On Feb 6 2011 HBGary was hacked by Anonymous. The reason for writing this blog is due to the fact that Anonymous deviated from the DDos to hacking. Why Anonymous deviated from their favorite method of using DDOS is a question I have been asking myself and will pen my thoughts at the end. Secondly, the root cause of the whole debacle of Aaron Barr was the analytical method used by him to arrive at the conclusion, which will be inked at a later stage of this blog.
The Highlights of this hack were:
1: SQL Injection Attack.
2: Password hash Crack.
3: Social Engineering Attack.
[04:18] <&Sabu> greg, a 16 year old girl social engineered your admin jussi and got root to rootkit.com
4: Infiltration Methodology using Social Media (expertise of Aaron Barr)
SQL Injection Attack – HBGaryfederal.com
hbgaryfederal.com, like any other content-driven site was powered by a content management system (CMS) which is a common component of content-driven sites and facilitates to add or update content to the site. HBGary Federal chose to use a custom-made CMS system, instead of an off-the-shelf CMS.
Unlike standard CMS systems, custom-made CMS systems do have their bugs. Due to the clientel base of such standard CMS systems, these bugs are generally detected and patched in a timely manner. But for custom-made CMS which was used by HBGary had some basic programming bugs, which were promptly exploited.
The custom-made tag, left much of the QA and security out of the deployment scenario. It is important to pen-test such applications and if such tests are conducted then the probability of finding a bug by a single entity comes down to 50-50.
“SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.”
HBGary federal was susceptible to SQL Injection attack and the parameters which were used in the link were not validated nor sanitized due to which, it was possible for any hacker to retrieve other goodies by sending specially crafted queries. Havij is one such tool which is used for PENTESTING sql injections.