Wow interesting topic. Injection command and Filtering are maybe very popular topic.
On Sat, Oct 2, 2010 at 6:51 PM, Amir Haris <[email protected]> wrote: > Fazli, > > Maybe.. you can present the topic and do some demos that related with: > > - Injection (e.g: Command injection) > - Key Manipulation (e.g: SSH v1, IPSEC, HTTPS) > - Downgrade Attack (SSH v2 -> v1) > - Filtering (insert malicious code or modification of binary files, https > redirection) > > It will be awesome .. > > > On Sat, Oct 2, 2010 at 6:47 PM, Amir Haris <[email protected]> wrote: > >> Dear Fazli, >> >> Correct, once in the middle, the attacker can: >> >> 1. Do Injection >> 2. Key Manipulation >> 3. Downgrade attack >> 4. FIltering. >> >> Which can lead to: >> - ARP poisoning >> - DNS spoofing >> - STP mangling >> - Port stealing >> - ICMP redirection >> - IRDP spoofing >> - DHCP Spoofing >> - route mangling >> - traffice tunneling >> - Access Point Reassociation. >> - others. :) >> >> On Sat, Oct 2, 2010 at 1:44 PM, Mohd Fazli Azran >> <[email protected]>wrote: >> >>> Dear members, >>> >>> I have some opinion to share. Why we must look at this attack as a >>> threat. But please dont doing this at home. This is not a good ethic and >>> probably it will miss use for personal interest and if you get caught it >>> your responsibility. This is for education purpose. This is just example: >>> >>> Tool : Cain or Ettercap >>> Location : Coffee Bean / Starbuck / Old Town >>> Attack Method : Sniff and ARP poisoning >>> >>> Many *Money Oriented Hacker* (MOH) will do this for their own interest. >>> What would they prefer to sniff is Bank Online.For fun they will try to get >>> any Social media that you have. >>> >>> HTTPS/ SSL many Organization not look into it and sometime it already >>> expired or not qualified. Many people will ignore it and just accept the >>> cert. Why we should worried HTTPS/SSL it not good protection for sniffer if >>> the bad implement by organization. Poor implementation for SSL/TLS by many >>> Organization especially in Malaysia allow many sniffer to be a MITM. If you >>> see some cert are create by self signed and some cert maybe just rouge >>> certificate. You can check all the Bank online if they have valid cert or >>> they already expired. You also can look if Local bank use CA cert or not. CA >>> was one of vendor create commercial cert. Are our local bank use this >>> cert?. If you check many HTTPS/SSL are broken and can be direct attack/APT >>> by sniffer. >>> >>> The problem of this i think it not from HTTPS/SSL but it from Application >>> that use from them. The web online provided by Bank sometime it not enough >>> to prevent sniffer get the U & P. Some time the hashing can be manipulated >>> and they can get easily and user are not detected at all. >>> >>> We must understand 1st what the process from user to server. Here the >>> example scenario (Ahmad use Open Network and surf): >>> >>> 1) Ahmad open Browser and surf Online Bank Web >>> 2) Browser will request login form from the server Online Bank >>> 3) Server (Online Bank) will sent random generate challenge (RGC )"c" >>> *Server >>> sends HTML with above form rules* >>> 4) RGC attach to the form and sent to Ahmad browser *MITM replaces the >>> form with a simple form u/p** are not manipulated* >>> 4) Ahmad will enter username "u" and Password "p_user" and submit *User >>> fills out simple form, submits to MITM* >>> 5) Ahmad browser will calculate h_user=hash((hash(p_user), c) *MITM >>> calculates h_user from u / p / c* >>> 6) Ahmad browser sent "u" and "h_user" to the server. *MITM sends u + >>> h_user to server* >>> 7) The server retrieve password hash "h_db" for user "u" from database >>> 8) Server perform comparison which h_user==hash(h_db, c) >>> 9) If this comparison it true, the credential are true and sent back to >>> Ahmad Browser >>> 10) Ahmad now login to server (Bank Online) >>> >>> If i miss out some point here please correct it. But you can see the red >>> text are the process between user, MITM & server. You can do this and try if >>> you can get any U & P from any local Bank Online (Maybank, CIMB, BIMB, RHB) >>> and Oversea Bank (HSBC, Citibank, Standard Chartered) You can compare which >>> web security are more reliable and are they implement it. The best policy >>> and the process they do will combat any MITM to get the U/P from server. My >>> point is are they doing enough to protect user from this threat. Are we? >>> >>> P/S : I`m not buyers any Bank here just to show what the reality are. >>> >>> Mohd Fazli Azran >>> >>> _______________________________________________ >>> Owasp-Malaysia mailing list >>> [email protected] >>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>> >>> OWASP Malaysia Wiki >>> http://www.owasp.org/index.php/Malaysia >>> >>> OWASP Malaysia Wiki Facebook >>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>> >> >> > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
