Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "PenTest" a container file

From: Steve Friedl <steve () unixwiz net>
Date: Thu, 18 Jan 2007 15:10:56 -0800
On Thu, Jan 18, 2007 at 09:55:36AM +0100, Julien wrote:

I've have to test the security of an encryption application. This
application create a container file to store all private data. The
tool use a private encryption type.
The only hint they gave me is that user have to submit is password to
open this container.
The aim of this test is to open the files inside this container file.


If it's a proprietary encryption algorithm, that means it's probably a
lousy one, so the cryptographers among us might be able to get somewhere.
But that's beyond many of us here -- including me.

So we look for other angles (I'll assume Win32 here just for a point
of reference).

*) I'd start by profiling the application with FileMon and RegMon to get a
   sense for what the app is doing at runtime. Is it the usual kind of
   obvious kind of file activity, or are they attempting to be tricky?
   What files and registry keys are used?

   Finding all the resources they use might help find the weakest points.

*) does the application leave any temp files lying around? This might
   leave the cleartext visible (perhaps only for a short time)

*) does the application have a remember-my-password option? This would
   certainly be worth looking into (Hey: it would be dumb to have this
   kind of feature, but if they're doing their own crypto...)

*) I'd certainly look into finding out how they prompt for a password and
   see if that can be intercepted by some other program while it's running.
   It's probably found in some kind of window control, and may even be
   left around after it's decrypted the thing, so some other application
   running as the same user may be able to snag it.

*) If you're really determined, reverse engineer the thing with something like
   IDA Pro - looking at the code might point out some weak points too.

If the front door is strong and well locked, you're not going to get in by
pounding it with your fists. Go around back and look for a screen door :-)

Steve

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve () unixwiz net

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: