Penetration Testing mailing list archives
Re: RSA SecurID sdconf.rec file
From: Seb <littlebighuman () gmail com>
Date: Thu, 31 Jul 2008 13:07:26 +0200
For the most part I'm interested what format this binary file is in. RSA client agents can read the file, so it must be documented somewhere. It would be great if I can read the contents of the file somehow, or extract some information from it.
I did contact RSA support, but they haven't come back to me about it. On 28 Jul 2008, at 19:26, Kelly Keeton wrote:
you want to use your RSA server to change information in it. its no good if you hack it up as there is verification on the file integrity. you are correct you need to use the admin console to edit it. there is no reason to change it out of the admin interface as your admin interface needs to know of the host record for the client wanting to auth against the server. so you would only get one way communication with hacking the file.. other then just pentesting the new 7.1 there isnt any "working server" that you get from this. I would suggest that you call support and see if there is any tool that you can use for your testing. (this was all changed in 6.0 as you stated) On Tue, Jul 22, 2008 at 2:00 AM, Littlebighuman <littlebighuman () gmail com> wrote:Hi,I'm looking for any information on the RSA sdconf.rec file. What kind ofencryption (if any) is used etc.Secondary I would like a way to edit it, change IP-addresses for example. I think In 5.x versions of SecurID there was a utility included with the server which you could use for that. Later in 6.x you could only do it through the admin interface. The server I'm working on now is a 7.1, whichdoesn't have it. Does anyone have any experience with this file? I did find a Perl extension for SecurID, but it seems very old (I'm currently looking into that). Regards, Seb ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes inSecuring Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- RSA SecurID sdconf.rec file Littlebighuman (Jul 25)
- Re: RSA SecurID sdconf.rec file Kelly Keeton (Jul 28)
- Re: RSA SecurID sdconf.rec file Seb (Jul 31)
- Re: RSA SecurID sdconf.rec file ॐ aditya mukadam ॐ (Jul 29)
- Re: RSA SecurID sdconf.rec file Kelly Keeton (Jul 28)