bh-us-03-ornaghi-valleri

Algorithms to be used later the attacker can force

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: can force the client to initialize a SSH1 The connection instead of SSH2. – The server replies in this way: SSH-1.99 -- the server supports ssh1 and ssh2 SSH-1.99 ssh1 and ssh2 SSH-1.51 -- the server supports ONLY ssh1 SSH-1.51 ssh1 – The attacker makes a filter to replace “1.99” with “1.51” Possibility to circumvent known_hosts Possibility Blackhat Conference - USA 2003 Blackhat 19 SSH v2 Downgrade DEMO Blackhat Conference - USA 2003 Blackhat 20 Downgrade Attacks IPSEC Failure Block the keymaterial exchanged on the Block port 500 UDP End points think that the other cannot start End an IPSEC connection If the client is configured in rollback mode, If there is a good chance that the user will not notice that the connection is in clear text Blackhat Conference - USA 2003 Blackhat 21 Downgrade Attacks PPTP attack (1) During negotiation phase During – – – Force PAP authentication (almost fails) Force MS-CHAPv1 from MS-CHAPv2 (easier to crack) Force no encryption Force re-negotiation (clear text terminate-ack) Force – Retrieve passwords from existing tunnels – Perform previous attacks Force “password change” to obtain password hashes Force – Hashes can be used directly by a modified SMB or PPTP client – MS-CHAPv2 hashes are not usefull (you can force v1) Blackhat Conference - USA 2003 Blackhat 22 Downgrade Attacks PPTP attack (2) Force PAP from CHAP start Server req | auth | chap Client MITM req | auth | fake nak | auth | pap nak| auth | chap req | auth | pap req | auth | pap ack | auth | pap ack | auth | pap We don’t have to mess with GRE sequences... Blackhat Conferen...
View Full Document

Ask a homework question - tutors are online