Posts

Showing posts from 2010

Testing with OpenSSL

Recently, I've ran into a few situations were I had to start testing for if SSLv2 was allowing connections. Instead of using a tool such as a vulnerability scanner, I found that the best way to go about this was with openssl and s_client. This would allow me to fine tune my request to get the information that I needed manually and cut out the time spent waiting for a scanner to finish. Here is an example of how you can check if SSLv2 is allowed on a system using openssl Allowed Connection: root#openssl s_client -ssl2 -no_ssl3 -no_tls1 -connect 192.168.1.2:443 CONNECTED(00000003) ...certificate exhange etc.... SSL handshake has read 879 bytes and written 236 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 <---Tells us SSLv2 was used for the session Cipher : DES-CBC3-MD5 Session-ID: 26691A60E4F2220AB63D22A032E26872 Session-ID-ctx:

Exploit Writing

Anyone interested in learning how to write exploits should check out the following blog http://www.corelan.be:8800/