Re: demoing sslv2 vulns

[chintan dave <davechintan () gmail com>]

Hi Richard,

You can use SSL Strip to demonstrate the exploitation of
vulnerabilities like Null Prefix Attack.

This might not be a stand alone attack, however for a POC you can use
it in conjunction with other attacks like ARP Spoofing to show that
you have legitimately intercepted the traffic.

The tool works just fine for linux, however it might require some
level of tweaking for getting it to work with windows.

Hope this helps.

Thanks,
Chintan

On Tue, Jul 20, 2010 at 1:34 AM, Richard Miles
<richard.k.miles () googlemail com> wrote:
> modify the hello packet is easy with ettercap. But how to break the
> captured data?
>
> On Mon, Jul 12, 2010 at 9:08 PM, Yered Céspedes <yered () yeredsoft com> wrote:
> > You could give it a try with an ettercap filter to perform the MITM
> >
> > On Tue, Jul 6, 2010 at 1:01 AM, Cor Rosielle <cor () outpost24 com> wrote:
> > > Robin,
> > >
> > > I am not a cryptanalyst, so here is for what it's worth.
> > >
> > > When an sslv2 connection is set up, a session key must be negotiated. This
> > > negotiation is not encrypted (because there is no key yet). During this
> > > negotiation the client sends a "client hello" packet, which contains a list
> > > with the cipher suites the client knows. A man in the middle can intercept
> > > and modify this list and remove strong cipher suites. The server can now
> > > only pick a weak cipher and thus the encryption is much weaker as one would
> > > expect. Servers often allow keys of 40 bits and sometimes even NULL ciphers.
> > > In 2004 a typical home computer could break 40 bits keys in little under two
> > > weeks (http://en.wikipedia.org/wiki/40-bit_encryption). A 2010 typical home
> > > computer must be able to break it within a day.
> > >
> > > The man in the middle can record the traffic and then break the weak
> > > encryption later. This will still take quite some time, but it's feasible.
> > > He can view the confidential data within a day.
> > >
> > > sslv3 is not vulnerable for such a cipher degradation attack, because the
> > > "client hello" packet has an integrity control.
> > >
> > > Because sslv2 lacks the integrity control and a cipher degradation attack is
> > > possible it can be weak, but not necessarily is weak. If a server supports
> > > sslv2 with strong ciphers only (128 bits or more), I think the risk is low,
> > > because a cipher degradation can not result in real weak ciphers (however,
> > > this is an risk decision and not a fact).
> > >
> > > I don't know about existing tools to perform the cipher degradation attack,
> > > but they might exist. And after that you still need to decipher the
> > > encrypted packets, which requires other software.
> > >
> > > So for a successful attack one must be able to do all of the below:
> > > - to do a man in the middle attack and sniff traffic
> > > - intercept the client hello and execute a cipher degradation attack
> > > - cipher suite negotiation must result in a weak cipher suite
> > > - record all traffic
> > > - decrypt it later
> > >
> > > But again, I am not a cryptanalyst so perhaps this explanation is not
> > > accurate.
> > >
> > > Apart from the attack there is a solution which is fast and easy to
> > > implement in Microsoft IIS as in Apache. It will take you a lot more time to
> > > do a risk analysis to decide to skip this fix than it takes to actually do
> > > it.
> > >
> > > Cor
> > >
> > >
> > > > -----Original Message-----
> > > > From: listbounce () securityfocus com
> > > > [mailto:listbounce () securityfocus com] On Behalf Of Robin Wood
> > > > Sent: zondag 4 juli 2010 13:53
> > > > To: rapper crazy
> > > > Cc: pen-test list
> > > > Subject: Re: demoing sslv2 vulns
> > > >
> > > > On 4 July 2010 12:47, rapper crazy <rappercrazzy () gmail com> wrote:
> > > > > Hello Robin,
> > > > >
> > > > > The exploitation of these vulnerabilities require industrial / govt
> > > > level
> > > > > infra support. The only way to attack these vulnerabilities are with
> > > > > cryptanalytic attack.
> > > > > Breaking these might not be possible for lone attacker but
> > > > considering
> > > > > corporate espionage, dumping the network (ssl-encrypted) traffic,
> > > > these
> > > > > dumps can later be brute force to recover the session key and then
> > > > the whole
> > > > > communication.
> > > > >
> > > > > Thanks
> > > > > JT
> > > >
> > > > So basically I tell them that for most situations they currently
> > > > aren't really a threat but as cryptanalysis only gets better, never
> > > > worse it is only a matter of time before they become a problem so it
> > > > is better to get protected now before it is a problem rather than rush
> > > > to upgrade once it does become a problem.
> > > >
> > > > Sound about right?
> > > >
> > > > Robin
> > > >
> > > > -----------------------------------------------------------------------
> > > > -
> > > > This list is sponsored by: Information Assurance Certification Review
> > > > Board
> > > >
> > > > Prove to peers and potential employers without a doubt that you can
> > > > actually do a proper penetration test. IACRB CPT and CEPT certs require
> > > > a full practical examination in order to become certified.
> > > >
> > > > http://www.iacertification.org
> > > > -----------------------------------------------------------------------
> > > > -
> > >
> > >
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review Board
> > >
> > > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
> > > CPT and CEPT certs require a full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > ------------------------------------------------------------------------
> >
> >
> >
> > --
> > Yered Céspedes, Security+, ITIL, CEH
> > Mobile +506 8892-8652
> > yered () yeredsoft com
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> > and CEPT certs require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------



-- 
Regards,
Chintan Dave,

LinkedIn: http://in.linkedin.com/in/chintandave
Blog:http://www.chintandave.com

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------