As for the serial connection, I use and recommend Parallax's USB to RS-232 adapter Platform Overview I myself decided to risk $12 on a 1GB PC-3200 184 pin DIMM from Fry's that looked as if a small animal had been using the packaging as a chew toy. Cisco sold branded memory for the device at quite a premium which is guaranteed to work. You definitely want to eliminate any bottlenecks that you can before you begin. Debugging via the serial console is slow, and you'll likely be rebooting the device a lot. On the hardware end, if you do end up getting an actual ASA, be sure to upgrade the RAM if it's operating with anything less than 256MB. Patches, scripts aimed at both packing and unpacking images, and hacked binaries exist for several older versions however, there was none available at the time of writing for the vulnerable release. For those of you so inclined, many Cisco certification seekers have formed a community centered around the effort to emulate the software within QEMU and GNS3. In a town where tech startups crash and burn everyday, obtaining a used ASA on Craigslist is infinitely easier and cheaper when considering how much your time is worth. I did attempt getting it running inside of QEMU, but the amount of work required to succeed when all you want to do is debug is quite daunting, so I went with a physical device. The other options include possibly using the ASA virtual appliance (which I have not investigated at all), or virtualization of the system software via other means. Though other, cheaper options do exist, by far the easiest approach to this is purchasing an ASA. The first step in all of this obviously involves setting up a research environment. Any bugs you may eventually find could prove rather valuable. The ASA runs on a common architecture, can be had with a valid license relatively cheap, and requires no electronics knowledge to begin picking apart. I believe this is actually an extremely good way to get one's feet wet in the field. While some people appear to almost fear the ASA, and embedded reverse-engineering in general, I'd argue that this is simply because it is an unknown. Much of this article will be old hat to many of you, but on that note, you aren't the intended audience. Rather, with the aforementioned questions and discussions in mind, I felt that more value would be had in using this as a teaching opportunity. Releasing a module now that could be used to compromise one's own personal device running an outdated software release feels like a wasted effort at best. Given enough time, I'm sure it would come about, but the bug is patched. Since the initial disclosure, I've worked both with him and independently to find a fruitful memory disclosure, but to no avail. Unfortunately, both he and I left Exodus before the disclosure of the bug, so I can't comment on the decision to release it in such a state. I'm positive that given more time, he would have found an information leak necessary to circumvent that. ![]() Jordan's original exploit, which the public has seen, is impressive in itself, though not portable across ASA's due to loss of heap determinism given variances in device configurations. Before explaining why, some disclosures may be in order: while I wasn't on this project with David or Jordan, I actually worked at Exodus Intelligence during the discovery of this vulnerability and the initial exploitation attempts. ![]() I feel that this is far from the truth, and this article is a response to such notions. ![]() From this discussion, I've gathered that many researchers seem to consider the Cisco ASA as an unruly beast, difficult to approach, even harder to tame. Since then, I've fielded numerous requests for modules and witnessed much discussion generated from it. Back in February, Exodus Intelligence released their blog entry titled "Execute My Packet", which detailed their discovery and exploitation of CVE-2016-1287.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |