Penetration Testing mailing list archives
Re: demoing sslv2 vulns
From: Saleh <q8mosfet () gmail com>
Date: Mon, 26 Jul 2010 12:08:30 +0300
Here is a demonstration for SSL Strip Attack: http://securitytube.net/SSLstrip-Tutorial-video.aspx On Thu, Jul 22, 2010 at 8:14 AM, chintan dave <davechintan () gmail com> wrote:
Yeah Richard you are correct this will be for Null prefix attack. I thought you were talking about SSL in general and not specifically weak cipher. I don't think you can demonstrate weak cipher attacks via a POC coz cracking the cipher suite itself is computationally very expensive (unless you have a cluster of really powerful boxes). On Thu, Jul 22, 2010 at 4:36 AM, Richard Miles <richard.k.miles () googlemail com> wrote:Hi chintan, But SSL Strip is another attack, it's not because of the weak cipher used. There is any POC against the SSL weak ciphers + web server? Thanks On Wed, Jul 21, 2010 at 4:24 AM, chintan dave <davechintan () gmail com> wrote:Hi Richard, You can use SSL Strip to demonstrate the exploitation of vulnerabilities like Null Prefix Attack. This might not be a stand alone attack, however for a POC you can use it in conjunction with other attacks like ARP Spoofing to show that you have legitimately intercepted the traffic. The tool works just fine for linux, however it might require some level of tweaking for getting it to work with windows. Hope this helps. Thanks, Chintan On Tue, Jul 20, 2010 at 1:34 AM, Richard Miles <richard.k.miles () googlemail com> wrote:modify the hello packet is easy with ettercap. But how to break the captured data? On Mon, Jul 12, 2010 at 9:08 PM, Yered Céspedes <yered () yeredsoft com> wrote:You could give it a try with an ettercap filter to perform the MITM On Tue, Jul 6, 2010 at 1:01 AM, Cor Rosielle <cor () outpost24 com> wrote:Robin, I am not a cryptanalyst, so here is for what it's worth. When an sslv2 connection is set up, a session key must be negotiated. This negotiation is not encrypted (because there is no key yet). During this negotiation the client sends a "client hello" packet, which contains a list with the cipher suites the client knows. A man in the middle can intercept and modify this list and remove strong cipher suites. The server can now only pick a weak cipher and thus the encryption is much weaker as one would expect. Servers often allow keys of 40 bits and sometimes even NULL ciphers. In 2004 a typical home computer could break 40 bits keys in little under two weeks (http://en.wikipedia.org/wiki/40-bit_encryption). A 2010 typical home computer must be able to break it within a day. The man in the middle can record the traffic and then break the weak encryption later. This will still take quite some time, but it's feasible. He can view the confidential data within a day. sslv3 is not vulnerable for such a cipher degradation attack, because the "client hello" packet has an integrity control. Because sslv2 lacks the integrity control and a cipher degradation attack is possible it can be weak, but not necessarily is weak. If a server supports sslv2 with strong ciphers only (128 bits or more), I think the risk is low, because a cipher degradation can not result in real weak ciphers (however, this is an risk decision and not a fact). I don't know about existing tools to perform the cipher degradation attack, but they might exist. And after that you still need to decipher the encrypted packets, which requires other software. So for a successful attack one must be able to do all of the below: - to do a man in the middle attack and sniff traffic - intercept the client hello and execute a cipher degradation attack - cipher suite negotiation must result in a weak cipher suite - record all traffic - decrypt it later But again, I am not a cryptanalyst so perhaps this explanation is not accurate. Apart from the attack there is a solution which is fast and easy to implement in Microsoft IIS as in Apache. It will take you a lot more time to do a risk analysis to decide to skip this fix than it takes to actually do it. Cor-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Robin Wood Sent: zondag 4 juli 2010 13:53 To: rapper crazy Cc: pen-test list Subject: Re: demoing sslv2 vulns On 4 July 2010 12:47, rapper crazy <rappercrazzy () gmail com> wrote:Hello Robin, The exploitation of these vulnerabilities require industrial / govtlevelinfra support. The only way to attack these vulnerabilities are with cryptanalytic attack. Breaking these might not be possible for lone attacker butconsideringcorporate espionage, dumping the network (ssl-encrypted) traffic,thesedumps can later be brute force to recover the session key and thenthe wholecommunication. Thanks JTSo basically I tell them that for most situations they currently aren't really a threat but as cryptanalysis only gets better, never worse it is only a matter of time before they become a problem so it is better to get protected now before it is a problem rather than rush to upgrade once it does become a problem. Sound about right? Robin ----------------------------------------------------------------------- - This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ----------------------------------------------------------------------- ------------------------------------------------------------------------- This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- Yered Céspedes, Security+, ITIL, CEH Mobile +506 8892-8652 yered () yeredsoft com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- Regards, Chintan Dave, LinkedIn: http://in.linkedin.com/in/chintandave Blog:http://www.chintandave.com-- Regards, Chintan Dave, LinkedIn: http://in.linkedin.com/in/chintandave Blog:http://www.chintandave.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Saleh Alsanad http://www.google.com/profiles/q8mosfet ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- demoing sslv2 vulns Robin Wood (Jul 03)
- Message not available
- Re: demoing sslv2 vulns Robin Wood (Jul 04)
- RE: demoing sslv2 vulns Cor Rosielle (Jul 07)
- Re: demoing sslv2 vulns Todd Haverkos (Jul 12)
- Re: demoing sslv2 vulns Yered Céspedes (Jul 13)
- Re: demoing sslv2 vulns Richard Miles (Jul 20)
- Re: demoing sslv2 vulns chintan dave (Jul 21)
- Re: demoing sslv2 vulns Richard Miles (Jul 24)
- Re: demoing sslv2 vulns chintan dave (Jul 24)
- Re: demoing sslv2 vulns Saleh (Jul 28)
- Re: demoing sslv2 vulns Robin Wood (Jul 28)
- Re: demoing sslv2 vulns Robin Wood (Jul 04)
- Message not available