-library is used. The attacker encodes a shell command to audio using a mapping between the ASCII table and different frequencies. The audio is then placed inside RTP packets and transmitted to the victim. There, the audio gets converted back to text and the shell command is executed. The shell output is sent back to the attacker the same way. Result This thesis proofed that a reverse shell over VoIP is possible. At the moment it works only when both attacker and victim are in the same network. To make the solution work over the internet as well, UDP packet loss needs to be handled. However, when both clients are in the same LAN, a SIP connection can be established between the victim and the attacker, allowing the attacker to execute shell commands on the victim's client at a speed of 50 Bytes per second. 11 Project Thesis: Reverse Shell via Voice (SIP, Skype) Reverse Shell via Voice (SIP, Skype) D – Lay-Summary Authors: Dominique Illi, Michel Bongard Fall Term 2019 12 Project Thesis: Reverse Shell via Voice (SIP, Skype) Initial Situation Nowadays, there are less and less points of entry for a hacker to attack a company’s infrastructure. Modern infrastructures are specifically designed to deny any attempt of direct access from the internet into the company. To circumvent those restrictions, it is often easier to initiate a data- channel from within the company through malicious software, downloaded by an unsuspecting employee. This is called an inside out attack. There already exist certain ways to establish such attacks. However, most of these attacks are not very difficult to detect by the administrator of the company. One alternative is to establish the connection as digital phone connection. This thesis is a feasibility study containing a proof of concept to establish such an inside out attack through a telephone connection. Approach / Technology There are two possible technologies that could be used for an inside out attack over a telephone connection: Skype, a proprietary protocol used by Microsoft, and SIP, an open source standard (meaning the programming code is publicly available) that is widely used. Because applications using SIP are available for free and can be modified, SIP was used to implement the proof of concept. On the attackers side a software listens for a victim initiating a call. Once the call is set up, the attacker can send computer commands to the victim through the telephone connection, which are then executed on the victim’s computer. Result This thesis proofed that a reverse shell over VoIP is possible. At the moment it works only when both attacker and victim are in the same network (i.e. same building) because over the internet there will be some data loss and currently there is no recovery mechanism built in. However, when both clients are in the same location the attacker can fully control the victim’s computer. 13 Project Thesis: Reverse Shell via Voice (SIP, Skype) Reverse Shell via Voice (SIP, Skype) E – Management Summary Authors: Dominique Illi, Michel Bongard Fall Term 2019 14 Project Thesis: Reverse Shell via Voice (SIP, Skype) Initial Situation Due to the growing number of cybercriminals, companies are forced to make more investments into the IT security. Inside-out attacks, in which a connection is established from the secure network to the attacker, are a popular form of attack for hackers to penetrate well-protected networks. Common ways to open such channels are malicious attachments in e-mails. Because modern network devices can recognize such attacks better and better, hackers may try to hide the channels within VoIP. This makes it almost impossible to distinguish a normal Internet call from a hacker attack. Approach / Technology This project investigates the feasibility of such an attack channel via an Internet telephony connection. By using standardized protocols, common Internet telephony software was replicated, and an attempt was made to establish a malicious transmission over these devices. Result The thesis came to the conclusion that it is possible to establish a malicious connection via a telephone channel. With the proof of concept, it was possible to remote control a company’s computer. For this reason, it is indispensable to keep the network devices up to date at all times and to use additional resources to investigate this new type of attack. Otherwise the risk of losing company data is high and financial loss is to be expected. 15 Project Thesis: Reverse Shell via Voice (SIP, Skype) Reverse Shell via Voice (SIP, Skype) F – Technical Report Authors: Dominique Illi, Michel Bongard Fall Term 2019 16 1 Content 1 Content ......................................................................................................................................... 17 2 Introduction .................................................................................................................................. 22 2.1 Overview ............................................................................................................................... 22 2.2 Starting position and motivation .......................................................................................... 22 2.3 Objective ............................................................................................................................... 22 2.4 Approach ............................................................................................................................... 23 3 Research: VoIP with SIP ................................................................................................................ 24 3.1 Overview ..............................................................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages168 Page
-
File Size-