Posts Tagged ‘security’

Sniffing HTTP Traffic at HAR2009

Published August 14th, 2009.

I’m currently visiting har2009, an international IT security conference in the Netherlands. It’s an amazing event with so many nice people, fresh lectures and a wonderful environment. There is a large wired and wireless network and everybody on the campsite is wearing a laptop, a pda or some other device that can connect to the Internet. And because there are so many security people around, I think it would be funny to demonstrate some insecurity here…

First, there is the Web Proxy Autodiscovery Protocol (WPAD), which is used by your web browser when you use “proxy autoconfiguration” – the default setting on many systems. Second, there is a DHCP server for the campsite that does hostname registration in the DNS server. I asked myself what would happen if I could register the name wpad.visitors.har2009.net?

Well, I have done so. And I have setup an appropriate proxy that intercepts all traffic that passes this machine. After 24 hours, there were more than 800 different hosts using this malicious proxy server – and many of them signed up to unencrypted web services like Twitter and others. That’s quite impressive as this are about 20 percent of the visitors! Now I’m wondering what happens if I break up SSL…

Tags: , , , ,
Posted in Uncategorized | Comments

Entropy Password Generator

Published March 27th, 2008.

Entropy is a password generator. It generates two kinds of passwords: i) low entropy passwords that humans can easily remember and ii) high entropy passwords as commonly used in stored sessions. The low entropy passwords are generated from the Basic English vocabulary by C.K. Ogdeni. The high entropy passwords are random alpha numeric passwords where similar looking characters are stripped. 

Basic English Passwords (low entropy / e=649,527,500)
note564still             cover624powder           box300person
discovery371spring       over425such              arm781great
daughter658advertisement woman600cushion          help695money
not750sweet              where289brain            present557see
brain787polish           sticky446change          fly679fear
body411oven              system475house           frequent497size
dog303level              cushion435boy            great870language
porter288doubt           awake847pull             hat783burn              

Mixed Alpha Numeric Passwords (high entropy / e=10^18)
6rt84tZrvUkLrtE2 AG7HQEjxQDg4Znao v9DUzzJc8X97FQqj cXTQmY3gvvkvwhTx
VJBEC4RFRtTPNgFA Z4pcMrRPMuE8a4EM EcyJArGdH2D6jZBT wr75cJdmzuF9a9LX
wce4yXfhdnwjEnU9 hGKfFYuRwQMkAnqg BEmtkbjtLEyKM3YW wVgxoX82TfGmxbuT
ho3zNKvZCBQ3wgJ6 mvKTTyy6TN9zCCZ8 fKr8eWL34XDNQyKG wCQFtYHQcaxmoAep
Mp7dMC8gDBMa9qGh TGRKnW58cT8z66a4 dZAt2ghzCbDkdmJA P2XpNxFRDjcfQG83
gch7TqT2d6RYzpGb xeZWbqDegADXoRnu xmmeJXkFdTXzcWam t9JL3DpKoMPMYrac
URcVPrCRuQETzVVe aJnw4wghHcj3jCqr 9g9pVYtGtq5RhCaG oJ4y3k8rdjmnUE6w
aTWyu76uu5TPgkCv aLeffq6MVNfAnxp7 EnqeUkjHPkgwv3AG q5Zmmc3GzJyxneHn

This application is writte in Python and supports both, a CGI interface for your web server and a command line interface. From a security perspective, I strongly recommend the command line version after reading the source code.

use service
download source code

Tags: , , , , , ,
Posted in Uncategorized | Comments

Operating Systems Lifecycle Chart

Published February 10th, 2008, updated January 13th, 2010.

This chart shows the lifecycle of major enterprise operating systems. The end of life is marked by the end of official security support. The chart will be updated every now and then.

2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Windows 2000
Feb 17, 2000 – Jul 13, 2010
Red Hat Enterprise Linux 2.1
May 17, 2001May 31, 2009
Windows XP
Oct 25, 2001 – Apr 8, 2014
FreeBSD 5
Jan 19, 2003May 31, 2008
Windows Server 2003
Apr 24, 2003 – Jul 14, 2015
Red Hat Enterprise Linux 3
Oct 23, 2003Oct 31, 2010
SUSE Linux Enterprise Server 9
Nov 8, 2004 – Jul 30, 2011
Red Hat Enterprise Linux 4
Feb 15, 2005Feb 29, 2012
Debian 3.1 (Sarge)
Jun 6, 2005Mar 31, 2008
FreeBSD 6
Nov 4, 2005Nov 30, 2010
Ubuntu 6.06LTS (Dapper Drake)
Jun 1, 2006 – Jun 2011
SUSE Linux Enterprise Server 10
Jul 17, 2006 – Jul 31, 2013
Windows Vista
Nov 6, 2006 – Apr 10, 2017
Red Hat Enterprise Linux 5
14 Mar, 200731 Mar, 2014
Debian 4.0 (Etch)
Apr 8, 2007Feb 14, 2010
Windows Server 2008
Feb 4, 2008Jul 10, 2018
FreeBSD 7
Feb 27 2008 – Last+2yrs
Ubuntu 8.04LTS (Hardy Heron)
Apr 24, 2008 – Apr 2013
Debian 5.0 (Lenny)
Feb 14, 2009 – Summer 2011 (Next+1yr)
SUSE Linux Enterprise Server 11
March 24, 2009March 31, 2016
Windows 7
October 23rd, 2009Jan 14, 2020
FreeBSD 8
November 25, 2009 – Last+2yrs
Red Hat Enterprise Linux 6
2010 – 2017
Ubuntu 10.04LTS (Lucid Lynx)
Apr 24, 2010 – Apr 2015
Debian 6 (Squeeze)
Summer 2010 – 2013 (Next+1yr)
Debian 7 (tba.)
2012 – 2015 (Next+1yr)
Windows Server (tba.)
2012 – >2022

Tags: , , , , , , , , , , , , , , , , ,
Posted in Uncategorized | Comments

GnuDIP/MiniDIP Password Encryption

Published January 18th, 2007, updated February 29th, 2008.

This is a patch for GnuDIP’s minidip server. It switches the password storage format from plain text to md5 hashes, so you can copy passwords from GnuDIP to MiniDIP and vice versa. Furthermore, this allows you to use arbitrary characters in your passwords without breaking the format of the config files. Use GnuDIP’s encpass utility to encrypt passwords.

# patch for gnudip-2.3.5, changes auth database to md5
# author: Benjamin Schweizer 
# diff -r gnudip-2.3.5/gnudip/sbin/minidip.pl \
  gnudip-2.3.5bs/gnudip/sbin/minidip.pl
185c185,187
< $checkpass = md5_hex(md5_hex($checkpass) . '.' . $salt)
---
> # 2007-01-18, schweizer: storing passwords md5 hashed (as in gnudip/mysql)
> #$checkpass = md5_hex(md5_hex($checkpass) . '.' . $salt)
> $checkpass = md5_hex($checkpass . '.' . $salt)

download source code

Tags: , , , , , , , , ,
Posted in Uncategorized | Comments

Echolot, a Network Station Monitor

Published December 29th, 2002, updated February 29th, 2008.

Echolot is a network station monitor. It sniffs ARP packets on ethernet network devices and stores them in an IPTraf-compatible database. These unique addresses could be used to find known hosts on any LAN (a popular FTP server at a LAN party), or to find unknown hosts on a company LAN (such as intruders).

download source code

Tags: , , , , , , ,
Posted in Uncategorized | Comments

Klassendatei Password Verification By-pass

Published January 28th, 1997, updated February 29th, 2008.

My first hack:-) Back in 1996 I checked out a method to by-pass the password verification programm in the software “Klassendatei”. Dropping the sequence (0×03, 0×76, 0×83) to the dos keyboard buffer and running kd0.exe opened the doors. Here’s the code:

SCODE           SEGMENT
                ASSUME          cs:SCODE
PMAIN           PROC            NEAR
                mov             dx,                     00040h
                mov             ds,                     dx

                cli
                mov             ds:word ptr [0001ah],   0001Eh
                mov             ds:word ptr [0001ch],   00024h

                mov             ds:word ptr [0001eh],   00300h
                mov             ds:word ptr [00020h],   07600h
                mov             ds:word ptr [00022h],   08300h
                sti

                mov             ah,                     04ch
                int             21h
PMAIN           ENDP
SCODE           ENDS

END             PMAIN

download source code

Tags: , , ,
Posted in Uncategorized | Comments