An analysis of the BENIGNCERTAIN exploit included in The Shadow Brokers data dump reveals that the Equation Group, a cyber-espionage group that many have linked with the NSA, had the ability to crack open Cisco PIX firewalls and extract VPN and RSA private key and other sensitive configuration details.
Over the weekend, a person, or group, named The Shadow Brokers dumped online a trove of data they said they stole from a server hosting the malware used in a live operation by the Equation Group.
The hackers are now selling this data to the highest bidder in an anonymous Bitcoin auction.
Lots of firewall-cracking exploits included in the data dump
So people take them seriously and to prove the legitimacy of their claims, the group leaked a series of exploits, most of them aimed at hacking enterprise-grade firewalls.
Among these were exploits such as EPICBANANA, JETPLOW, and EXTRABACON, that targeted Cisco ASA devices. Other exploits like ESCALATEPLOWMAN targeted WatchGuard firewalls, while EGREGIOUSBLUNDER targeted Fortinet devices.
Mustafa Al-Bassam, aka tFlow, co-founder of the LulzSec hacking crew, now a legitimate white hat researcher, says that one of the overlooked exploits is BENIGNCERTAIN.
Looking at the NSA’s past hacking tools
The reason why many security vendors and researchers ignored this exploit is because it targets Cisco PIX firewalls, a line of products that has reached its end of life.
While other security researchers were looking into seeing what exploits still worked today, Al-Bassam and security researcher Hector Martin were analyzing the older exploits, to understand what the NSA was capable of doing in the past, when targeting old-gen devices.
They discovered that the BENIGNCERTAIN exploit targeted Cisco PIX versions 5.2(9) to 6.3(4), and used three files to put together an exploitation chain that dumped the device’s memory using malformed Internet Key Exchange (IKE) packets.
“The memory dump can then be parsed to extract an RSA private key and other sensitive configuration information,” Al-Bassam writes in his analysis. Below is how a memory dump would look like, and the type of data the Equation Group would receive.
RSA private key structure at offset 0x%04x, size 0x%x bytes:
*** Found probable RSA private key ***
RSA public key structure at offset 0x%04x, size 0x%x bytes:
*** Found probable RSA public key ***
RSA key structure at offset 0x%04x, size 0x%x bytes:
RSA keys were generated at %s
VPN group structure at offset 0x%04x, size 0x%x bytes
Split-tunnel ACL: 0x%08x %s
Idle-time: 0x%08x [%d seconds]
Max-time: 0x%08x [%d %s]
PFS: 0x%08x %s
Clear-client-cfg: 0x%08x %s
User-idle-timeout: 0x%08x [%d seconds]
Authen. server: 0x%08x %s
Secure-unit-auth: 0x%08x %s
User authen.: 0x%08x %s
Device pass-thru: 0x%08x %s
