Vulnerability Development mailing list archives
Skype API Ap2Ap Stream Creation Flaw
From: vizig0thblitz () gmail com
Date: 18 Aug 2006 23:06:58 -0000
An application-to-application stream can be created between two Skype clients without having established normal communications between them and both Skype client's contact lists are empty. With this ability any Skype enabled application can create a convert communication stream to a central server. This can only occur, of course, if the user voluntarily installs the application. Therefore, the main attack vector for this functionality is to create a legitimate Skype-enabled application, have the user install the application, and once the user starts the application make a covert connection to a central server. Once the connection to the central server is made, additional software can be downloaded and installed on the target computer via the application-to-application stream. Scenario Setup: The following will be needed to recreate the scenario: 1.Two computers with Skype installed and two separate Skype Ids that have had no communication between them. 2.A copy of SkypeTracer installed on each computer. Scenario Steps: 1.Start the Skype clients and SkypeTracer on each computer and attach the SkypeTracer application to their respective Skype clients. 2.Choose one of the Skype clients to be the central server and one to be the client that will establish the covert communication. 3.In the client SkypeTracer application send the following Skype command: SET USER [server Skype Id] IS AUTHORIZED TRUE 4.You will notice the chatter back and forth between the two clients adding each of the Skype Ids to their respective user1024.dbb files. This is the only place that I have found where the central server Skype Id can be found on the client's computer. 5.In both SkypeTracer applications create a common application using the Skype command: CREATE APPLICATION test 6.Once the process in step three and four has been completed (it can take up to ten seconds) send the following Skype command on the client SkypeTracer application: GET APPLICATION test CONNECTABLE 7.The client SkypeTracer application should echo back the central server's Skype Id. 8.Once the connectable user has been verified you can then complete the steps to establish application-to-application communication using the Skype command ALTER APPLICATION test CONNECT [server Skype Id] on the client SkypeTracer application. 9.Both SkypeTracer application's should now echo back that the application streams have been created
Current thread:
- Skype API Ap2Ap Stream Creation Flaw vizig0thblitz (Aug 21)
- Re: Skype API Ap2Ap Stream Creation Flaw Stephen Samuel (Aug 21)