Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RSA SecurID sdconf.rec file

From: Seb <littlebighuman () gmail com>
Date: Thu, 31 Jul 2008 13:07:26 +0200
For the most part I'm interested what format this binary file is in. RSA client agents can read the file, so it must be documented somewhere. It would be great if I can read the contents of the file somehow, or extract some information from it. 

I did contact RSA support, but they haven't come back to me about it.





On 28 Jul 2008, at 19:26, Kelly Keeton wrote:


you want to use your RSA server to change information in it. its no
good if you hack it up as there is verification on the file integrity.
you are correct you need to use the admin console to edit it. there is
no reason to change it out of the admin interface as your admin
interface needs to know of the host record for the client wanting to
auth against the server. so you would only get one way communication
with hacking the file.. other then just pentesting the new 7.1 there
isnt any "working server" that you get from this. I would suggest that
you call support and see if there is any tool that you can use for
your testing. (this was all changed in 6.0 as you stated)

On Tue, Jul 22, 2008 at 2:00 AM, Littlebighuman
<littlebighuman () gmail com> wrote:

Hi,
I'm looking for any information on the RSA sdconf.rec file. What kind of 
encryption (if any) is used etc.
Secondary I would like a way to edit it, change IP-addresses for example. I think In 5.x versions of SecurID there was a utility included with the server which you could use for that. Later in 6.x you could only do it through the admin interface. The server I'm working on now is a 7.1, which 
doesn't have it.

Does anyone have any experience with this file?

I did find a Perl extension for SecurID, but it seems very old (I'm
currently looking into that).

Regards,

Seb

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes inSecuring Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications 
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: