Penetration Testing mailing list archives
Re: "PenTest" a container file
From: Steve Friedl <steve () unixwiz net>
Date: Thu, 18 Jan 2007 15:10:56 -0800
On Thu, Jan 18, 2007 at 09:55:36AM +0100, Julien wrote:
I've have to test the security of an encryption application. This application create a container file to store all private data. The tool use a private encryption type. The only hint they gave me is that user have to submit is password to open this container. The aim of this test is to open the files inside this container file.
If it's a proprietary encryption algorithm, that means it's probably a lousy one, so the cryptographers among us might be able to get somewhere. But that's beyond many of us here -- including me. So we look for other angles (I'll assume Win32 here just for a point of reference). *) I'd start by profiling the application with FileMon and RegMon to get a sense for what the app is doing at runtime. Is it the usual kind of obvious kind of file activity, or are they attempting to be tricky? What files and registry keys are used? Finding all the resources they use might help find the weakest points. *) does the application leave any temp files lying around? This might leave the cleartext visible (perhaps only for a short time) *) does the application have a remember-my-password option? This would certainly be worth looking into (Hey: it would be dumb to have this kind of feature, but if they're doing their own crypto...) *) I'd certainly look into finding out how they prompt for a password and see if that can be intercepted by some other program while it's running. It's probably found in some kind of window control, and may even be left around after it's decrypted the thing, so some other application running as the same user may be able to snag it. *) If you're really determined, reverse engineer the thing with something like IDA Pro - looking at the code might point out some weak points too. If the front door is strong and well locked, you're not going to get in by pounding it with your fists. Go around back and look for a screen door :-) Steve -- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve () unixwiz net ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- "PenTest" a container file Julien (Jan 18)
- Re: "PenTest" a container file Steve Friedl (Jan 18)
- Re: "PenTest" a container file Benjamin Anderson (Jan 18)
- <Possible follow-ups>
- Re: "PenTest" a container file Thor (Hammer of God) (Jan 19)
- Re: "PenTest" a container file Javier Fernández-Sanguino (Jan 29)
- Re: "PenTest" a container file Jan Heisterkamp (Jan 30)
- Re: "PenTest" a container file Javier Fernández-Sanguino (Jan 29)