Monthly Archives: November 2015

HPN Spotlight: Dan Roerick

In our HPN Spotlight series, we will be featuring High Point Networks employees from our Service, Sales and Support teams across our five locations.

Name: Dan Roerick

Title: Project Manager

Office: West Fargo, ND

Where did you grow up?
I was born and raised in Fargo, ND and attended Fargo Public Schools, graduating from Fargo South High.

Dan 2

What did you do before joining the HPN team?
After high school, I attended NDSU. During college I worked as a delivery driver and shift manager for Pizza Hut, before getting my first corporate IT job in 1997. I spent 7 years as the LAN/WAN manager of a real estate company before joining HPN in July of 2004.

What do you do in your free time?
I spend time with my family and friends, and I love live events (sports, concerts, etc.) and movies. I also have a passion for photography and spend a great deal of time following that passion, and I have numerous print publications to my credit.

What is your favorite part about HPN?

We have always had a work hard/play hard mentality. Tom, Justin and Brad treat us very well for all of our hard work, and they support all the employees in their personal endeavors as well,  be that a photography passion, coaching HS football, etc. HPN truly has a family feel. That is my favorite part.

What is your favorite HPN moment?
Being honored with the High Point Award this year and being recognized as a valuable member of the team.

What is one thing about yourself that HPN employees and customers probably don’t know?
My mother is a native of Germany and met my father when he was stationed there with the US Army. I still have family in Germany, and I visited Europe half a dozen times by the time I was 18.

How Hackers Attack – Part 1

Most hackers have a favorite target. Some prefer web servers of a particular flavor, others prefer Remote Desktop or SSH, etc.  Knowing this ultimately helps an administrator to know and understand the threats that face their network.  So, how does this look in the real world?  Let us take a look at a practical example.

Let’s say my target of choice is the WordPress platform.   Now, because I have access to the WordPress source code, I spend all day pouring over the code looking for vulnerabilities.  (In fairness, it is not only open source code that I can do this on, but it’s easier on open source software because there’s typically less reverse engineering involved.)  Suppose now that I have found a vulnerability and want to develop an exploit for this vulnerability.  I turn to ExploitPack to write and test the exploit.

ExploitPack is a cross-platform tool that allows me to quickly write and test the exploit.  ExploitPack allows me to write my exploit(s) in Python, a language that is lightweight, powerful, and very easy to learn.  ExploitPack is essentially an integrated development environment (IDE) for developing exploits, and it’s free to anyone who can find it online.

So, now that I’ve found my vulnerability and have written an exploit for it, I now need to find a list of targets that would be affected by my vulnerability.  This can be a manual process, or a clever hacker can automate it.  Manually, I could search Google with a query of “link:wp-content/themes” and find all of the WordPress sites in the Google index, but now I have to compile that list by hand, and I’m quickly bored by that.  What are my options?  ‘zmap’ is a tool that allows me to quickly scan very large segments of the Internet for services running on specific ports.  I can find all the webservers on the “regular Internet” (I’ll write about the “dark net” later) in a couple of days.  Then I just need to crawl those sites using a tool like BurpSuite looking for “wp-content/themes.”  So, in a week’s time, I can find the vast majority of the sites on the Internet that run WordPress.

How does a hacker tie it all together?  They take the list of targets they found using zmap and burp, export it into ExploitPack, select their hand-crafted vulnerability as their payload, and select a payload (which can be any of a thousand things, but in a case like this, your attacker is probably going to use a PHP shell as their payload to allow them to do whatever they want on the box) and hit “go.”

A little patience, and now I’ve got a remote shell on potentially tens of thousands of hosts from which I can do a number of things, including deface websites, steal content, steal credentials, host malware – the list goes on.  And it only took me a couple of weeks.  If the site contained anything really juicy, I might be able to sell it, or otherwise monetize it (e.g. blackmail).

That is how hackers attack your network.  All said and told, the only tool I would need to pay for to achieve all of this would be a commercial copy of BurpSuite, which costs $300… which I could recover very quickly by ransoming the websites I’d just “pwned” (“owned,” or taken over).  In the next segment of this series, I’ll write about how we prevent these attacks in a robust fashion.

Corey Steele, Network and Security Engineer