Little-beak.com's gitlab server

Commit 54ee08d0 authored by drexl's avatar drexl

privatized the names and Matr. Numbers

parent bebb27ef
......@@ -12,7 +12,7 @@
\@writefile{toc}{\contentsline {paragraph}{First, we can limit our exploration for an already known vulnerability. Secondly, it will give us an idea of where adjacent vulnerabilities may lie.}{2}}
\@writefile{toc}{\contentsline {paragraph}{As of the 8th, May 2017, Nextcloud server version 11.0.3, the known vulnerabilities according to the Nextcloud advistory, are shown in table \nobreakspace {}1\hbox {}.}{2}}
\@writefile{toc}{\contentsline {paragraph}{Following is a list of common attacks, against a LAMP stack.}{2}}
\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces Vulnerabilities as of {August 14, 2017}}}{3}}
\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces Vulnerabilities as of {August 21, 2018}}}{3}}
\newlabel{tab: currentVulnerabilities}{{1}{3}}
\citation{site4}
\@writefile{toc}{\contentsline {paragraph}{We will go through, and carefully consider each attack vector.}{4}}
......@@ -45,16 +45,16 @@
\@writefile{toc}{\contentsline {paragraph}{The better code replaces "/" "\textbackslash \textbackslash ", with the "/". This particular vulnerability was scanned with eyeballs, as it was not something that could be easily parsed with a text editor like vi.}{7}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {1.3.8}Shell Injection}{7}}
\@writefile{toc}{\contentsline {paragraph}{Since Nextcloud doesn't offer any type of core abilities that would allow PHP to execute shell commands, we consider this area a low risk. We did search through some elements that could conceivably use shell commands, but they did not. Unless someone codes a particular application that does so, there does not appear to be a threat from this vector.}{7}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {1.3.9}Sensitive Data Exposure}{8}}
\@writefile{toc}{\contentsline {paragraph}{Nextcloud does not store it's application location in a webroot directly, thus it cannot be accessed simply by using a web browser.}{8}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {1.3.9}Sensitive Data Exposure}{7}}
\@writefile{toc}{\contentsline {paragraph}{Nextcloud does not store it's application location in a webroot directly, thus it cannot be accessed simply by using a web browser.}{7}}
\citation{site3}
\@writefile{toc}{\contentsline {subsection}{\numberline {1.4}Detailed Findings}{8}}
\@writefile{toc}{\contentsline {paragraph}{In the end, we were unable to find any security vulnerabilities at this time. For an open source project, Nextcloud is mature, and well developed. With continued development, however, penetration testing will be required periodically. However, at the moment, it appears that Nextcloud has a robust security system in place, that should inspire confidence in it's users.}{8}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Methodology}{8}}
\@writefile{toc}{\contentsline {paragraph}{The primary focus of our task was defining the methodology. We asked ourselves the followed questions:}{8}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Protocols \& adjacent technologies to be examined}{8}}
\@writefile{toc}{\contentsline {paragraph}{In defining our scope, we consider all threats, from all attack vectors--across all relevant technologies, which would for this project, include the following areas:}{8}}
\citation{site3}
\@writefile{toc}{\contentsline {paragraph}{Predominantly, however, the application under review will dive us deep into PHP.}{9}}
\@writefile{toc}{\contentsline {paragraph}{Predominantly, however, the application under review will dive us deep into PHP.}{8}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Nextcloud Threat-model}{9}}
\@writefile{toc}{\contentsline {paragraph}{We will, however, mostly focus our attention mostly on Nextcloud's threat model. Following is the model:}{9}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.1}Administrator privileges}{9}}
......@@ -66,7 +66,7 @@
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.4}Attacks involving other Android apps on the device}{9}}
\@writefile{toc}{\contentsline {paragraph}{We do consider attacks involving other Android apps on the device as minimal risk, also especially considering that the Nextcloud Android apps stores synced files locally accessible on the device. (since no Content Provider is yet implemented).}{9}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.5}Denial of Service}{9}}
\@writefile{toc}{\contentsline {paragraph}{Due to the usage of the PHP scripting language Nextcloud does consider Denial of Service not something that can at the moment be completely prevented. For this reason while we do fix and acknowledge specific Denial of Service attacks we do generally not consider DoS a bounty-worthy vulnerability.}{10}}
\@writefile{toc}{\contentsline {paragraph}{Due to the usage of the PHP scripting language Nextcloud does consider Denial of Service not something that can at the moment be completely prevented. For this reason while we do fix and acknowledge specific Denial of Service attacks we do generally not consider DoS a bounty-worthy vulnerability.}{9}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.6}Audit logging}{10}}
\@writefile{toc}{\contentsline {paragraph}{The audit logging feature in Nextcloud is at the moment missing some logs for things like "Accessing previews of files", these will be added in a future release and known issues are tracked in our issue tracker.}{10}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.7}Version disclosure}{10}}
......@@ -79,12 +79,12 @@
\@writefile{toc}{\contentsline {paragraph}{At the moment we do not consider brute-forcing of credentials or a missing password threshold eligible vulnerabilities. In the case of Nextcloud we currently expect people to protect their instance using measures such as fail2ban. We do have a native anti-bruteforce protection.}{10}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.11}Server-side request forgery}{10}}
\@writefile{toc}{\contentsline {paragraph}{Nextcloud ships with multiple features that perform sending requests to other hosts, we do consider this accepted behavior and advocate people to deploy Nextcloud into its own segregated network segment.}{10}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}How we examined the client software}{10}}
\bibcite{site1}{1}
\bibcite{site2}{2}
\bibcite{site3}{3}
\bibcite{man1}{4}
\bibcite{site4}{5}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}How we examined the client software}{11}}
\@writefile{toc}{\contentsline {paragraph}{We used a two-pronged approach. First, we used manual penetration testing to try and "break" the system. Using the web as a source, we were able to find previously successful attack methods (against other systems), and try them against Nextcloud. This gave us examples of malicious javascript and php files that we could try. Additionally, it gave us an idea of how we could attempt to 'hack' Nextcloud. Lastly, we used methods learned throughout the course of how we could compromise Nextcloud.}{11}}
\@writefile{toc}{\contentsline {paragraph}{The second phase involved digging into the source code, and searching for sloppy code that could lead to system breaches. We relied heavily on the Nextcloud Developer's manual--and to a lesser extent Nextcloud's Administrator Manual--for highlighting of best practices, as well as things to be avoided. The amount of code to read was copious. It's understandable why often times security analysis relies on automated software. However, nothing is as good as a few good eyeballs. Additionally, we found it rewarding to work with vi and bash, to allow us to quickly parse through code, that otherwise would have been more laborious without.}{11}}
\@writefile{toc}{\contentsline {paragraph}{Lastly, we tried to balance our tests, against the Nextcloud threat model. It doesn't make sense to bother with things that they, themselves, deem outside of their scope, e.g. DoS attacks, for example.}{11}}
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2017.3.14) 14 AUG 2017 20:39
This is pdfTeX, Version 3.14159265-2.6-1.40.17 (TeX Live 2016/Debian) (preloaded format=pdflatex 2018.8.14) 21 AUG 2018 17:36
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**nextcloud_version2.tex
(./nextcloud_version2.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 11 languages loaded.
LaTeX2e <2017/01/01> patch level 3
Babel <3.9r> and hyphenation patterns for 83 language(s) loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size12.clo
......@@ -24,22 +24,24 @@ File: size12.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
\bibindent=\dimen102
)
(/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty
Package: inputenc 2014/04/30 v1.2b Input encoding file
Package: inputenc 2015/03/17 v1.2c Input encoding file
\inpenc@prehook=\toks14
\inpenc@posthook=\toks15
(/usr/share/texlive/texmf-dist/tex/latex/base/utf8.def
File: utf8.def 2014/09/29 v1.1m UTF-8 support for inputenc
File: utf8.def 2017/01/28 v1.1t UTF-8 support for inputenc
Now handling font encoding OML ...
... no UTF-8 mapping file for font encoding OML
Now handling font encoding T1 ...
... processing UTF-8 mapping file for font encoding T1
(/usr/share/texlive/texmf-dist/tex/latex/base/t1enc.dfu
File: t1enc.dfu 2014/09/29 v1.1m UTF-8 support for inputenc
File: t1enc.dfu 2017/01/28 v1.1t UTF-8 support for inputenc
defining Unicode char U+00A0 (decimal 160)
defining Unicode char U+00A1 (decimal 161)
defining Unicode char U+00A3 (decimal 163)
defining Unicode char U+00AB (decimal 171)
defining Unicode char U+00AD (decimal 173)
defining Unicode char U+00BB (decimal 187)
defining Unicode char U+00BF (decimal 191)
defining Unicode char U+00C0 (decimal 192)
......@@ -104,50 +106,94 @@ File: t1enc.dfu 2014/09/29 v1.1m UTF-8 support for inputenc
defining Unicode char U+00FD (decimal 253)
defining Unicode char U+00FE (decimal 254)
defining Unicode char U+00FF (decimal 255)
defining Unicode char U+0100 (decimal 256)
defining Unicode char U+0101 (decimal 257)
defining Unicode char U+0102 (decimal 258)
defining Unicode char U+0103 (decimal 259)
defining Unicode char U+0104 (decimal 260)
defining Unicode char U+0105 (decimal 261)
defining Unicode char U+0106 (decimal 262)
defining Unicode char U+0107 (decimal 263)
defining Unicode char U+0108 (decimal 264)
defining Unicode char U+0109 (decimal 265)
defining Unicode char U+010A (decimal 266)
defining Unicode char U+010B (decimal 267)
defining Unicode char U+010C (decimal 268)
defining Unicode char U+010D (decimal 269)
defining Unicode char U+010E (decimal 270)
defining Unicode char U+010F (decimal 271)
defining Unicode char U+0110 (decimal 272)
defining Unicode char U+0111 (decimal 273)
defining Unicode char U+0112 (decimal 274)
defining Unicode char U+0113 (decimal 275)
defining Unicode char U+0114 (decimal 276)
defining Unicode char U+0115 (decimal 277)
defining Unicode char U+0116 (decimal 278)
defining Unicode char U+0117 (decimal 279)
defining Unicode char U+0118 (decimal 280)
defining Unicode char U+0119 (decimal 281)
defining Unicode char U+011A (decimal 282)
defining Unicode char U+011B (decimal 283)
defining Unicode char U+011C (decimal 284)
defining Unicode char U+011D (decimal 285)
defining Unicode char U+011E (decimal 286)
defining Unicode char U+011F (decimal 287)
defining Unicode char U+0120 (decimal 288)
defining Unicode char U+0121 (decimal 289)
defining Unicode char U+0122 (decimal 290)
defining Unicode char U+0123 (decimal 291)
defining Unicode char U+0124 (decimal 292)
defining Unicode char U+0125 (decimal 293)
defining Unicode char U+0128 (decimal 296)
defining Unicode char U+0129 (decimal 297)
defining Unicode char U+012A (decimal 298)
defining Unicode char U+012B (decimal 299)
defining Unicode char U+012C (decimal 300)
defining Unicode char U+012D (decimal 301)
defining Unicode char U+012E (decimal 302)
defining Unicode char U+012F (decimal 303)
defining Unicode char U+0130 (decimal 304)
defining Unicode char U+0131 (decimal 305)
defining Unicode char U+0132 (decimal 306)
defining Unicode char U+0133 (decimal 307)
defining Unicode char U+0134 (decimal 308)
defining Unicode char U+0135 (decimal 309)
defining Unicode char U+0136 (decimal 310)
defining Unicode char U+0137 (decimal 311)
defining Unicode char U+0139 (decimal 313)
defining Unicode char U+013A (decimal 314)
defining Unicode char U+013B (decimal 315)
defining Unicode char U+013C (decimal 316)
defining Unicode char U+013D (decimal 317)
defining Unicode char U+013E (decimal 318)
defining Unicode char U+0141 (decimal 321)
defining Unicode char U+0142 (decimal 322)
defining Unicode char U+0143 (decimal 323)
defining Unicode char U+0144 (decimal 324)
defining Unicode char U+0145 (decimal 325)
defining Unicode char U+0146 (decimal 326)
defining Unicode char U+0147 (decimal 327)
defining Unicode char U+0148 (decimal 328)
defining Unicode char U+014A (decimal 330)
defining Unicode char U+014B (decimal 331)
defining Unicode char U+014C (decimal 332)
defining Unicode char U+014D (decimal 333)
defining Unicode char U+014E (decimal 334)
defining Unicode char U+014F (decimal 335)
defining Unicode char U+0150 (decimal 336)
defining Unicode char U+0151 (decimal 337)
defining Unicode char U+0152 (decimal 338)
defining Unicode char U+0153 (decimal 339)
defining Unicode char U+0154 (decimal 340)
defining Unicode char U+0155 (decimal 341)
defining Unicode char U+0156 (decimal 342)
defining Unicode char U+0157 (decimal 343)
defining Unicode char U+0158 (decimal 344)
defining Unicode char U+0159 (decimal 345)
defining Unicode char U+015A (decimal 346)
defining Unicode char U+015B (decimal 347)
defining Unicode char U+015C (decimal 348)
defining Unicode char U+015D (decimal 349)
defining Unicode char U+015E (decimal 350)
defining Unicode char U+015F (decimal 351)
defining Unicode char U+0160 (decimal 352)
......@@ -156,10 +202,22 @@ File: t1enc.dfu 2014/09/29 v1.1m UTF-8 support for inputenc
defining Unicode char U+0163 (decimal 355)
defining Unicode char U+0164 (decimal 356)
defining Unicode char U+0165 (decimal 357)
defining Unicode char U+0168 (decimal 360)
defining Unicode char U+0169 (decimal 361)
defining Unicode char U+016A (decimal 362)
defining Unicode char U+016B (decimal 363)
defining Unicode char U+016C (decimal 364)
defining Unicode char U+016D (decimal 365)
defining Unicode char U+016E (decimal 366)
defining Unicode char U+016F (decimal 367)
defining Unicode char U+0170 (decimal 368)
defining Unicode char U+0171 (decimal 369)
defining Unicode char U+0172 (decimal 370)
defining Unicode char U+0173 (decimal 371)
defining Unicode char U+0174 (decimal 372)
defining Unicode char U+0175 (decimal 373)
defining Unicode char U+0176 (decimal 374)
defining Unicode char U+0177 (decimal 375)
defining Unicode char U+0178 (decimal 376)
defining Unicode char U+0179 (decimal 377)
defining Unicode char U+017A (decimal 378)
......@@ -167,9 +225,40 @@ File: t1enc.dfu 2014/09/29 v1.1m UTF-8 support for inputenc
defining Unicode char U+017C (decimal 380)
defining Unicode char U+017D (decimal 381)
defining Unicode char U+017E (decimal 382)
defining Unicode char U+01CD (decimal 461)
defining Unicode char U+01CE (decimal 462)
defining Unicode char U+01CF (decimal 463)
defining Unicode char U+01D0 (decimal 464)
defining Unicode char U+01D1 (decimal 465)
defining Unicode char U+01D2 (decimal 466)
defining Unicode char U+01D3 (decimal 467)
defining Unicode char U+01D4 (decimal 468)
defining Unicode char U+01E2 (decimal 482)
defining Unicode char U+01E3 (decimal 483)
defining Unicode char U+01E6 (decimal 486)
defining Unicode char U+01E7 (decimal 487)
defining Unicode char U+01E8 (decimal 488)
defining Unicode char U+01E9 (decimal 489)
defining Unicode char U+01EA (decimal 490)
defining Unicode char U+01EB (decimal 491)
defining Unicode char U+01F0 (decimal 496)
defining Unicode char U+01F4 (decimal 500)
defining Unicode char U+01F5 (decimal 501)
defining Unicode char U+0218 (decimal 536)
defining Unicode char U+0219 (decimal 537)
defining Unicode char U+021A (decimal 538)
defining Unicode char U+021B (decimal 539)
defining Unicode char U+0232 (decimal 562)
defining Unicode char U+0233 (decimal 563)
defining Unicode char U+1E02 (decimal 7682)
defining Unicode char U+1E03 (decimal 7683)
defining Unicode char U+200C (decimal 8204)
defining Unicode char U+2010 (decimal 8208)
defining Unicode char U+2011 (decimal 8209)
defining Unicode char U+2012 (decimal 8210)
defining Unicode char U+2013 (decimal 8211)
defining Unicode char U+2014 (decimal 8212)
defining Unicode char U+2015 (decimal 8213)
defining Unicode char U+2018 (decimal 8216)
defining Unicode char U+2019 (decimal 8217)
defining Unicode char U+201A (decimal 8218)
......@@ -181,14 +270,18 @@ File: t1enc.dfu 2014/09/29 v1.1m UTF-8 support for inputenc
defining Unicode char U+2039 (decimal 8249)
defining Unicode char U+203A (decimal 8250)
defining Unicode char U+2423 (decimal 9251)
defining Unicode char U+1E20 (decimal 7712)
defining Unicode char U+1E21 (decimal 7713)
)
Now handling font encoding OT1 ...
... processing UTF-8 mapping file for font encoding OT1
(/usr/share/texlive/texmf-dist/tex/latex/base/ot1enc.dfu
File: ot1enc.dfu 2014/09/29 v1.1m UTF-8 support for inputenc
File: ot1enc.dfu 2017/01/28 v1.1t UTF-8 support for inputenc
defining Unicode char U+00A0 (decimal 160)
defining Unicode char U+00A1 (decimal 161)
defining Unicode char U+00A3 (decimal 163)
defining Unicode char U+00AD (decimal 173)
defining Unicode char U+00B8 (decimal 184)
defining Unicode char U+00BF (decimal 191)
defining Unicode char U+00C5 (decimal 197)
......@@ -206,6 +299,14 @@ File: ot1enc.dfu 2014/09/29 v1.1m UTF-8 support for inputenc
defining Unicode char U+0142 (decimal 322)
defining Unicode char U+0152 (decimal 338)
defining Unicode char U+0153 (decimal 339)
defining Unicode char U+0174 (decimal 372)
defining Unicode char U+0175 (decimal 373)
defining Unicode char U+0176 (decimal 374)
defining Unicode char U+0177 (decimal 375)
defining Unicode char U+0218 (decimal 536)
defining Unicode char U+0219 (decimal 537)
defining Unicode char U+021A (decimal 538)
defining Unicode char U+021B (decimal 539)
defining Unicode char U+2013 (decimal 8211)
defining Unicode char U+2014 (decimal 8212)
defining Unicode char U+2018 (decimal 8216)
......@@ -217,7 +318,7 @@ Now handling font encoding OMS ...
... processing UTF-8 mapping file for font encoding OMS
(/usr/share/texlive/texmf-dist/tex/latex/base/omsenc.dfu
File: omsenc.dfu 2014/09/29 v1.1m UTF-8 support for inputenc
File: omsenc.dfu 2017/01/28 v1.1t UTF-8 support for inputenc
defining Unicode char U+00A7 (decimal 167)
defining Unicode char U+00B6 (decimal 182)
defining Unicode char U+00B7 (decimal 183)
......@@ -241,40 +342,40 @@ Now handling font encoding U ...
defining Unicode char U+2423 (decimal 9251)
))
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsmath.sty
Package: amsmath 2013/01/14 v2.14 AMS math features
Package: amsmath 2016/11/05 v2.16a AMS math features
\@mathmargin=\skip43
For additional information on amsmath, use the `?' option.
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amstext.sty
Package: amstext 2000/06/29 v2.01
Package: amstext 2000/06/29 v2.01 AMS text
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsgen.sty
File: amsgen.sty 1999/11/30 v2.0
File: amsgen.sty 1999/11/30 v2.0 generic functions
\@emptytoks=\toks16
\ex@=\dimen103
))
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsbsy.sty
Package: amsbsy 1999/11/29 v1.2d
Package: amsbsy 1999/11/29 v1.2d Bold Symbols
\pmbraise@=\dimen104
)
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsopn.sty
Package: amsopn 1999/12/14 v2.01 operator names
Package: amsopn 2016/03/08 v2.02 operator names
)
\inf@bad=\count87
LaTeX Info: Redefining \frac on input line 210.
LaTeX Info: Redefining \frac on input line 213.
\uproot@=\count88
\leftroot@=\count89
LaTeX Info: Redefining \overline on input line 306.
LaTeX Info: Redefining \overline on input line 375.
\classnum@=\count90
\DOTSCASE@=\count91
LaTeX Info: Redefining \ldots on input line 378.
LaTeX Info: Redefining \dots on input line 381.
LaTeX Info: Redefining \cdots on input line 466.
LaTeX Info: Redefining \ldots on input line 472.
LaTeX Info: Redefining \dots on input line 475.
LaTeX Info: Redefining \cdots on input line 596.
\Mathstrutbox@=\box26
\strutbox@=\box27
\big@size=\dimen105
LaTeX Font Info: Redeclaring font encoding OML on input line 566.
LaTeX Font Info: Redeclaring font encoding OMS on input line 567.
LaTeX Font Info: Redeclaring font encoding OML on input line 712.
LaTeX Font Info: Redeclaring font encoding OMS on input line 713.
\macc@depth=\count92
\c@MaxMatrixCols=\count93
\dotsspace@=\muskip10
......@@ -295,8 +396,8 @@ LaTeX Font Info: Redeclaring font encoding OMS on input line 567.
\multlinegap=\skip44
\multlinetaggap=\skip45
\mathdisplay@stack=\toks20
LaTeX Info: Redefining \[ on input line 2665.
LaTeX Info: Redefining \] on input line 2666.
LaTeX Info: Redefining \[ on input line 2817.
LaTeX Info: Redefining \] on input line 2818.
)
(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amsfonts.sty
Package: amsfonts 2013/01/14 v3.01 Basic AMSFonts support
......@@ -309,31 +410,31 @@ LaTeX Font Info: Overwriting math alphabet `\mathfrak' in version `bold'
Package: amssymb 2013/01/14 v3.01 AMS font symbols
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty
Package: graphicx 2014/04/25 v1.0g Enhanced LaTeX Graphics (DPC,SPQR)
Package: graphicx 2014/10/28 v1.0g Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty
Package: keyval 2014/05/08 v1.15 key=value parser (DPC)
Package: keyval 2014/10/28 v1.15 key=value parser (DPC)
\KV@toks@=\toks21
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty
Package: graphics 2009/02/05 v1.0o Standard LaTeX Graphics (DPC,SPQR)
Package: graphics 2016/10/09 v1.0u Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty
Package: trig 1999/03/16 v1.09 sin cos tan (DPC)
Package: trig 2016/01/03 v1.10 sin cos tan (DPC)
)
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/graphics.cfg
File: graphics.cfg 2010/04/23 v1.9 graphics configuration of TeX Live
(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
File: graphics.cfg 2016/06/04 v1.11 sample graphics configuration
)
Package graphics Info: Driver file: pdftex.def on input line 91.
Package graphics Info: Driver file: pdftex.def on input line 99.
(/usr/share/texlive/texmf-dist/tex/latex/pdftex-def/pdftex.def
File: pdftex.def 2011/05/27 v0.06d Graphics/color for pdfTeX
(/usr/share/texlive/texmf-dist/tex/latex/graphics-def/pdftex.def
File: pdftex.def 2017/01/12 v0.06k Graphics/color for pdfTeX
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/infwarerr.sty
Package: infwarerr 2010/04/08 v1.3 Providing info/warning/error messages (HO)
Package: infwarerr 2016/05/16 v1.4 Providing info/warning/error messages (HO)
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ltxcmds.sty
Package: ltxcmds 2011/11/09 v1.22 LaTeX kernel commands for general use (HO)
Package: ltxcmds 2016/05/16 v1.23 LaTeX kernel commands for general use (HO)
)
\Gread@gobject=\count99
))
......@@ -355,32 +456,32 @@ Package: ltxcmds 2011/11/09 v1.22 LaTeX kernel commands for general use (HO)
\lst@maxwidth=\dimen117
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstmisc.sty
File: lstmisc.sty 2014/09/06 1.5e (Carsten Heinz)
File: lstmisc.sty 2015/06/04 1.6 (Carsten Heinz)
\c@lstnumber=\count106
\lst@skipnumbers=\count107
\lst@framebox=\box29
)
(/usr/share/texlive/texmf-dist/tex/latex/listings/listings.cfg
File: listings.cfg 2014/09/06 1.5e listings configuration
File: listings.cfg 2015/06/04 1.6 listings configuration
))
Package: listings 2014/09/06 1.5e (Carsten Heinz)
Package: listings 2015/06/04 1.6 (Carsten Heinz)
(/usr/share/texlive/texmf-dist/tex/latex/placeins/placeins.sty
Package: placeins 2005/04/18 v 2.2
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/color.sty
Package: color 2014/04/23 v1.1a Standard LaTeX Color (DPC)
Package: color 2016/07/10 v1.1e Standard LaTeX Color (DPC)
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/color.cfg
File: color.cfg 2007/01/18 v1.5 color configuration of teTeX/TeXLive
(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/color.cfg
File: color.cfg 2016/01/02 v1.6 sample color configuration
)
Package color Info: Driver file: pdftex.def on input line 137.
Package color Info: Driver file: pdftex.def on input line 147.
)
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2014/09/06 1.5e listings language file
File: lstlang1.sty 2015/06/04 1.6 listings language file
)
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang2.sty
File: lstlang2.sty 2014/09/06 1.5e listings language file
File: lstlang2.sty 2015/06/04 1.6 listings language file
)
(./nextcloud_version2.aux)
\openout1 = `nextcloud_version2.aux'.
......@@ -398,7 +499,7 @@ LaTeX Font Info: ... okay on input line 73.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 73.
LaTeX Font Info: ... okay on input line 73.
(/usr/share/texlive/texmf-dist/tex/context/base/supp-pdf.mkii
(/usr/share/texlive/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count108
\scratchdimen=\dimen118
......@@ -412,16 +513,15 @@ LaTeX Font Info: ... okay on input line 73.
\makeMPintoPDFobject=\count113
\everyMPtoPDFconversion=\toks24
) (/usr/share/texlive/texmf-dist/tex/generic/oberdiek/pdftexcmds.sty
Package: pdftexcmds 2011/11/29 v0.20 Utility functions of pdfTeX for LuaTeX (HO
Package: pdftexcmds 2016/05/21 v0.22 Utility functions of pdfTeX for LuaTeX (HO
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifluatex.sty
Package: ifluatex 2010/03/01 v1.3 Provides the ifluatex switch (HO)
Package: ifluatex 2016/05/16 v1.4 Provides the ifluatex switch (HO)
Package ifluatex Info: LuaTeX not detected.
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifpdf.sty
Package: ifpdf 2011/01/30 v2.3 Provides the ifpdf switch (HO)
Package ifpdf Info: pdfTeX in PDF mode is detected.
Package: ifpdf 2016/05/14 v3.1 Provides the ifpdf switch
)
Package pdftexcmds Info: LuaTeX not detected.
Package pdftexcmds Info: \pdf@primitive is available.
......@@ -429,31 +529,33 @@ Package pdftexcmds Info: \pdf@ifprimitive is available.
Package pdftexcmds Info: \pdfdraftmode found.
)
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/epstopdf-base.sty
Package: epstopdf-base 2010/02/09 v2.5 Base part for package epstopdf
Package: epstopdf-base 2016/05/15 v2.6 Base part for package epstopdf
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/grfext.sty
Package: grfext 2010/08/19 v1.1 Manage graphics extensions (HO)
Package: grfext 2016/05/16 v1.2 Manage graphics extensions (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvdefinekeys.sty
Package: kvdefinekeys 2011/04/07 v1.3 Define keys (HO)
Package: kvdefinekeys 2016/05/16 v1.4 Define keys (HO)
))
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/kvoptions.sty
Package: kvoptions 2011/06/30 v3.11 Key value format for package options (HO)
Package: kvoptions 2016/05/16 v3.12 Key value format for package options (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvsetkeys.sty
Package: kvsetkeys 2012/04/25 v1.16 Key value parser (HO)
Package: kvsetkeys 2016/05/16 v1.17 Key value parser (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/etexcmds.sty
Package: etexcmds 2011/02/16 v1.5 Avoid name clashes with e-TeX commands (HO)
Package: etexcmds 2016/05/16 v1.6 Avoid name clashes with e-TeX commands (HO)
Package etexcmds Info: Could not find \expanded.
(etexcmds) That can mean that you are not using pdfTeX 1.50 or
(etexcmds) that some package has redefined \expanded.
(etexcmds) In the latter case, load this package earlier.
)))
Package epstopdf-base Info: Redefining graphics rule for `.eps' on input line 4
38.
Package grfext Info: Graphics extension search list:
(grfext) [.png,.pdf,.jpg,.mps,.jpeg,.jbig2,.jb2,.PNG,.PDF,.JPG,.JPE
G,.JBIG2,.JB2,.eps]
(grfext) \AppendGraphicsExtensions on input line 452.
(grfext) \AppendGraphicsExtensions on input line 456.
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv
......@@ -574,31 +676,31 @@ Overfull \hbox (7.26535pt too wide) in paragraph at lines 373--373
this project,
[]
[8] [9] [10] [11] [12] (./nextcloud_version2.aux) )
[8] [9] [10] [11] (./nextcloud_version2.aux) )
Here is how much of TeX's memory you used:
6253 strings out of 494564
90175 string characters out of 6172747
411060 words of memory out of 5000000
9519 multiletter control sequences out of 15000+600000
6365 strings out of 493013
91048 string characters out of 6135682
417878 words of memory out of 5000000
9827 multiletter control sequences out of 15000+600000
13613 words of font info for 52 fonts, out of 8000000 for 9000
264 hyphenation exceptions out of 8191
38i,11n,36p,889b,3241s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-di
st/fonts/type1/public/amsfonts/cm/cmbsy10.pfb></usr/share/texlive/texmf-dist/fo
nts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/texmf-dist/fonts/ty
pe1/public/amsfonts/cm/cmcsc10.pfb></usr/share/texlive/texmf-dist/fonts/type1/p
ublic/amsfonts/cm/cmmi10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/
amsfonts/cm/cmmi12.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfon
ts/cm/cmr10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/c
mr12.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb
></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr7.pfb></usr/s
hare/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/tex
live/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/t
exmf-dist/fonts/type1/public/amsfonts/cm/cmti12.pfb>
Output written on nextcloud_version2.pdf (13 pages, 227908 bytes).
1141 hyphenation exceptions out of 8191
39i,11n,36p,889b,3241s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fo
nts/type1/public/amsfonts/cm/cmbsy10.pfb></usr/share/texlive/texmf-dist/fonts/t
ype1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/texmf-dist/fonts/type1/p
ublic/amsfonts/cm/cmcsc10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public
/amsfonts/cm/cmmi10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfo
nts/cm/cmmi12.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm
/cmr10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.
pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></us
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr7.pfb></usr/share/
texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/
texmf-dist/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-
dist/fonts/type1/public/amsfonts/cm/cmti12.pfb>
Output written on nextcloud_version2.pdf (12 pages, 226528 bytes).
PDF statistics:
98 PDF objects out of 1000 (max. 8388607)
68 compressed objects within 1 object stream
94 PDF objects out of 1000 (max. 8388607)
65 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
6 words of extra memory for PDF output out of 10000 (max. 10000000)
No preview for this file type
......@@ -67,7 +67,7 @@
\author{Rustchev, Rusland and Licea, Esteban}
\author{R********, Rusland and Licea, Esteban}
\begin{document}
......@@ -115,15 +115,15 @@
\begin{minipage}{0.4\textwidth}
\begin{flushleft} \large
\emph{Author:}\\
Ruslan \textsc{Rutschev}\\ (527018)\\ % Your name
Esteban \textsc{Licea}\\ (536206)\\ % Your name
Ruslan \textsc{R*******}\\ (Matr. Nr)\\ % Your name
Esteban \textsc{L****}\\ (Matr. Nr)\\ % Your name
\end{flushleft}
\end{minipage}
~
\begin{minipage}{0.4\textwidth}
\begin{flushright} \large
\emph{Supervisor:} \\
M. Sc. Bruno \textsc{Kirschner} % Supervisor's Name
M. Sc. B**** \textsc{Kirschner} % Supervisor's Name
\end{flushright}
\end{minipage}\\[4cm]
......
......@@ -36,15 +36,15 @@
\contentsline {paragraph}{The better code replaces "/" "\textbackslash \textbackslash ", with the "/". This particular vulnerability was scanned with eyeballs, as it was not something that could be easily parsed with a text editor like vi.}{7}
\contentsline {subsubsection}{\numberline {1.3.8}Shell Injection}{7}
\contentsline {paragraph}{Since Nextcloud doesn't offer any type of core abilities that would allow PHP to execute shell commands, we consider this area a low risk. We did search through some elements that could conceivably use shell commands, but they did not. Unless someone codes a particular application that does so, there does not appear to be a threat from this vector.}{7}
\contentsline {subsubsection}{\numberline {1.3.9}Sensitive Data Exposure}{8}
\contentsline {paragraph}{Nextcloud does not store it's application location in a webroot directly, thus it cannot be accessed simply by using a web browser.}{8}
\contentsline {subsubsection}{\numberline {1.3.9}Sensitive Data Exposure}{7}
\contentsline {paragraph}{Nextcloud does not store it's application location in a webroot directly, thus it cannot be accessed simply by using a web browser.}{7}
\contentsline {subsection}{\numberline {1.4}Detailed Findings}{8}
\contentsline {paragraph}{In the end, we were unable to find any security vulnerabilities at this time. For an open source project, Nextcloud is mature, and well developed. With continued development, however, penetration testing will be required periodically. However, at the moment, it appears that Nextcloud has a robust security system in place, that should inspire confidence in it's users.}{8}
\contentsline {section}{\numberline {2}Methodology}{8}
\contentsline {paragraph}{The primary focus of our task was defining the methodology. We asked ourselves the followed questions:}{8}
\contentsline {subsection}{\numberline {2.1}Protocols \& adjacent technologies to be examined}{8}
\contentsline {paragraph}{In defining our scope, we consider all threats, from all attack vectors--across all relevant technologies, which would for this project, include the following areas:}{8}
\contentsline {paragraph}{Predominantly, however, the application under review will dive us deep into PHP.}{9}
\contentsline {paragraph}{Predominantly, however, the application under review will dive us deep into PHP.}{8}
\contentsline {subsection}{\numberline {2.2}Nextcloud Threat-model}{9}
\contentsline {paragraph}{We will, however, mostly focus our attention mostly on Nextcloud's threat model. Following is the model:}{9}
\contentsline {subsubsection}{\numberline {2.2.1}Administrator privileges}{9}
......@@ -56,7 +56,7 @@
\contentsline {subsubsection}{\numberline {2.2.4}Attacks involving other Android apps on the device}{9}
\contentsline {paragraph}{We do consider attacks involving other Android apps on the device as minimal risk, also especially considering that the Nextcloud Android apps stores synced files locally accessible on the device. (since no Content Provider is yet implemented).}{9}
\contentsline {subsubsection}{\numberline {2.2.5}Denial of Service}{9}
\contentsline {paragraph}{Due to the usage of the PHP scripting language Nextcloud does consider Denial of Service not something that can at the moment be completely prevented. For this reason while we do fix and acknowledge specific Denial of Service attacks we do generally not consider DoS a bounty-worthy vulnerability.}{10}
\contentsline {paragraph}{Due to the usage of the PHP scripting language Nextcloud does consider Denial of Service not something that can at the moment be completely prevented. For this reason while we do fix and acknowledge specific Denial of Service attacks we do generally not consider DoS a bounty-worthy vulnerability.}{9}
\contentsline {subsubsection}{\numberline {2.2.6}Audit logging}{10}
\contentsline {paragraph}{The audit logging feature in Nextcloud is at the moment missing some logs for things like "Accessing previews of files", these will be added in a future release and known issues are tracked in our issue tracker.}{10}
\contentsline {subsubsection}{\numberline {2.2.7}Version disclosure}{10}
......@@ -69,7 +69,7 @@
\contentsline {paragraph}{At the moment we do not consider brute-forcing of credentials or a missing password threshold eligible vulnerabilities. In the case of Nextcloud we currently expect people to protect their instance using measures such as fail2ban. We do have a native anti-bruteforce protection.}{10}
\contentsline {subsubsection}{\numberline {2.2.11}Server-side request forgery}{10}
\contentsline {paragraph}{Nextcloud ships with multiple features that perform sending requests to other hosts, we do consider this accepted behavior and advocate people to deploy Nextcloud into its own segregated network segment.}{10}
\contentsline {subsection}{\numberline {2.3}How we examined the client software}{11}
\contentsline {subsection}{\numberline {2.3}How we examined the client software}{10}
\contentsline {paragraph}{We used a two-pronged approach. First, we used manual penetration testing to try and "break" the system. Using the web as a source, we were able to find previously successful attack methods (against other systems), and try them against Nextcloud. This gave us examples of malicious javascript and php files that we could try. Additionally, it gave us an idea of how we could attempt to 'hack' Nextcloud. Lastly, we used methods learned throughout the course of how we could compromise Nextcloud.}{11}
\contentsline {paragraph}{The second phase involved digging into the source code, and searching for sloppy code that could lead to system breaches. We relied heavily on the Nextcloud Developer's manual--and to a lesser extent Nextcloud's Administrator Manual--for highlighting of best practices, as well as things to be avoided. The amount of code to read was copious. It's understandable why often times security analysis relies on automated software. However, nothing is as good as a few good eyeballs. Additionally, we found it rewarding to work with vi and bash, to allow us to quickly parse through code, that otherwise would have been more laborious without.}{11}
\contentsline {paragraph}{Lastly, we tried to balance our tests, against the Nextcloud threat model. It doesn't make sense to bother with things that they, themselves, deem outside of their scope, e.g. DoS attacks, for example.}{11}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment