Posted by jpluimers on 2018/08/13
Cool playground:
An online platform to test and advance your skills in penetration testing and cyber security.
Via [WayBack] hackthebox – Penetration testing labs This is an amazing platform – super addictive! Hack The Box is an online platform al… – Jürgen Christoffel – Google+
–jeroen
Posted in LifeHacker, Power User, Security | Leave a Comment »
Posted by jpluimers on 2018/08/08
[WayBack] ngHttp2 DLLs has a simple a version scheme. The build inside the Windows PHP distribution includes these version numbers. The TreadSafe versions work as plug in replacement for github.com/grijjy/DelphiScalableClientSockets/tree/master/Bin which is used by github.com/grijjy/GrijjyFoundation/blob/master/Grijjy.Http.pas#L11. You obtain them via [WayBack] PHP For Windows: Binaries and sources Releases; and at the time of writing these were the most recent versions:
[WayBack] OpenSSL DLLs has a much more complex version scheme, as they are numeric but OpenSSL releases are not.
a.b.c.da.b.c.x
# letter # letter # letter # letter # letter remark 1 a 6 f 11 k 16 p 21 u 2 b 7 g 12 l 17 q 22 v * 3 c 8 h 13 m 18 r 23 w * 4 d 9 i 14 n 19 s 24 x * 5 e 10 j 15 o 20 t 25 y * 26 z *
[WayBack] Index of /SSL has “Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.”
These work no matter what development/deployment stacks you use (including a Visual Studio based stack).
The most recent version as of writing is 1.0.2o, which maps to 1.0.2.20 which contains libeay32.dll and ssleay32.dll for both the i386-win32 and x86_64-win64 build (not sure why they both use 32 in the name):
openssl-1.0.2o-i386-win32.zip
openssl-1.0.2o-x64_86-win64.zipwhich supportsx86_64as this site is about the only one usingx64_86in the name
Background reading:
These binaries are for instance used by (most of them are behind or far behind on the OpenSSL version):
Speaking of which: this is a recent Delphi wrapper around libeay32.dll: [WayBack] GitHub – lminuti/Delphi-OpenSSL: Delphi implementation of OpenSSL
–jeroen
Posted in Delphi, Development, OpenSSL, Power User, Security, Software Development | 2 Comments »
Posted by jpluimers on 2018/08/06
Nowadays, with tools like Metasploit and what tools leaked from the NSA and other agencies, it is so easy to hack a system even if it is almost up to date.
All the more reason to keep your systems fully patched all the time.
To get a Metasploit impression: [WayBack] Hacking Articles,Ethical Hacking Training in Delhi,Metasploit Training
–jeroen
via: [WayBack] I gotta find time to look at this… Joe C. Hecht – Google+
Posted in Power User, Security | Leave a Comment »
Posted by jpluimers on 2018/07/30
Interesting: [WayBack] A cheat-sheet for password crackers
Via: [WayBack] Joe C. Hecht – Google+
–jeroen
Posted in *nix, *nix-tools, Hashing, md5, Power User, Security, SHA, SHA-256, SHA-512 | Leave a Comment »
Posted by jpluimers on 2018/07/23
If you get an error like this in one of your tools
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
it means you are using a tool not yet properly supporting TLS 1.2 or higher.
Or in other words: update your tool set.
The reason is that – after turning off TLS 1.0 a while ago – more and more sites do the same for TLS 1.1.
A prime example of a site that warned on this in a clear way very early on is github:
Others have done this too, for instance:
TLS 1.0 is vulnerable to many attacks, and certain configurations of TLS 1.1 as well (see for instance [WayBack] What are the main vulnerabilities of TLS v1.1? – Information Security Stack Exchange), which means that properly configuring the non-vulnerable TLS 1.1 over times gets more and more complex. An important reason to say goodbye to that as well, as TLS 1.2 (from 2008) is readily available for a long time. The much more recent TLS 1.3 (from 2018) will take a while to proliferate.
I ran in the above error because on one of my systems, an old version of wget was luring around, so I dug up the easiest place to download recent Windows binaries for both win32 (x86) and win64 (x86_64):
[WayBack] eternallybored.org: GNU Wget for Windows having a table indicating the OpenSSL version for each wget build.
–jeroen
Reference: Transport Layer Security – Wikipedia: History and development
Posted in *nix, https, HTTPS/TLS security, OpenSSL, Power User, Security, wget | Leave a Comment »
Posted by jpluimers on 2018/05/31
Ouch (despite one needs authenticated access): [WayBack] Firebird fbudf Module Authenticated Remote Code Execution – Firebird News
Here is the description for CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL
Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The
only known solution is to disable external UDF libraries from being loaded. In
order to achieve this, the default configuration has changed to UdfAccess=None.
This will prevent the fbudf module from being loaded, but may also break other
functionality relying on modules.Here is the Debian security page with the issue : CVE-2017-11509
The thing I am really not happy about is that the 90 day limit has been overdrawn by about 180 days (see https://www.tenable.com/security/research/tra-2017-36)
Related:
Via:
–jeroen
Posted in Database Development, Development, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2018/05/18
iodine is a free (ISC licensed) tunnel application to forward IPv4 traffic through DNS servers (IP over DNS). Works on Linux, FreeBSD, NetBSD, OpenBSD and Mac OS X.
In light of
–jeroen
Posted in Power User, Security | Leave a Comment »
Posted by jpluimers on 2018/05/03
via: [WayBack] Yet another reason to be very careful with what you put in version control: GitLeaks – Search Engine for exposed secrets on the web https://gitleaks.com/ – This is why I Code – Google+
[Archive.is] GitLeaks – Search Engine for exposed secrets on the web
–jeroen
Posted in Development, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2018/05/03
Interesting thought on client-side password hashing: [Archive.is] Client-Side Password Hashing – DelphiTools.
I’ve ambivalent feelings on it, especially since it will expose salt and other settings to the client.
On the other hand it tremendously helps when there are transparent proxies in between. Read the article for full details; here is just one quote below.
Maybe dual hashing would be in place: once at the client to prevent plain-text to go over MITM channels, and a second hash server side with different settings like salt to prevent brute force attacks.
I need to give this more thought.
The quote:
If you are using a regular Windows and a regular browser, access to HTTPS will go through the regular certificate chain, using regular certificate authority. You also benefit from extra security layers like Public Key Pinning.
But when a custom Root CA is installed, all that goes through the window: the custom Root CA allows the corporate proxies to issue “valid” certificates for any website (even google.com and the rest), and the public key pinning features are disabled:
How does key pinning interact with local proxies and filters?
Chrome does not perform pin validation when the certificate chain chains up to a private trust anchor.
A key result of this policy is that private trust anchors can be used to proxy (or MITM) connections, even to pinned sites. “Data loss prevention” appliances, firewalls, content filters, and malware can use this feature to defeat the protections of key pinning.
All the major browsers have a similar behavior… because it is required to allow transparent proxies. And transparent proxies are the means through which the legal logging requirements are fulfilled.
So besides introducing a major MITM opportunity, this also means that there are legally-required corporate logs somewhere of all that went through HTTPS… including plain text passwords, if you did not hash them on the client-side.
These logs will have varying degrees of security when in the corporate domain… and next to none if they are ever requested by the legal system for an investigation.
–jeroen
Posted in Algorithms, Design Patterns, Development, Hashing, Power User, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2018/04/11
So we are all doomed: on debian, beep was an issue leading into a CVE. The fix is an issue too, and also has a CVE.
Source: [WayBack] beep, patch and ed – The Isoblog.
Related:
–jeroen
Posted in *nix, *nix-tools, Debian, Linux, Power User, Security | Leave a Comment »
The Wiert Corner - irregular stream of stuff 