Posts Tagged ‘AWS’

Open Elasticsearch nodes on Shodan

Posted: 06/01/2018 in Uncategorized
Tags: , , , ,

Administrators like to use Elasticsearch (What is Elasticsearch?) as a real-time data search and analysis tool. However lots of administrators forget to secure these nodes.

With a simple search on shodan, we can find the Elastic indices :

https://www.shodan.io/search?query=port:”9200″ product:”Elastic”

Confidential information can be accessed through these addresses, below is the syntax to use:

http://IP:9200/_search?pretty

Here are some basic recommendations for securing your nodes :

  • Only allow direct access to known IP addresses (Source to destination)
  • Add Authentication to Elastic Node (2FA all the way)

PoC

  1. Use this filter on shodan to search elastic node : port:”9200″ product:”Elastic”
  2. Check Elastic connection : http://IP:9200
  3. Executing Search : http://IP:9200/_search?pretty

This Node disclose some confidential information, we can use it to access to all accounts

Now we can use this information to access the Elastic backend

After contact the company has now secured their node.

For help security Elasticsearch watch the video on link below:

https://www.elastic.co/elasticon/conf/2016/sf/securing-elasticsearch

Also see Amazon Elasticsearch Service (Amazon ES) Developer Guide

Advertisements

Image result for password cracking nvidia

WPA algorithm is very secure, and to get the password usually we have only one way – to brute force it, which could take huge time if password is strong enough. But what if instead of using regular CPUs we would use a power of GPU? Amazon says, that we can use up to 1,536 CUDA cores on g2.2xlarge instance, which costs $0.65 (around 50p sterling) per hour. Sounds very promising, so let’s see how it can help us to speed up password brute force.

Below I will give step-by-step tutorial on how to deploy Amazon GPU instance and run pyrit (python tool) to crack password using GPU. In this article I assume that you are already familiar with aircrack-ng wi-fi cracking tools. And you’ve already captured handshake into .cap file.

Cracking WiFi Password with Pyrit and NVIDIA GPU on Amazon AWS

Go to Amazon EC2 panel and click Launch new instance

Select Ubuntu Server 14.04 LTS (HVM) 64 bit > GPU instances g2.2xlarge > Review and launch

SSH to your new instance

Now, Go to Nvidia website and download latest CUDA installer (choose runfile for Ubuntu 14.04). At the time of writing it is cuda_7.5.18

Install build tools

To avoid ERROR: Unable to load the kernel module ‘nvidia.ko’, install also

To avoid ERROR: The Nouveau kernel driver is currently in use by your system.

To avoid ERROR: Unable to find the kernel source tree for the currently running kernel:

Reboot Now!

Extract Nvidia installers

Run driver installation

Download and unzip pyrit and cpyrit-cuda:

Install additional libs

Install pyrit and cpyrit-cuda

Run pyrit list_cores and make sure CUDA cores are detected

Create file gen_pw.py, modify chars variable which is our characters dictionary. In my case I’m cracking password containing only digits.

Run brute force to crack password from 8 to 12 characters length

I tried to brute force password with and without CUDA, and result is 4k pw/sec vs 30k pw/sec. I’m a bit disappointed, because I expected much faster results with CUDA. But anyway I got an experience of setting up CUDA driver on Amazon AWS. Hope this can help someone else to crack their wifi password with CUDA