In UDP, it has minissdpd/findhost/snmpd, etc., most of protocols help to find devices. We can see that in the default environment, many services are opened, such as smb/nginx/afpd. Attack surfaceįirst of all, we can use netstat to find which port is open. In order to better meet the environment that we usually encounter and the requirements in Pwn2Own, it will be in the state of all default settings. It very similar as DS418 play(target of Pwn2Own Tokyo 2020). Because of Synology is the most popular device in Taiwan, we decided start from it. We also wanted to try to join Pwn2Pwn event, so we decided to make NAS as the primary goal of the research at that time. The last reason is that NAS has become one of the main targets of Pwn2Own Mobile since 2020. We hope to reduce the recurrence of similar things, thereby increasing the priority of NAS research to improve NAS security. At the beginning of last year, NAS vulnerabilities led to outbreak of locker event. More and more people store important data on NAS. NAS has become more and more popular in recent years. Therefore, NAS gradually attracted our attention, and its Strategic Value has been much higher than before. They usually stored a lot of corporate confidential information on the NAS. While we were doing red team assessment, we found that NAS generally appeared in the corporate intranet, or sometimes even exposed to the external network. Motivation Why do we want to research NAS? Red Team In this era of Internet of Things, there will be more people combining NAS and home assistants to make life more convenient. In modern times, NAS provides not only file sharing but also various services. It was mainly used to allow users to directly access data and share files on the Internet. In the early days, NAS was generally used to separate the server and data and also used for backup. This research is also presented at HITCON 2021. Following we will describe the details and how we exploit it.
After that, we found the vulnerability is not only exists on Synology but also on most NAS vendors. We used this vulnerability to exploit Synology DS418play NAS in Pwn2Own Tokyo 2020.
#Netatalk github code#
This vulnerability can let an unauthorized attacker gain code execution on remote Synology DiskStation NAS server. Two years ago, we found a critical vulnerability, CVE-2021-31439, on Synology NAS.
0 kommentar(er)
