Re: demoing sslv2 vulns

[Robin Wood <robin () digininja org>]

On 5 July 2010 15:28, Sebastien J <sebastien.j () gmail com> wrote:
> Hi Robin,
>
> For weak SSL ciphers, particularly the ones that don't actually do
> encryption, then you could demo something. You can force your client
> to request a non-encrypting cipher suite, and then show how it's
> possible to intercept traffic in cleartext over the network.
>
> For cipher suites that DO encrypt, the 56-bit ones are very weak and
> shouldn't be used. Unless you want to bother cracking encryption, you
> won't be able to immediately demo this one. It's simply a question of
> telling them that weak encryption sucks and can already be broken by a
> determined attacker.

Both good answers but they don't answer my question, to re-ask it in
regard to your answers, how do I get a client to downgrade its
encryption to either cleartext or a weak key cipher and then what can
you use to crack encrypted HTTP streams? I can explain technically why
these are bad to a client but what I'm trying to find is a walk
through or at least some discussion on how to exploit the problems in
the real world.

I'm planning to do the demo as a video if I can do one so taking some
time to do the cracking is fine I can just time lapse or skip parts.

> The SSLv2 protocol itself has a number of vulnerabilities. It depends
> on the version of SSL they use and which platform it's running on. But
> it's safe to say there are a number of issues and they should be using
> SSLv3/TLSv1.
>
> See here for one example of an SSLv2 vuln:
> http://www.securityfocus.com/bid/5363/discuss

This is a vulnerability in the implementation of SSLv2, not in the
protocol, its the protocol vulnerability I'm after.

Robin


> Sincerely,
> SJ
> --
> http://www.securitygeneration.com
>
> On Fri, Jul 2, 2010 at 3:16 PM, Robin Wood <robin () digininja org> wrote:
> > When scanning web servers the scanners regularly come with
> > vulnerabilities for weak and medium ciphers and SSL v2. A client has
> > recently asked why these are an issue and can they have a demo of them
> > being exploited. I've found some technical level docs on why this is a
> > problem but I'm looking for some kind of walk through on how to demo
> > exploiting this. Does anyone have one?
> >
> > Robin
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> --
> Sincerely,
> Sebastien J.
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com