Notre équipe, composée de 4 consultants en sécurité informatique et d'une responsable de communication a eu la chance de pouvoir participer à la DEFCON 2016 cet été.
Voici le compte rendu de notre voyage à Las Vegas.

Mercredi

L'équipe de Sysdream s'est retrouvée pour un long voyage de quasiment 27h vers les États-Unis en partance de Paris.
10h de vol vers Dallas, 4h d'escale (merci American Airline) puis 2h vers Las Vegas !
Une fois arrivés, après un petit tour en taxi, début de #hallwaycon à la réception ! Clés en poche, première soirée!
Bienvenu à l'hôtel Paris!
...

Nuit du Hack – The backstages

Not only challenge maker, all the team wanted to explain you what the CTF means for them.
Let's discover what they have to say...

Plus qu'un jeu ou une compétition

À la manière des compétitions sportives, symbolisées par le « fair play », le respect, la cohésion d'équipe, les tournois électroniques occupent aujourd'hui une place importante dans la vie des communautés. Sports électroniques et autres disciplines confondues, le « fair play » n'est pas systématiquement au rendez-vous mais la bonne humeur est généralement de circonstance, de même qu'un esprit partagé : progresser dans de nombreux domaines et repousser les limites...

FOG is a free, open source, computer cloning and management solution.
We found several vulnerabilities in Fog, a free and open source computer cloning and management solution : a SQL injection (CVSS 9.3) and an unauthenticated remote command execution vulnerability (CVSS 10).
As a solution, the vendor recommends using the beta/development builds, instead of the 1.2.0 stable release.

Several XSS vulnerabilities have been found on several pages of the administration panel. Reflected XSS may lead to session hijacking on admin user.

Several vulnerabilities have been discovered between 2015, October and 2016, February.
Reported vulnerabilities are similar to those previously discovered by hyp3rlinx, although they concern different pages.
In brief, the flaws are of the following kinds: CSRF, XSS (reflected and stored), file upload and information disclosure. Most vulnerabilities need an administration access to the web application and may lead to personal information leakage or account take-over.

Horsys is a human resource appliation, allowing the user to manage his profile, vacation, position title and other personnal data like address, phone number and so on.
The application runs on Windows and launches a web server. This product has been developped by Asys company.
We found that it is vulnerable to several vulnerabilities, which can lead to personal information leakage or account take-over.

When using the "database backup/logging on filesystem" feature, iThemes security generates a weak filename allowing attackers to obtain the backup/log file if they know when the backup/log file was generated (timestamp).

A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to backup/log files.

By default, when using the "database backup on filesystem" feature, iThemes Security saves the backup files in a world-readable directory :
wp-content/uploads/ithemes-security/backups

The .htaccess file is generated during the plugin initial setup/update, only if the wp-content/uploads/ithemes-security/backups exists (or wp-content/uploads/ithemes-security/logs). Note that it does NOT exists by default.

When running a backup, the ITSEC_Backup class creates the directory but without any .htaccess file inside. The same thing happens with log saving.

If the webserver has directory listing enabled, then anybody can download the complete database backup or view the log files.

A critical vulnerability has been found in Proxmox VE 3 (OpenVZ) and Proxmox VE 4 beta 1 (LXC) in the virtual machine creating form allowing authenticated remote users to overwrite configuration files settings.

Centreon is a popular monitoring solution.

A critical vulnerability has been found in the Centreon logging class allowing remote users to execute arbitrary commands.