Vuln Dev
Skype API Ap2Ap Stream Creation Flaw Aug 18 2006 11:06PM
vizig0thblitz gmail com (1 replies)
An application-to-application stream can be created between two Skype clients without having established normal communications between them and both Skype client's contact lists are empty. With this ability any Skype enabled application can create a convert communication stream to a central server. This can only occur, of course, if the user voluntarily installs the application. Therefore, the main attack vector for this functionality is to create a legitimate Skype-enabled application, have the user install the application, and once the user starts the application make a covert connection to a central server. Once the connection to the central server is made, additional software can be downloaded and installed on the target computer via the application-to-application stream.

Scenario Setup:

The following will be needed to recreate the scenario:

1.Two computers with Skype installed and two separate Skype Ids that have had no communication between them.

2.A copy of SkypeTracer installed on each computer.

Scenario Steps:

1.Start the Skype clients and SkypeTracer on each computer and attach the SkypeTracer application to their respective Skype clients.

2.Choose one of the Skype clients to be the central server and one to be the client that will establish the covert communication.

3.In the client SkypeTracer application send the following Skype command:

SET USER [server Skype Id] IS AUTHORIZED TRUE

4.You will notice the chatter back and forth between the two clients adding each of the Skype Ids to their respective user1024.dbb files. This is the only place that I have found where the central server Skype Id can be found on the client's computer.

5.In both SkypeTracer applications create a common application using the Skype command:

CREATE APPLICATION test

6.Once the process in step three and four has been completed (it can take up to ten seconds) send the following Skype command on the client SkypeTracer application:

GET APPLICATION test CONNECTABLE

7.The client SkypeTracer application should echo back the central server's Skype Id.

8.Once the connectable user has been verified you can then complete the steps to establish application-to-application communication using the Skype command

ALTER APPLICATION test CONNECT [server Skype Id]

on the client SkypeTracer application.

9.Both SkypeTracer application's should now echo back that the application streams have been created

[ reply ]
Re: Skype API Ap2Ap Stream Creation Flaw Aug 21 2006 08:28PM
Stephen Samuel (samnospam bcgreen com)


 

Privacy Statement
Copyright 2010, SecurityFocus