Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: "PenTest" a container file

from [Steve Friedl] Network Security [Permanent Link]
Subject: Re: "PenTest" a container file
Date: Thu, 18 Jan 2007 15:10:56 -0800 
On Thu, Jan 18, 2007 at 09:55:36AM +0100, Julien wrote:

I've have to test the security of an encryption application. This
application create a container file to store all private data. The
tool use a private encryption type.
The only hint they gave me is that user have to submit is password to
open this container.
The aim of this test is to open the files inside this container file.


If it's a proprietary encryption algorithm, that means it's probably a
lousy one, so the cryptographers among us might be able to get somewhere.
But that's beyond many of us here -- including me.

So we look for other angles (I'll assume Win32 here just for a point
of reference).

*) I'd start by profiling the application with FileMon and RegMon to get a
   sense for what the app is doing at runtime. Is it the usual kind of
   obvious kind of file activity, or are they attempting to be tricky?
   What files and registry keys are used?

   Finding all the resources they use might help find the weakest points.

*) does the application leave any temp files lying around? This might
   leave the cleartext visible (perhaps only for a short time)

*) does the application have a remember-my-password option? This would
   certainly be worth looking into (Hey: it would be dumb to have this
   kind of feature, but if they're doing their own crypto...)

*) I'd certainly look into finding out how they prompt for a password and
   see if that can be intercepted by some other program while it's running.
   It's probably found in some kind of window control, and may even be
   left around after it's decrypted the thing, so some other application
   running as the same user may be able to snag it.

*) If you're really determined, reverse engineer the thing with something like
   IDA Pro - looking at the code might point out some weak points too.

If the front door is strong and well locked, you're not going to get in by
pounding it with your fists. Go around back and look for a screen door :-)

Steve

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve@unixwiz.net

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sybase passwords hashes, Joxean Koret
Next by Date:  Automated Nmap Scans / Front End, tom jones
Previous by Thread:  "PenTest" a container file, Julien
Next by Thread:  Re: "PenTest" a container file, Benjamin Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]