-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSecurity.txt
More file actions
602 lines (422 loc) · 18.3 KB
/
Security.txt
File metadata and controls
602 lines (422 loc) · 18.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
@@@@@@@@@@@@@@@@@@@@@ Mac OSX tools for SSL certs @@@@@@@@@@@@@@@
keytool
openssl
certool
certutil
pkcs12util
@@@@@@@@@@@@@@@@@ SSL EXPLAINED @@@@@@@@@@@@@@@@
What is an SSL Certificate?
---
- SSL certs helps in creating trusted, secure, encrypted connection between
client/server
- SSL certs contains following: Public key and a 'subject' that is the identity
of Certificate owner.
What is Certificate Signing Request (CSR)?
---
- CSR is a message sent by a client to Certificate Authority requesting a
digital cert (a.k.a identify cert)
- CSR contains following:
* public key for which cert should be issued
* identity information (such as domain name)
* integrity protection (digital signature)
- Most common format for CSR is:
* PKCS#10
* Signed Public Key and Challenge SPKAC
How to create a CSR?
---
1 Client first generates a key pair (Ex. using 'keytool' on MacOS). Private key
is secret.
2 CSR contains info about applicant, which is signed by its private key
3 CSR also contains public key of client
4 CSR contains other info of client
a Distinguished Name (DN): FQDN
b Business Name/Org, Department, Address, Email etc
5 CA will send back Digital Cert signed by it's private key
How to get an SSL Certificate?
---
- First create a Certificate Signing Request (CSR) on your server. This creates
a Public and Private key pairs.
- You'll send CSR data file to SSL Cert issuer (or Certificate Authority or CA).
This file contains your Public key.
- CA uses this CSR data file to create data structure to match your Private key
without compromising it. CA never sees your Private key.
- Once you receive SSL cert, you install it on your server. You install
intermediate cert that establishes the credibility of your SSL cert by tying
it to your CA's root cert.
- "Certificate Chain" example
Root Cert Intermediate Cert Server Cert
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ │ │ │ │ │
│ │ │ │ │ │
│ │ │ │ │ │
│ │◀───────────▶│ │◀───────────▶│ │
│ │ │ │ │ │
│ │ │ │ │ │
│ │ │ │ │ │
└─────────────┘ └─────────────┘ └─────────────┘
Subject: Digicert Root CA Subject: Digicert Root CA-1 Subject: www.digicert.com
Valid from 10/Nov/2006 to Valid from 9/Nov/2007 to Valid from 22/Nov/2012 to
10/Nov/2031 10/Nov/2021 17/Nov/2014
Issuer: DigiCert Issuer: Digicert Root CA Issuer: Digicert Root CA-1
Why do we have CA and how is it useful?
---
- Most important part of SSL cert is that it is digitally signed by trusted CA's
like DigiCert
- Browsers only trust certs from organization on their list of trusted CAs
(called Trusted Root CA store). Browsers come with pre-installed list of
Trusted Root CA store.
- An SSL cert issued by CA to an Org and it's website/domain indicates two
things:
1) CA has authenticated the Org's identity
2) Since browser trusts CA, browser can now trust the Org's identity too
How does SSL Cert create a secure connection?
---
- When browser accesses a website that's secured by SSL, an SSL connection is
established between them starting with "SSL Handshake"
┌────────────────┐ ┌────────────────┐
│ │ 1 ───────────────────────▶ │ │
│ │ │ │
│ │ 2 ◀─────────────────────── │ │
│ │ │ │
│ │ 3 ───────────────────────▶ │ │
│ │ │ │
│ │ 4 ◀─────────────────────── │ │
│ │ │ │
└────────────────┘ 5 ◀======================▶ └────────────────┘
Web Browser Web Server
1) Browser connects to a web server (website) secured with SSL (https). Browser
requests that the server identify itself.
2) Server sends a copy of its SSL Certificate, including the server’s public
key.
3) Browser checks the certificate root against a list of trusted CAs and that
the certificate is unexpired, unrevoked, and that its common name is valid for
the website that it is connecting to. If the browser trusts the certificate, it
creates, encrypts, and sends back a symmetric session key using the server’s
public key.
4) Server decrypts the symmetric session key using its private key and sends
back an acknowledgement encrypted with the session key to start the encrypted
session.
5) Server and Browser now encrypt all transmitted data with the session key.
Is My Cert SSL or TLS?
---
- They are both same tech.
- SSLv3.0 was last verion. Next version was called TLSv1.0 (instead of, say,
SSLv4.0)
- Most recent TLS is v1.2
Behind the scenes of SSL Cryptography
---
Asymmetric Encryption (or Public-Key Cryptography)
---
- Asymmetric encryption uses two keys for communication: Public and Private keys
- Public key is shared with anyone who wants it. Anyone can use it to encrypt a
message.
- Only those who have Private key (which is a secret) can decrypt the message.
- RSA is the most popular asymmetric encryption algo
- Asymmetric keys are typically use 2048 bit keys, though larger keys can be
created, the increased computation is a cause for concern.
Symmetric Encryption
---
- Uses single key to encrypt and decrypt messages. Both sender and receiver must
have same key.
- A 128-bit or 256-bit keys are used. SSL Certs don't dictate what key size to
use.
Which one is Better?
---
- Since asymmetric encryption uses larger keys, it's harder to crack. But that's
not the only metric. Computational cost and ease of distribution are important
too.
- Symmetric encryption has advantage of less computation, but hard to distribute
keys.
How does SSL use Asymmetric and Symmetric encryption?
---
- Public Key Infrastructure (PKI) is set of hardware, software, people,
policies, and procedures. It's used to do:
* create, manage, distribute, use, store and revoke certs
- PKI uses hybrid cryptosystem
1) In SSL communication, server's SSL cert has both Public and Private keys
2) The session key created during SSL Handshake is Symmetric
Public-Key Encryption Algorithms
---
RSA:
---
It's based on assumption that factoring large integers (prime factorization) is
very difficult. Full decryption of cipher text is considered infeasible due to
this reason.
A user of RSA creates and then publishes the product of two large prime numbers,
along with an auxiliary value, as their public key. Prime factors must be kept
secret.
Anyone can use the public key to encrypt a message. But only those with
knowledge of prime numbers can decrypt them.
ECC (Elliptic Curve Cryptography):
---
This relies on algebriac structure of elliptic curves over finite fields.
<TBD>
Pre-Shared Key Encryption Algorithms
---
- Twofish, AES or Blowfish - AES is most popular
- Two types of algorithms exists: Stream cipher and block ciphers
- Stream ciphers are applied on stream of data, perhaps to each binary bit
- Block ciphers, which are more common/popular, is applied to a block of data
(like 64 bits at a time)
References:
[1] https://www.digicert.com/ssl/
[2] https://www.digicert.com/ssl-cryptography.htm
[3] https://en.wikipedia.org/wiki/Certificate_signing_request
[4] https://tls.ulfheim.net/
[5] https://tls13.ulfheim.net/
[6] https://tls12.xargs.org
@@@@@@@@@@@@@@@@@@@@ OpenSSL Cheatsheet @@@@@@@@@@@@@@@@@@@@@@@@@@@
RSA and ECDSA Keys
==================
- Replace [bits] with key size (ex: 2048, 4096 etc)
Generate an RSA key
$ openssl genrsa -out example.key [bits]
Print public key or modulus only
$ openssl rsa -in example.key -pubout
$ openssl rsa -in example.key -noout -modulus << not sure what this does
Print textual representation of RSA key
$ openssl rsa -in example.key -noout -text
Generate new RSA key and encrypt with a pass phrase based on AES CBC 256
encryption
$ openssl genrsa -aes256 -out example.key [bits]
Check private key. If key has pass phrase, you'll be prompted
$ openssl rsa -check -in example.key
Remove pass phrase from RSA key
$ openssl rsa -in example.key -out example.key
Encrypt existing private key with a pass phrase:
$ openssl rsa -des3 -in example.key -out example_with_pass.key
Generate ECDSA key. `curve` is to be replaced with: `prime256v1`, `secp384r1`,
`secp521r1`, or any other supported elliptic curve:
$ openssl ecparam -genkey -name [curve] | openssl ec -out example.ec.key
Print ECDSA key textual representation:
$ openssl ec -in example.ec.key -text -noout
List available EC curves, that OpenSSL library supports:
$ openssl ecparam -list_curves
Create Certificate Signing Requests (CSRs)
==========================================
Reference:
[1] https://medium.freecodecamp.org/openssl-command-cheatsheet-b441be1e8c4a
@@@@@@@@@@@@@@@@@@@@ CTF @@@@@@@@@@@@@@@@@@@@@@@
CTF Tools
=========
Linux VM
Disassembler
- IDA, Binary Ninja, Hopper, Radare2, objdump
Debugger
- gdb, WinDbg, OllyDbg
Wireshark
pwdtools
- https://github.com/Gallopsled/pwntools-tutorial
Beginner Level CTFs
- picoCTF.com
- CSAW (csaw.engineering.nyu.edu)
- pwnable.kr
- Many other that I bookmarked
Linux Commands for Hacking:
Text manipulation: sed/awk/grep, cut, find/locate, tr, uniq, wc, sort,
DNS: dig/host
Misc: lsof, symlink, file, hexdump, xxd, xargs, parallel,
Reference:
[1] Talk at Palo Alto Networks by Security Researcher
[2] https://twitter.com/NahamSec/status/1613625889794949121?s=20
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
NOTES FROM [1]
=============
STACK SMASHING/OVERFLOW
HEAP OVERFLOW
=============
Example:
typedef struct _vulnerable_struct {
char buff[MAX_LEN];
int (*cmp) (char *, char *);
} vulnerable;
int foo (vulnerable *s, char *one, char *two)
{
strcpy (s->buff, one); // copy one in to buff
strcpy (s->buff, two); // copy two in to buff
return s->cmp (s->buff, "file://foobar");
}
// works only if strlen(one) + strlen(two) < MAX_LEN.
// Otherwise, we overwrite s->cmp function pointer.
- In C++, vtable represents objects and its data/methods. With Heap
Overflow attacks, vtable can be corrupted and object methods can be
overwritten.
- Variants of Heap Overflow include:
- Overflow in to C++ vtable (as mentioned above).
- Overflow in to adjacent objects.
- Overflow in to heap metadata.
- Hidden header just before the pointer returned by
malloc. Flow in to that header to corrupt heap itself.
INTEGER OVERFLOW
================
- Wrapping around of integers.
void vulnerable()
{
char *response;
int nresp = packet_get_int();
if (nresp > 0) {
response = malloc(nresp * sizeof(char *));
for (i=0; i<nresp; i++)
response[i] = packet_get_string(NULL);
}
}
- If nresp is very large and sizeof(char *) is 4 (32-bit) then their
product will wrap and become zero (??).
- Subsequent writes to that buffer are overflowing it.
- So far, code was corrupted. But its possible to corrupt data.
READ OVERFLOW
=============
int main()
{
char buff[100], *p;
int i, len;
while(1) {
// read integer, which is len.
p = fgets(buf, sizeof(buf), stdin);
if (p==NULL)
return 0;
len = atoi(p);
// read message
p = fgets(buf, sizeof(buf), stdin);
if (p==NULL)
return 0;
// print message. If len is more than message length, its
// a problem.
for (i=0; i<len; i++) {
if (!iscntrl(buf[i]))
putchar (buf[i]);
else
putchar ('.');
}
printf("\n");
}
}
- Heartbleed bug is an exampleof Read Overflow bug.
STALE MEMORY BUGS
=================
- Dangling pointer bug. An attacker can arrange for the freed memory to be
reallocated and under his control.
struct foo {
int (*cmp) (char *, char *);
};
struct foo *p = malloc(...);
...
free (p);
...
q = malloc (...) //reuses memory
...
*q = 0xdeadbeef; // attacker controlled memory
...
p->cmp ("hello", "hello"); // dangling pntr. Attacker controlled memory.
FORMAT STRING ATTACK
====================
void safe()
{
char buf[80];
if (fgets (buf, sizeof(buf), stdin) == NULL)
return;
printf ("%s", buf);
}
void vulnerable()
{
char buf[80];
if (fgets (buf, sizeof(buf), stdin) == NULL)
return;
printf (buf); // (1)
}
(1) In this printf, contents of 'buf' is interpreted. So, if it contains
format string specifiers, they are interpreted. How can this be used to
attack?
How is below code represented on Stack?
int i = 10;
printf ("%d %p\n", i, &i);
------+----------+----------+------+---+----+----------------
... | old %ebp | ret addr | &fmt | i | &i | caller frame
------+----------+----------+------+---+----+----------------
- Note that stack grows Right to Left.
- When printf() sees %d, it looks for 'i', and %p looks for '&i'.
- Look at following code:
printf("%d %x");
------+----------+----------+------+-------------------------
... | old %ebp | ret addr | &fmt | caller frame
------+----------+----------+------+-------------------------
- In above stack, printf() reads and interprets contents of caller frame.
- Some examples of Format String Vulnerabilities.
printf("100% dave");
* Prints stack entry 4 bytes above saved ret addr (%eip). That's
* because, printf ignores space between % and next letter ('d').
printf("%s");
* Prints bytes pointed to by that stack entry till it encounters
* NULL.
printf("%d %d %d ...");
* Prints a series of stack entries as integers.
printf("%08x %08x %08x ...")
* Same as above but formatted in hex.
printf("100% no way!");
* WRITES the number 3 to address pointed to by stack entry because
* %n is used to write progress that printf() made in printing to
* output stream. In this case, printf() would have printed 3
* characters (100) and hence, it prints 3 on stack.
DEFENSE AGAINST OVERFLOW ATTACKS
=====
- Memory safety and type safety. Coding in a way to ensure application is
immune to memory attacks.
- Automatic defenses: (a) Stack Canaries (b) ASLR: Automatic Space Layout
Randomization. OS/Compiler does above things for us.
- Return-Oriented Prog (ROP) attack overcomes above two techniques.
Control Flow Integrity (CFI) can defeat ROP. But it is in its infancy.
MEMORY SAFETY
=============
Format String Bugs
==================
- printf() accepts %x format specifier without an argument. It prints contents
of stack
printf("%x"); /* works, with a warning */
// printf accepts without argument and print whatever is available next on
// the stack.
void main(int argc, char *argv[])
{
char buf[4];
strcpy(buf, argv[1]);
printf(buf);
}
$ ./a.out %x.%x.%x
*** stack smashing detected ***: ./a.out terminated
b650caac.78252e.252e7825.4006b0Aborted
- %n writes number of chars printed so far, to mem location pointed to by a
param
- Stack defenses don't help
* Canary value
* ASLR and NX (non-executable stack) makes it hard, but not impossible
* Static code analysis tools generally find this
* GCC warns, but no defense
References:
[1] Coursera: Software Security from University of Maryland
[2] CNIT 127 Exploit Development - City College of San Francisco
@@@@@@@@@@@@@@@@@ ATTACK NAMES @@@@@@@@@@@@@@@@
TCP Attacks
---
TCP Reset: https://en.wikipedia.org/wiki/TCP_reset_attack
TCP Sequence Prediction:
https://en.wikipedia.org/wiki/TCP_sequence_prediction_attack
MITM: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
SYN Flood: https://en.wikipedia.org/wiki/SYN_flood
Sockstress: https://en.wikipedia.org/wiki/Sockstress
PUSH & ACK Floods: https://en.wikipedia.org/wiki/PUSH_and_ACK_floods
TCP Veto:
UDP Attacks
---
UDP Flood: https://en.wikipedia.org/wiki/UDP_flood_attack
DNS Attacks
---
DNS Rebinding: https://en.wikipedia.org/wiki/DNS_rebinding
DNS Hijacking: https://en.wikipedia.org/wiki/DNS_hijacking
DNS Spoofing: https://en.wikipedia.org/wiki/DNS_spoofing
DNS Cache Poisoning: https://en.wikipedia.org/wiki/DNS_cache_poisoning
@@@@@@@@@@@@@@@@@ Server Side Request Forgery (SSRF) @@@@@@@@@@@@@@@@@
What is SSRF?
- It's a web security Vulnerability that allows an attacker to induce server
side application to make requests to an unintended location.
- This unintended location can be external network or internal/local network.
- Full SSRF, Partial SSRF, Blind SSRF
[1] https://youtu.be/qkOIJOlz53U