Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: demoing sslv2 vulns
From: Robin Wood <robin () digininja org>
Date: Tue, 6 Jul 2010 14:06:24 +0100

On 5 July 2010 15:28, Sebastien J <sebastien.j () gmail com> wrote:
Hi Robin,

For weak SSL ciphers, particularly the ones that don't actually do
encryption, then you could demo something. You can force your client
to request a non-encrypting cipher suite, and then show how it's
possible to intercept traffic in cleartext over the network.

For cipher suites that DO encrypt, the 56-bit ones are very weak and
shouldn't be used. Unless you want to bother cracking encryption, you
won't be able to immediately demo this one. It's simply a question of
telling them that weak encryption sucks and can already be broken by a
determined attacker.

Both good answers but they don't answer my question, to re-ask it in
regard to your answers, how do I get a client to downgrade its
encryption to either cleartext or a weak key cipher and then what can
you use to crack encrypted HTTP streams? I can explain technically why
these are bad to a client but what I'm trying to find is a walk
through or at least some discussion on how to exploit the problems in
the real world.

I'm planning to do the demo as a video if I can do one so taking some
time to do the cracking is fine I can just time lapse or skip parts.

The SSLv2 protocol itself has a number of vulnerabilities. It depends
on the version of SSL they use and which platform it's running on. But
it's safe to say there are a number of issues and they should be using
SSLv3/TLSv1.

See here for one example of an SSLv2 vuln:
http://www.securityfocus.com/bid/5363/discuss

This is a vulnerability in the implementation of SSLv2, not in the
protocol, its the protocol vulnerability I'm after.

Robin



Sincerely,
SJ
--
http://www.securitygeneration.com

On Fri, Jul 2, 2010 at 3:16 PM, Robin Wood <robin () digininja org> wrote:
When scanning web servers the scanners regularly come with
vulnerabilities for weak and medium ciphers and SSL v2. A client has
recently asked why these are an issue and can they have a demo of them
being exploited. I've found some technical level docs on why this is a
problem but I'm looking for some kind of walk through on how to demo
exploiting this. Does anyone have one?

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
Sincerely,
Sebastien J.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault