Eikonal Blog

2012.11.02

Java keytool

Filed under: crypto, hashes, infosec, it, java — Tags: , — sandokan65 @ 10:45
  • Download the CA certificate from the proxy and convert it to PEM format:

      /usr/java/default/bin/keytool -import -trustcacerts -file  -alias CA_ALIAS -keystore /usr/java/default/lib/security/cacerts -storepass changeit
      

More:

Advertisements

2012.02.14

OpenSSL

  • HTTPS server banner:

      openssl s_client -connect:IPAddress:443

    after connection is established, type in “HEAD / HTTP/1.0” and press enter.

    Alternative:

      echo -e "HEAD / HTTP/1.0\n\n" | openssl s_client -quiet -connect IPAddress:443

  • NTTPS server banner

      openssl s_client -connect:IPAddress:563
      

  • IMAPS server banner:

      openssl s_client -connect:IPAddress:993
      

  • POP3S server banner:

      openssl s_client -connect:IPAddress:995
      

  • Identifying SSL cyphers:

      openssl s_client -connect website:443 -cipher EXPORT40
      openssl s_client -connect website:443 -cipher NULL
      openssl s_client -connect website:443 -cipher HIGH
      

  • Generating password hash four unix:

      openssl passwd -1 -salt QIGCa pippo
      

    output: $1$QIGCa$/ruJs8AvmrkmzKTzM2TYE.

  • Converting a PKCS12-encoded (or .pfx) certificate to PEM format:

      openssl pkcs12 -in CertFile.p12  -out NewCertFile.pem   -nodes. -cacerts
      

  • Converting a DER-encoded certificate to PEM format:

      openssl x509  -in CertFile.crt.  -inform DER  -out NewCertName.pem   -outform PEM
      

  • Download a proxy’s public certificate:

      openssl s_client-connect ProxyHostname:port   proxycert.pem
      

  • Create a key:

      openssl genrsa -des3 -out server.key 1024
      

  • Create a CSR (certificate signing request):

      openssl req -new -key server.key -out server.csr
      

  • Remove a password from a key:

      cp server.key server.key.org
      openssl rsa -in server.key.org -out server.key
      

  • Sign the CSR and create the certificate:

      openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
      cat server.crt server.key > certificate.pem
      

  • Encrypting a file:

      cat INFILE | openssl aes-256-ecb -salt -k PASSWORD > INFILE.ssl
      

  • Decrypting a file:

      cat INFILE.ssl | openssl aes-256-ecb -d -k PASSWORD > INFILE
      

2011.05.12

Passwords related postings

Generating password hashes

  • Generating unix-style MD5 hash: openssl passwd -1 -salt QIGCa pippo
    • produces: $1$QIGCa$/ruJs8AvmrknzKTzM2TYE.
  • generating password hash using system’s native crypt() command: perl -e ‘print crypt(“pippo”, “\$1\$QIGCa”),”\n”‘
    • produces: $1Su6NR9CFU/6
  • Using Python’s Passlib library (http://packages.python.org/passlib/):
    • Install Python (e.g. in Cygwin)
    • Install Passlib library following instructions at http://packages.python.org/passlib/install.html
    • start Python: python
    • Calculate the SHA256 hash of the word Password:

      >>> from passlib.hash import sha256_crypt
      >>> hash = sha256_crypt.encrypt("password")
      >>> hash
      '$5$rounds=80000$9GPMLb8EE.1QFrUk$Y0XQiZRKMhOrB2GcfCeWREG.x3jCfa5pbmxSO/hjCE3'
      >>> sha256_crypt.encrypt("password")
      '$5$rounds=80000$9fjOxTQNeyPhsCvp$XmyKju3TfWUEPXGPXMZ6sIPcv26Uok7NLPyZhx5g7R9'
      >>> sha256_crypt.encrypt("password", rounds=12345)
      '$5$rounds=12345$Kk9DTJPMRyxGFB3q$7tdzdJXq4YRu7ms6PGo7zTlOHVwYOQO1aUeUsZ3Mrl5'
      >>> sha256_crypt.verify("password", hash)
      True
      >>> sha256_crypt.verify("letmeinplz", hash)
      False
        

    • Generating BouncyCastle SHA1-512 hashes for use in Atlassian JIRA:

      >>> from passlib.hash import atlassian_pbkdf2_sha1
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}fU8ppRTCuJeS8n7PGYOQMhVqZ4hUidTIiWI4K8R8IBOXm/lYywaouSLtvlTeTr3V'
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}+X+PMcYYAwBAKIWwFsJY639EipU1NXJfc1jKC5VYHZV7zoDI4zTEpKO4xZQoegg1'
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}1Nq7N2YM4ZyTstZaSynlnGGh2rgAG+b7SB+9xreszUhrE39BnfwNg2RGm6tqvDg2'
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}bu1dK0WotXYuBaB0bo2RslxMAp4JawLofUFw4S5fZdAtfsm3Ats6kO6j5NaHZCdt'
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}z/mfc47xvjcm5Ny7dw7BeExB68Oc4XiTJvUS5HRAadKr4/Aomn1WOMMrMWtikUPK'
        

    • Supported hashing algorithms:
      • Archaic Unix Schemes:
        • passlib.hash.des_crypt – DES Crypt
        • passlib.hash.bsdi_crypt – BSDi Crypt
        • passlib.hash.bigcrypt – BigCrypt
        • passlib.hash.crypt16 – Crypt16
      • Standard Unix Schemes:
        • passlib.hash.md5_crypt – MD5 Crypt
        • passlib.hash.bcrypt – BCrypt
        • passlib.hash.sha1_crypt – SHA-1 Crypt
        • passlib.hash.sun_md5_crypt – Sun MD5 Crypt
        • passlib.hash.sha256_crypt – SHA-256 Crypt
        • passlib.hash.sha512_crypt – SHA-512 Crypt
      • Other Modular Crypt Schemes:
        • passlib.hash.apr_md5_crypt – Apache’s MD5-Crypt variant
        • passlib.hash.phpass – PHPass’ Portable Hash
        • passlib.hash.pbkdf2_digest – Generic PBKDF2 Hashes
        • passlib.hash.cta_pbkdf2_sha1 – Cryptacular’s PBKDF2 hash
        • passlib.hash.dlitz_pbkdf2_sha1 – Dwayne Litzenberger’s PBKDF2 hash
        • passlib.hash.scram – SCRAM Hash
        • passlib.hash.bsd_nthash – FreeBSD’s MCF-compatible nthash encoding
        • passlib.hash.unix_disabled – Unix Disabled Account Helper
      • Standard LDAP (RFC2307) Schemes:
        • passlib.hash.ldap_md5 – MD5 digest
        • passlib.hash.ldap_sha1 – SHA1 digest
        • passlib.hash.ldap_salted_md5 – salted MD5 digest
        • passlib.hash.ldap_salted_sha1 – salted SHA1 digest
        • passlib.hash.ldap_crypt – LDAP crypt() Wrappers
        • passlib.hash.ldap_plaintext – LDAP-Aware Plaintext Handler
      • Non-Standard LDAP Schemes:
        • passlib.hash.ldap_hex_md5 – Hex-encoded MD5 Digest
        • passlib.hash.ldap_hex_sha1 – Hex-encoded SHA1 Digest
        • passlib.hash.ldap_pbkdf2_digest – Generic PBKDF2 Hashes
        • passlib.hash.atlassian_pbkdf2_sha1 – Atlassian’s PBKDF2-based Hash
        • passlib.hash.fshp – Fairly Secure Hashed Password
        • passlib.hash.roundup_plaintext – Roundup-specific LDAP Plaintext Handler
      • SQL Database Hashes:
        • passlib.hash.mssql2000 – MS SQL 2000 password hash
        • passlib.hash.mssql2005 – MS SQL 2005 password hash
        • passlib.hash.mysql323 – MySQL 3.2.3 password hash
        • passlib.hash.mysql41 – MySQL 4.1 password hash
        • passlib.hash.postgres_md5 – PostgreSQL MD5 password hash
        • passlib.hash.oracle10 – Oracle 10g password hash
        • passlib.hash.oracle11 – Oracle 11g password hash
      • MS Windows Hashes:
        • passlib.hash.lmhash – LanManager Hash
        • passlib.hash.nthash – Windows’ NT-HASH
        • passlib.hash.msdcc – Windows’ Domain Cached Credentials
        • passlib.hash.msdcc2 – Windows’ Domain Cached Credentials v2
      • Other Hashes:
        • passlib.hash.cisco_pix – Cisco PIX hash
        • passlib.hash.cisco_type7 – Cisco “Type 7” hash
        • passlib.hash.django_digest – Django-specific Hashes
        • passlib.hash.grub_pbkdf2_sha512 – Grub’s PBKDF2 Hash
        • passlib.hash.hex_digest – Generic Hexdecimal Digests
        • passlib.hash.plaintext – Plaintext
      • Cisco “Type 5” hashes

Passphrase Hashes

Articles


Passwords related postings at this blog:

2011.04.25

Steganography

Filed under: crypto, infosec, privacy, tools — Tags: — sandokan65 @ 14:45
  • “New Tool Hides Data In Plain Sight On HDDs” (SlashDot; 2011.04.25) – http://it.slashdot.org/story/11/04/25/1558237/New-Tool-Hides-Data-In-Plain-Sight-On-HDDs
      “A group of researchers has developed a new application that can hide sensitive data on a hard drive without encrypting it or leaving any obvious signs that the data is present. The new steganography system relies on the old principle of hiding valuables in plain sight. Developed by a group of academic researchers in the US and Pakistan, the system can be used to embed secret data in existing structures on a given HDD by taking advantage of the way file systems are designed and implemented. The software does this by breaking a file to be hidden into a number of fragments and placing the individual pieces in clusters scattered around the hard drive.”

2010.12.22

SSL tools

Filed under: crypto, infosec, web security — Tags: , — sandokan65 @ 12:12

Library of embeded devices’ hard-wired SSL keys

2010.08.16

Skype protocol(s?) cracked

Filed under: crypto, infosec — Tags: — sandokan65 @ 13:43

2010.05.21

Cisco “password 7″ decryption – C code

Filed under: crypto, infosec — sandokan65 @ 14:29

Source: http://insecure.org/sploits/cisco.passwords.html


Description:	Cisco passwords can be trivially decrypted although this isn't really the fault of Cisco (since the router itself needs to be able to decrypt them).
Author:	Jared Mauch 
Compromise:	Obtain extra access to Cisco routers
Vulnerable Systems:	Cisco routers
Date:	11 November 1997 
/* This code is originally from a Bugtraq post by 
   Jared Mauch  . I patched it with an improved
   translation table by Janos Zsako 
   -Fyodor (fyodor@insecure.org) */


#include 
#include 

char xlat[] = {
        0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
        0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
        0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42
};

char pw_str1[] = " password 7 ";
char pw_str2[] = "enable password 7 ";
char pw_str3[] = "ip ftp password 7 ";
char pw_str4[] = " ip ospf message-digest-key 1 md5 7 ";

char *pname;

cdecrypt(enc_pw, dec_pw)
char *enc_pw;
char *dec_pw;
{
        unsigned int seed, i, val = 0;

        if(strlen(enc_pw) & 1)
                return(-1);

        seed = (enc_pw[0] - '0') * 10 + enc_pw[1] - '0';

        if (seed > 15 || !isdigit(enc_pw[0]) || !isdigit(enc_pw[1]))
                return(-1);

        for (i = 2 ; i = 'A' && enc_pw[i] <= 'F') {
                        val += enc_pw[i] - 'A' + 10;
                        continue;
                }

                if(strlen(enc_pw) != i)
                        return(-1);
        }

        dec_pw[++i / 2] = 0;

        return(0);
}

usage()
{
        fprintf(stdout, "Usage: %s -p \n", pname);
        fprintf(stdout, "       %s  \n", pname);

        return(0);
}

main(argc,argv)
int argc;
char **argv;

{
        FILE *in = stdin, *out = stdout;
        char line[257];
        char passwd[65];
        unsigned int i, pw_pos;

        pname = argv[0];

        if(argc > 1)
        {
                if(argc > 3) {
                        usage();
                        exit(1);
                }

                if(argv[1][0] == '-')
                {
                        switch(argv[1][1]) {
                                case 'h':
                                usage();
                                break;

                                case 'p':
				bzero(passwd, sizeof(passwd));
                                if(cdecrypt(argv[2], passwd)) {
                                        fprintf(stderr, "Error.\n");
                                        exit(1);
                                }
                                fprintf(stdout, "password: %s\n", passwd);
                                break;

                                default:
                                fprintf(stderr, "%s: unknow option.", pname);
                        }

                        return(0);
                }

                if((in = fopen(argv[1], "rt")) == NULL)
                        exit(1);
                if(argc > 2)
                        if((out = fopen(argv[2], "wt")) == NULL)
                                exit(1);
        }

        while(1) {
                for(i = 0; i < 256; i++) {
                        if((line[i] = fgetc(in)) == EOF) {
                                if(i)
                                        break;

                                fclose(in);
                                fclose(out);
                                return(0);
                        }
                        if(line[i] == '\r')
                                i--;

                        if(line[i] == '\n')
                                break;
                }
                pw_pos = 0;
                line[i] = 0;

                if(!strncmp(line, pw_str1, strlen(pw_str1)))
                        pw_pos = strlen(pw_str1);

                if(!strncmp(line, pw_str2, strlen(pw_str2)))
                        pw_pos = strlen(pw_str2);
		if(!strncmp(line, pw_str3, strlen(pw_str3)))
			pw_pos = strlen(pw_str3);
		if(!strncmp(line, pw_str4, strlen(pw_str4)))
			pw_pos = strlen(pw_str4);

                if(!pw_pos) {
                        fprintf(stdout, "%s\n", line);
                        continue;
                }

		bzero(passwd, sizeof(passwd));
                if(cdecrypt(&line[pw_pos], passwd)) {
                        fprintf(stderr, "Error.\n");
                        exit(1);
                }
                else {
                        if(pw_pos == strlen(pw_str1))
                                fprintf(out, "%s", pw_str1);
                        else if (pw_pos == strlen(pw_str2))
                                fprintf(out, "%s", pw_str2);
			else if (pw_pos == strlen(pw_str3))
				fprintf(out, "%s", pw_str3);
			else if (pw_pos == strlen(pw_str4))
				fprintf(out, "%s", pw_str4);


                        fprintf(out, "%s\n", passwd);
                }
        }
}

Also see http://freeworld.thc.org/root/tools/ciscocrack.c


Related: https://eikonal.wordpress.com/2010/05/21/cisco-%e2%80%9cpassword-7%e2%80%b3/

Cisco “password 7″

Filed under: crypto, infosec — Tags: , , — sandokan65 @ 14:13

Local info:

2010.03.17

Cryptography resources

Sites

Historic cyphers

Hash algorithms

  • Passphrase Hashes – http://www.users.zetnet.co.uk/hopwood/crypto/scan/ph.html

    • Authenticators: When a passphrase is verified, the first few characters of the authenticator [= “magic”] determine which mechanism is used:
      • If the first three characters are “$1$”, MD5-crypt is used.
      • If the first four characters are “$2a$”, bcrypt is used.
      • If the first character is not “$” or “_”, Traditional-crypt3 is used.
  • The HashClash website – http://www.win.tue.nl/hashclash/ – hash algorithms collisions

RSA

  • export-a-crypto-system sig – http://www.cypherspace.org/rsa/, http://www.cypherspace.org/rsa/rsa-details.html – a Perl 3-line implementation of RSA encryptor and decryptor.
      #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj 
      $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 
      lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
        

    A 2-line version:

      print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*", 
      )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
        
    • Use:
      • Encryption: echo “squeamish ossifrage” | rsa -k=10001 -n=1967cb529 > msg.rsa
      • Decryption: % rsa -d -k=ac363601 -n=1967cb529 < msg.rsa
    • requires GNU dc (http://www.cypherspace.org/rsa/dc.html)
    • .

2010.01.07

Cisco “Password 7” Cracker – javascript code

Filed under: crypto, infosec — Tags: , , — sandokan65 @ 13:48

Source: http://www.ifm.net.nz/cookbooks/passwordcracker.html

<script language="JavaScript1.2" type="text/javascript">
<!--
// Is the character a digit?
function isDigit(theDigit) 
{ 
    var digitArray = new Array('0','1','2','3','4','5','6','7','8','9')

    for (j = 0; j < digitArray.length; j++)  {
        if (theDigit == digitArray[j]) 
            return true 
    } 
    return false 
} 


// Generate a config file ready for loading
function crackPassword(form)
{
    var crypttext=form.crypttext.value.toUpperCase()
    var plaintext=''
    var xlat="dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncxv9873254k;fg87"
    var seed, i, val=0

    if(crypttext.length & 1)
        return

    seed = (crypttext.charCodeAt(0) - 0x30) * 10 + crypttext.charCodeAt(1) - 0x30

    if (seed > 15 || !isDigit(crypttext.charAt(0)) || !isDigit(crypttext.charAt(1)))
        return

        for (i = 2 ; i <= crypttext.length; i++) {
                if(i !=2 && !(i & 1)) {
                        plaintext+=String.fromCharCode(val ^ xlat.charCodeAt(seed++))
            seed%=xlat.length
                        val = 0;
                }

                val *= 16

        if(isDigit(crypttext.charAt(i))) {
            val += crypttext.charCodeAt(i) - 0x30
            continue
        }


        if(crypttext.charCodeAt(i) >= 0x41 && crypttext.charCodeAt(i) <= 0x46) {
            val += crypttext.charCodeAt(i) - 0x41 + 0x0a
            continue
        }

        if(crypttext.length != i)
            return
        }

    form.plaintext.value=plaintext
}

-->
</script>

<form name="never-you-mind" id="never-you-mind" action="#">
<table border="1">
  <tbody><tr><td>
<p>
Type 7 Password:
  <input name="crypttext" size="60" type="text">
</p>

<p>
  <input value="Crack Password" onclick="crackPassword(this.form)" type="button">
</p>
<p>Plain text:
  <input name="plaintext" size="40" type="text">
</p>
</td></tr></tbody></table>
</form>



Related: https://eikonal.wordpress.com/2010/05/21/cisco-%e2%80%9cpassword-7%e2%80%b3/

Blog at WordPress.com.