정보보안(구버전)/ bWAPP 2019. 2. 21. 14:00

웹 해킹 bWAPP - 81. A6 - Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks

 

 

본 내용은 교육 과정에서 필요한 실습 목적으로 구성된 것이며, 혹시라도 개인적인 용도 및 악의적인 목적으로 사용할 경우, 법적 책임은 본인에게 있다는 것을 알려드립니다. 

 

 

1. Sensitive Data Exposure

 

 - OWASP Top10 A6 - 민감한 데이터 노출
 - 서버와 클라이언트 간에 평문으로 데이터 전송시 스니핑(MITM) 공격에 의해서 정보가 유출될 수 있다.
 - 그렇기 때문에 SSL(HTTPs) 보안 통신 연결을 이용하여 암호화/인증을 통하여 데이터를 보호해야 한다.
 - 또한, 데이터 처리와 암호화 저장이 클라이언트에서 진행되면 공격자가 클라이언트 제어권을 획득하여 정보가 유출

   될 수 있으니, 서버에서 진행하는 것을 권장한다.

 

 

 

2. O-Saft

 

 - SSL 인증서, 암호화 목록, 취약점 정보를 스캐닝하는 도구이며, SSL 연결/침투 테스트, 보안 감사에 사용하는 툴이다.

 - 참고 사이트 :  https://www.owasp.org/index.php/O-Saft

 

 

 

3. Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks

 

 - 이 시나리오는 'O-Saft' 도구를 이용하여 SSL 취약점을 스캔하는 내용이다.

 - bWAPP에서 제공하는 'O-Saft' 도구가 제대로 동작하지 않기 때문에 github에서 다운로드 받아서 진행할 예정이다.

 

  

Ex1) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 I

 

 

보안 레벨 선택 및 시나리오 선택

 

 

 

bWAPP에서 제공하는 'O-Saft' 툴이 안되서 새로 받아서 실시할 예정

 

 

 

81-0. O-Saft 다운로드 주소.txt

o-saft.tgz

'O-Saft' 다운로드 실시 및 압축 해지

root@kali:~# wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz


--2019-02-21 16:23:56--  https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
Resolving github.com (github.com)... 192.30.255.112, 192.30.255.113
Connecting to github.com (github.com)|192.30.255.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/OWASP/O-Saft/master/o-saft.tgz [following]
--2019-02-21 16:23:57--  https://raw.githubusercontent.com/OWASP/O-Saft/master/o-saft.tgz
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.72.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.72.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2430382 (2.3M) [application/octet-stream]
Saving to: ‘o-saft.tgz’

o-saft.tgz          100%[===================>]   2.32M  1.10MB/s    in 2.1s   

2019-02-21 16:24:00 (1.10 MB/s) - ‘o-saft.tgz’ saved [2430382/2430382]

 

 

root@kali:~# ls
Desktop    Music     Ransomware  b374k-3.2.2.php  pass.txt      test.php
Documents  Pictures  Templates   bWAPP.snmp       password.txt  udev_netlink.rb
Downloads  Public    Videos      o-saft.tgz       slowloris.pl  user.txt

 


root@kali:~# tar xzf o-saft.tgz
root@kali:~#
root@kali:~# ls
Desktop    O-Saft      Templates        o-saft.tgz    test.php
Documents  Pictures    Videos           pass.txt      udev_netlink.rb
Downloads  Public      b374k-3.2.2.php  password.txt  user.txt
Music      Ransomware  bWAPP.snmp       slowloris.pl

 

 

root@kali:~# cd O-Saft/
root@kali:~/O-Saft#
root@kali:~/O-Saft# ls
CHANGES        checkAllCiphers.pl  o-saft-man.pm         o-saft.tcl
Dockerfile     contrib             o-saft-standalone.pl  osaft.pm
INSTALL.sh     docs                o-saft-usr.pm         t
Makefile       o-saft              o-saft.cgi            tags
Makefile.help  o-saft-dbx.pm       o-saft.cgi.html       yeast.pl
Net            o-saft-docker       o-saft.html
OSaft          o-saft-docker-dev   o-saft.pl
README         o-saft-img.tcl      o-saft.pod 

 

 

 

'o-saft'를 이용하여 bWAPP SSL 스켄 실시

root@kali:~/O-Saft# ./o-saft.pl +check -v 192.168.20.205:9443 > o-saftcheck.txt
root@kali:~/O-Saft#

root@kali:~/O-Saft# cat o-saftcheck.txt
~ 중간 생략 ~

 

=== Ciphers: Checking SSLv2 ===
    ECDHE-RSA-AES256-GCM-SHA384  no HIGH
    ECDHE-RSA-AES128-GCM-SHA256  no HIGH
    ECDHE-RSA-AES256-SHA384      no HIGH
    ECDHE-RSA-AES128-SHA256      no HIGH
    ECDHE-RSA-AES256-SHA         no HIGH
    ECDHE-RSA-AES128-SHA         no HIGH
    DHE-PSK-AES256-GCM-SHA384    no -?-
    DHE-RSA-AES256-GCM-SHA384    no HIGH
    DHE-PSK-AES128-GCM-SHA256    no -?-
    DHE-RSA-AES128-GCM-SHA256    no HIGH

 ~ 중간 생략 ~

 

 

root@kali:~/O-Saft# ./o-saft.pl +info -v 192.168.20.205:9443

~ 중간 생략 ~

 


root@kali:~/O-Saft# ./o-saft.pl +quick -v 192.168.20.205:9443

~ 중간 생략 ~

 


root@kali:~/O-Saft# ./o-saft.pl +cipher -v 192.168.20.205:9443

~ 중간 생략 ~

 


root@kali:~/O-Saft# ./o-saft.pl +cipherall -v 192.168.20.205:9443

~ 중간 생략 ~

 


root@kali:~/O-Saft# ./o-saft.pl +cipherall -v 192.168.20.205:9443
**WARNING: 409: SSLv2 does not support SNI; cipher checks are done without SNI
    RC4-MD5                      yes weak
    EXP-RC4-MD5                  yes WEAK
    RC2-CBC-MD5                  yes weak
    EXP-RC2-CBC-MD5              yes weak
    DES-CBC-MD5                  yes weak
    DES-CBC3-MD5                 yes weak
**WARNING: 409: SSLv3 does not support SNI; cipher checks are done without SNI
    RC4-MD5                      yes weak
    RC4-SHA                      yes weak
    DES-CBC-SHA                  yes weak
    DES-CBC3-SHA                 yes weak
    AES128-SHA                   yes HIGH
    AES256-SHA                   yes HIGH
    RC4-MD5                      yes weak
    RC4-SHA                      yes weak
    DES-CBC-SHA                  yes weak
    DES-CBC3-SHA                 yes weak
    AES128-SHA                   yes HIGH
    AES256-SHA                   yes HIGH
SSLv3:    2   0   0   4   0   6 RC4-MD5                        
TLSv1:    2   0   0   4   0   6 RC4-MD5                        
TLSv11:   0   0   0   0   0   0                                
TLSv12:   0   0   0   0   0   0                                
TLSv13:   0   0   0   0   0   0                                
Selected Cipher:                     AES256-SHA HIGH


root@kali:~/O-Saft# cd

root@kali:~#

 

 

 

'tk' 패키지 설치 및 'o-saft' 그래픽 버전 실행 실시

root@kali:~/O-Saft# apt-get install tk


패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다      
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  libtxc-dxtn-s2tc multiarch-support
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  tk8.6
다음 새 패키지를 설치할 것입니다:
  tk tk8.6
0개 업그레이드, 2개 새로 설치, 0개 제거 및 1508개 업그레이드 안 함.
0 바이트/77.5 k바이트 아카이브를 받아야 합니다.
이 작업 후 120 k바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y
Selecting previously unselected package tk8.6.
(데이터베이스 읽는중 ...현재 324166개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../tk8.6_8.6.8-4_amd64.deb ...
Unpacking tk8.6 (8.6.8-4) ...
Selecting previously unselected package tk.
Preparing to unpack .../archives/tk_8.6.0+9_amd64.deb ...
Unpacking tk (8.6.0+9) ...
tk8.6 (8.6.8-4) 설정하는 중입니다 ...
Processing triggers for menu (2.1.47+b1) ...
tk (8.6.0+9) 설정하는 중입니다 ...
Processing triggers for man-db (2.7.6.1-4) ...
root@kali:~/O-Saft#

root@kali:~/O-Saft# ./o-saft.tcl &
[1] 13030 

 

 

 

'192.168.20.205:9443' 입력 -> 'Start' 버튼 클릭 -> 각각의 항목 클릭 및 확인

 

 

 

 

Ex2) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 II

 

 

'nmap'을 이용하여 bWAPP SSL 스켄 실시

root@kali:~# nmap -v -v --script ssl-cert,ssl-enum-ciphers -p 9443 192.168.20.205

 

Starting Nmap 7.60 ( https://nmap.org ) at 2019-02-21 17:28 KST
NSE: Loaded 2 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Initiating ARP Ping Scan at 17:28
Scanning 192.168.20.205 [1 port]
Completed ARP Ping Scan at 17:28, 0.04s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 17:28
Scanning www.bwapphttpslow.com (192.168.20.205) [1 port]
Discovered open port 9443/tcp on 192.168.20.205
Completed SYN Stealth Scan at 17:28, 0.04s elapsed (1 total ports)
NSE: Script scanning 192.168.20.205.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.04s elapsed
Nmap scan report for www.bwapphttpslow.com (192.168.20.205)
Host is up, received arp-response (0.00018s latency).
Scanned at 2019-02-21 17:28:44 KST for 0s

PORT     STATE SERVICE        REASON
9443/tcp open  tungsten-https syn-ack ttl 64
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024) - D
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
|       TLS_RSA_WITH_DES_CBC_SHA (rsa 1024) - D
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 1024) - D
|       TLS_RSA_WITH_RC4_128_SHA (rsa 1024) - D
|     compressors:
|       DEFLATE
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       CBC-mode cipher in SSLv3 (CVE-2014-3566)
|       Ciphersuite uses MD5 for message integrity
|       Weak certificate signature: SHA1
|   TLSv1.0:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024) - D
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
|       TLS_RSA_WITH_DES_CBC_SHA (rsa 1024) - D
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 1024) - D
|       TLS_RSA_WITH_RC4_128_SHA (rsa 1024) - D
|     compressors:
|       DEFLATE
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|       Weak certificate signature: SHA1
|_  least strength: D
MAC Address: 00:0C:29:5B:24:81 (VMware)

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
           Raw packets sent: 2 (72B) | Rcvd: 2 (72B)

root@kali:~#

 

 

 

 

Ex3) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 III

 

 

'sslscan'을 이용하여 bWAPP SSL 스켄 실시

root@kali:~# sslscan --no-failed --version 192.168.20.205:9443

 

Version: 1.11.11-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 192.168.20.205

Testing SSL server 192.168.20.205 on port 9443 using SNI name 192.168.20.205

  TLS Fallback SCSV:
Server does not support TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression enabled (CRIME)

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.0  256 bits  AES256-SHA                  
Accepted  TLSv1.0  128 bits  AES128-SHA                  
Accepted  TLSv1.0  128 bits  RC4-SHA                     
Accepted  TLSv1.0  128 bits  RC4-MD5                     
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                
Accepted  TLSv1.0  56 bits   DES-CBC-SHA                 
Preferred SSLv3    256 bits  AES256-SHA                  
Accepted  SSLv3    128 bits  AES128-SHA                  
Accepted  SSLv3    128 bits  RC4-SHA                     
Accepted  SSLv3    128 bits  RC4-MD5                     
Accepted  SSLv3    112 bits  DES-CBC3-SHA                
Accepted  SSLv3    56 bits   DES-CBC-SHA                 
Preferred SSLv2    128 bits  RC2-CBC-MD5                 
Accepted  SSLv2    128 bits  RC4-MD5                     
Accepted  SSLv2    112 bits  DES-CBC3-MD5                
Accepted  SSLv2    56 bits   DES-CBC-MD5                 
Accepted  SSLv2    40 bits   EXP-RC2-CBC-MD5             
Accepted  SSLv2    40 bits   EXP-RC4-MD5                 

  SSL Certificate:
Signature Algorithm: sha1WithRSAEncryption
RSA Key Strength:    1024

Subject:  bee-box.bwapp.local
Issuer:   bee-box.bwapp.local

Not valid before: Apr 14 18:11:32 2013 GMT
Not valid after:  Apr 13 18:11:32 2018 GMT


root@kali:~#

 

 

 

 

Ex4) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 IV

 

 

'sslyze'을 이용하여 bWAPP SSL 스켄 실시

root@kali:~# sslyze --regular --hide_rejected_ciphers 192.168.20.205:9443

 

 AVAILABLE PLUGINS
 -----------------

  PluginCertInfo
  PluginHeartbleed
  PluginCompression
  PluginSessionResumption
  PluginOpenSSLCipherSuites
  PluginChromeSha1Deprecation
  PluginSessionRenegotiation
  PluginHSTS

 

 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   192.168.20.205:9443                 => 192.168.20.205:9443

 

 SCAN RESULTS FOR 192.168.20.205:9443 - 192.168.20.205:9443
 ----------------------------------------------------------

  * Deflate Compression:
      VULNERABLE - Server supports Deflate compression

  * Session Renegotiation:
      Client-initiated Renegotiations:   VULNERABLE - Server honors client-initiated renegotiations
      Secure Renegotiation:              OK - Supported

  * TLSV1_2 Cipher Suites:
      Server rejected all cipher suites.

  * Certificate - Content:
      SHA1 Fingerprint:                  ae5fb7be864a78e168318fc1c96a4bd242c4e6c3
      Common Name:                       bee-box.bwapp.local
      Issuer:                            bee-box.bwapp.local
      Serial Number:                     D8BD254AB15C9F5B
      Not Before:                        Apr 14 18:11:32 2013 GMT
      Not After:                         Apr 13 18:11:32 2018 GMT
      Signature Algorithm:               sha1WithRSAEncryption
      Public Key Algorithm:              rsaEncryption
      Key Size:                          1024 bit
      Exponent:                          65537 (0x10001)

  * Certificate - Trust:
      Hostname Validation:               FAILED - Certificate does NOT match 192.168.20.205
      Google CA Store (09/2015):         FAILED - Certificate is NOT Trusted: self signed certificate
      Java 6 CA Store (Update 65):       FAILED - Certificate is NOT Trusted: self signed certificate
      Microsoft CA Store (09/2015):      FAILED - Certificate is NOT Trusted: self signed certificate
      Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: self signed certificate
      Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: self signed certificate
      Certificate Chain Received:        ['bee-box.bwapp.local']

  * Certificate - OCSP Stapling:
      NOT SUPPORTED - Server did not send back an OCSP response.

  * Session Resumption:
      With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
      With TLS Session Tickets:          OK - Supported

  * SSLV2 Cipher Suites:
      Preferred:                      
                 RC2-CBC-MD5                   -              128 bits      HTTP 200 OK                       
      Accepted:                       
                 RC4-MD5                       -              128 bits      HTTP 200 OK                       
                 RC2-CBC-MD5                   -              128 bits      HTTP 200 OK                       
                 DES-CBC3-MD5                  -              112 bits      HTTP 200 OK                       
                 DES-CBC-MD5                   -              56 bits       HTTP 200 OK                       
                 EXP-RC4-MD5                   -              40 bits       HTTP 200 OK                       
                 EXP-RC2-CBC-MD5               -              40 bits       HTTP 200 OK                       

  * TLSV1_1 Cipher Suites:
      Server rejected all cipher suites.

  * TLSV1 Cipher Suites:
      Preferred:                      
                 AES256-SHA                    -              256 bits      HTTP 200 OK                       
      Accepted:                       
                 AES256-SHA                    -              256 bits      HTTP 200 OK                       
                 RC4-SHA                       -              128 bits      HTTP 200 OK                       
                 RC4-MD5                       -              128 bits      HTTP 200 OK                       
                 AES128-SHA                    -              128 bits      HTTP 200 OK                       
                 DES-CBC3-SHA                  -              112 bits      HTTP 200 OK                       
                 DES-CBC-SHA                   -              56 bits       HTTP 200 OK                       

  * SSLV3 Cipher Suites:
      Preferred:                      
                 AES256-SHA                    -              256 bits      HTTP 200 OK                       
      Accepted:                       
                 AES256-SHA                    -              256 bits      HTTP 200 OK                       
                 RC4-SHA                       -              128 bits      HTTP 200 OK                       
                 RC4-MD5                       -              128 bits      HTTP 200 OK                       
                 AES128-SHA                    -              128 bits      HTTP 200 OK                       
                 DES-CBC3-SHA                  -              112 bits      HTTP 200 OK                       
                 DES-CBC-SHA                   -              56 bits       HTTP 200 OK                       

Unhandled exception when processing --heartbleed:
socket.timeout - timed out

 

 SCAN COMPLETED IN 5.06 S
 ------------------------

root@kali:~#

 

 

 

 

Ex5) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 V

 

 

81-1. testssl.sh 다운로드 주소.txt

'testssl.sh' 다운로드 및 'testssl'을 이용하여 bWAPP SSL 스켄 실시

root@kali:~# git clone https://github.com/drwetter/testssl.sh.git


'testssl.sh'에 복제합니다...
remote: Enumerating objects: 19, done.
remote: Counting objects: 100% (19/19), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 9232 (delta 10), reused 9 (delta 4), pack-reused 9213
오브젝트를 받는 중: 100% (9232/9232), 64.04 MiB | 373.00 KiB/s, 완료.
델타를 알아내는 중: 100% (5728/5728), 완료.

 

 

root@kali:~# ls
Desktop    O-Saft      Templates        o-saft.tgz    test.php
Documents  Pictures    Videos           pass.txt      testssl.sh
Downloads  Public      b374k-3.2.2.php  password.txt  udev_netlink.rb
Music      Ransomware  bWAPP.snmp       slowloris.pl  user.txt


root@kali:~# cd testssl.sh/
root@kali:~/testssl.sh#
root@kali:~/testssl.sh# ls
CHANGELOG.stable-releases.txt  LICENSE    etc                        utils
CREDITS.md                     Readme.md  openssl-iana.mapping.html
Dockerfile                     bin        t
Dockerfile.md                  doc        testssl.sh

 

 

root@kali:~/testssl.sh# ./testssl.sh -U 192.168.20.205:9443

 

 

###########################################################
    testssl.sh       3.0rc4 from https://testssl.sh/dev/
    (c957e4e 2019-02-20 21:37:59 -- )

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
 on kali:./bin/openssl.Linux.x86_64
 (built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")


 Start 2019-02-21 17:32:02        -->> 192.168.20.205:9443 (192.168.20.205) <<--

 rDNS (192.168.20.205):  --
 Service detected:       HTTP


 Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       VULNERABLE (NOT ok)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), session IDs were returned but potential memory fragments do not differ
 ROBOT                                     not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     VULNERABLE (NOT ok), DoS threat
 CRIME, TLS (CVE-2012-4929)                VULNERABLE (NOT ok)
 BREACH (CVE-2013-3587)                    potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
                                           Can be ignored for static pages or if no secrets in the page
 POODLE, SSL (CVE-2014-3566)               VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention NOT supported and vulnerable to POODLE SSL
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    VULNERABLE, uses 64 bit block ciphers for SSLv2 and above
 FREAK (CVE-2015-0204)                     VULNERABLE (NOT ok), uses EXPORT RSA ciphers
 DROWN (CVE-2016-0800, CVE-2016-0703)      VULNERABLE (NOT ok), SSLv2 offered with 6 ciphers
                                           Make sure you don't use this certificate elsewhere, see:
                                           https://censys.io/ipv4?q=FF29B36FCC813AE5B2100D985E692A612DE6F15570374320F85B43076CF08163
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     SSL3: AES256-SHA AES128-SHA
                                                 DES-CBC3-SHA DES-CBC-SHA
                                           TLS1: AES256-SHA AES128-SHA
                                                 DES-CBC3-SHA DES-CBC-SHA
                                           VULNERABLE -- and no higher protocols as mitigation supported
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
 RC4 (CVE-2013-2566, CVE-2015-2808)        VULNERABLE (NOT ok): RC4-SHA RC4-MD5
                                                                RC4-MD5
                                                                EXP-RC4-MD5


 Done 2019-02-21 17:32:36 [  37s] -->> 192.168.20.205:9443 (192.168.20.205) <<--

 

root@kali:~/testssl.sh# cd

root@kali:~#

 

 

[유튜브] 동영상 강의 링크 (구독! 좋아요!!!)

 

웹해킹 81. A6 - bWAPP Sensitive Data Exposure - BEAST&CRIME&BREACH Attacks   https://youtu.be/tAfZXY34UZk

Posted by 김정우 강사(카카오톡 : kim10322)

댓글을 달아 주세요



Q