Penetration Testing mailing list archives
Re: RSA SecurID sdconf.rec file
From: "Secure Scorp" <securescorp () gmail com>
Date: Mon, 4 Aug 2008 12:56:01 +0530
sdconf.rec file is a binary file generated by the ACE server which has its own format (unfortunately) ! The documentation is not available for user , probably the developers know it and I doubt the RSA TAC will provide you more info on it. Thanks, Aditya Govind Mukadam On Thu, Jul 31, 2008 at 4:37 PM, Seb <littlebighuman () gmail com> wrote:
For the most part I'm interested what format this binary file is in. RSA client agents can read the file, so it must be documented somewhere. It would be great if I can read the contents of the file somehow, or extract some information from it. I did contact RSA support, but they haven't come back to me about it. On 28 Jul 2008, at 19:26, Kelly Keeton wrote:you want to use your RSA server to change information in it. its no good if you hack it up as there is verification on the file integrity. you are correct you need to use the admin console to edit it. there is no reason to change it out of the admin interface as your admin interface needs to know of the host record for the client wanting to auth against the server. so you would only get one way communication with hacking the file.. other then just pentesting the new 7.1 there isnt any "working server" that you get from this. I would suggest that you call support and see if there is any tool that you can use for your testing. (this was all changed in 6.0 as you stated) On Tue, Jul 22, 2008 at 2:00 AM, Littlebighuman <littlebighuman () gmail com> wrote:Hi, I'm looking for any information on the RSA sdconf.rec file. What kind of encryption (if any) is used etc. Secondary I would like a way to edit it, change IP-addresses for example. I think In 5.x versions of SecurID there was a utility included with the server which you could use for that. Later in 6.x you could only do it through the admin interface. The server I'm working on now is a 7.1, which doesn't have it. Does anyone have any experience with this file? I did find a Perl extension for SecurID, but it seems very old (I'm currently looking into that). Regards, Seb ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes inSecuring Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes inSecuring Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: RSA SecurID sdconf.rec file Secure Scorp (Aug 04)