Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Skype API Ap2Ap Stream Creation Flaw

Skype API Ap2Ap Stream Creation Flaw

From: <vizig0thblitz_at_gmail.com>
Date: 18 Aug 2006 23:06:58 -0000
('binary' encoding is not supported, stored as-is) An application-to-application stream can be created between two Skype clients without having established normal communications between them and both Skype client's contact lists are empty. With this ability any Skype enabled application can create a convert communication stream to a central server. This can only occur, of course, if the user voluntarily installs the application. Therefore, the main attack vector for this functionality is to create a legitimate Skype-enabled application, have the user install the application, and once the user starts the application make a covert connection to a central server. Once the connection to the central server is made, additional software can be downloaded and installed on the target computer via the application-to-application stream.

Scenario Setup:

The following will be needed to recreate the scenario:

1.Two computers with Skype installed and two separate Skype Ids that have had no communication between them.

2.A copy of SkypeTracer installed on each computer.

Scenario Steps:

1.Start the Skype clients and SkypeTracer on each computer and attach the SkypeTracer application to their respective Skype clients.

2.Choose one of the Skype clients to be the central server and one to be the client that will establish the covert communication.

3.In the client SkypeTracer application send the following Skype command:

   SET USER [server Skype Id] IS AUTHORIZED TRUE

4.You will notice the chatter back and forth between the two clients adding each of the Skype Ids to their respective user1024.dbb files. This is the only place that I have found where the central server Skype Id can be found on the client's computer.

5.In both SkypeTracer applications create a common application using the Skype command:

       CREATE APPLICATION test

6.Once the process in step three and four has been completed (it can take up to ten seconds) send the following Skype command on the client SkypeTracer application:

       GET APPLICATION test CONNECTABLE

7.The client SkypeTracer application should echo back the central server's Skype Id.

8.Once the connectable user has been verified you can then complete the steps to establish application-to-application communication using the Skype command

ALTER APPLICATION test CONNECT [server Skype Id]

on the client SkypeTracer application.

9.Both SkypeTracer application's should now echo back that the application streams have been created
Received on Aug 21 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos