웹 해킹 bWAPP - 81. A6 - Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks
본 내용은 교육 과정에서 필요한 실습 목적으로 구성된 것이며, 혹시라도 개인적인 용도 및 악의적인 목적으로 사용할 경우, 법적 책임은 본인에게 있다는 것을 알려드립니다.
1. Sensitive Data Exposure
- OWASP Top10 A6 - 민감한 데이터 노출
- 서버와 클라이언트 간에 평문으로 데이터 전송시 스니핑(MITM) 공격에 의해서 정보가 유출될 수 있다.
- 그렇기 때문에 SSL(HTTPs) 보안 통신 연결을 이용하여 암호화/인증을 통하여 데이터를 보호해야 한다.
- 또한, 데이터 처리와 암호화 저장이 클라이언트에서 진행되면 공격자가 클라이언트 제어권을 획득하여 정보가 유출
될 수 있으니, 서버에서 진행하는 것을 권장한다.
2. O-Saft
- SSL 인증서, 암호화 목록, 취약점 정보를 스캐닝하는 도구이며, SSL 연결/침투 테스트, 보안 감사에 사용하는 툴이다.
- 참고 사이트 : https://www.owasp.org/index.php/O-Saft
3. Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks
- 이 시나리오는 'O-Saft' 도구를 이용하여 SSL 취약점을 스캔하는 내용이다.
- bWAPP에서 제공하는 'O-Saft' 도구가 제대로 동작하지 않기 때문에 github에서 다운로드 받아서 진행할 예정이다.
Ex1) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 I
보안 레벨 선택 및 시나리오 선택
bWAPP에서 제공하는 'O-Saft' 툴이 안되서 새로 받아서 실시할 예정
81-0. O-Saft 다운로드 주소.txt
o-saft.tgz
'O-Saft' 다운로드 실시 및 압축 해지
|
root@kali:~# wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
--2019-02-21 16:23:56-- https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
Resolving github.com (github.com)... 192.30.255.112, 192.30.255.113
Connecting to github.com (github.com)|192.30.255.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/OWASP/O-Saft/master/o-saft.tgz [following]
--2019-02-21 16:23:57-- https://raw.githubusercontent.com/OWASP/O-Saft/master/o-saft.tgz
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.72.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.72.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2430382 (2.3M) [application/octet-stream]
Saving to: ‘o-saft.tgz’
o-saft.tgz 100%[===================>] 2.32M 1.10MB/s in 2.1s
2019-02-21 16:24:00 (1.10 MB/s) - ‘o-saft.tgz’ saved [2430382/2430382]
root@kali:~# ls
Desktop Music Ransomware b374k-3.2.2.php pass.txt test.php
Documents Pictures Templates bWAPP.snmp password.txt udev_netlink.rb
Downloads Public Videos o-saft.tgz slowloris.pl user.txt
root@kali:~# tar xzf o-saft.tgz
root@kali:~#
root@kali:~# ls
Desktop O-Saft Templates o-saft.tgz test.php
Documents Pictures Videos pass.txt udev_netlink.rb
Downloads Public b374k-3.2.2.php password.txt user.txt
Music Ransomware bWAPP.snmp slowloris.pl
root@kali:~# cd O-Saft/
root@kali:~/O-Saft#
root@kali:~/O-Saft# ls
CHANGES checkAllCiphers.pl o-saft-man.pm o-saft.tcl
Dockerfile contrib o-saft-standalone.pl osaft.pm
INSTALL.sh docs o-saft-usr.pm t
Makefile o-saft o-saft.cgi tags
Makefile.help o-saft-dbx.pm o-saft.cgi.html yeast.pl
Net o-saft-docker o-saft.html
OSaft o-saft-docker-dev o-saft.pl
README o-saft-img.tcl o-saft.pod |
'o-saft'를 이용하여 bWAPP SSL 스켄 실시
|
root@kali:~/O-Saft# ./o-saft.pl +check -v 192.168.20.205:9443 > o-saftcheck.txt
root@kali:~/O-Saft#
root@kali:~/O-Saft# cat o-saftcheck.txt
~ 중간 생략 ~
=== Ciphers: Checking SSLv2 ===
ECDHE-RSA-AES256-GCM-SHA384 no HIGH
ECDHE-RSA-AES128-GCM-SHA256 no HIGH
ECDHE-RSA-AES256-SHA384 no HIGH
ECDHE-RSA-AES128-SHA256 no HIGH
ECDHE-RSA-AES256-SHA no HIGH
ECDHE-RSA-AES128-SHA no HIGH
DHE-PSK-AES256-GCM-SHA384 no -?-
DHE-RSA-AES256-GCM-SHA384 no HIGH
DHE-PSK-AES128-GCM-SHA256 no -?-
DHE-RSA-AES128-GCM-SHA256 no HIGH
~ 중간 생략 ~
root@kali:~/O-Saft# ./o-saft.pl +info -v 192.168.20.205:9443
~ 중간 생략 ~
root@kali:~/O-Saft# ./o-saft.pl +quick -v 192.168.20.205:9443
~ 중간 생략 ~
root@kali:~/O-Saft# ./o-saft.pl +cipher -v 192.168.20.205:9443
~ 중간 생략 ~
root@kali:~/O-Saft# ./o-saft.pl +cipherall -v 192.168.20.205:9443
~ 중간 생략 ~
root@kali:~/O-Saft# ./o-saft.pl +cipherall -v 192.168.20.205:9443
**WARNING: 409: SSLv2 does not support SNI; cipher checks are done without SNI
RC4-MD5 yes weak
EXP-RC4-MD5 yes WEAK
RC2-CBC-MD5 yes weak
EXP-RC2-CBC-MD5 yes weak
DES-CBC-MD5 yes weak
DES-CBC3-MD5 yes weak
**WARNING: 409: SSLv3 does not support SNI; cipher checks are done without SNI
RC4-MD5 yes weak
RC4-SHA yes weak
DES-CBC-SHA yes weak
DES-CBC3-SHA yes weak
AES128-SHA yes HIGH
AES256-SHA yes HIGH
RC4-MD5 yes weak
RC4-SHA yes weak
DES-CBC-SHA yes weak
DES-CBC3-SHA yes weak
AES128-SHA yes HIGH
AES256-SHA yes HIGH
SSLv3: 2 0 0 4 0 6 RC4-MD5
TLSv1: 2 0 0 4 0 6 RC4-MD5
TLSv11: 0 0 0 0 0 0
TLSv12: 0 0 0 0 0 0
TLSv13: 0 0 0 0 0 0
Selected Cipher: AES256-SHA HIGH
root@kali:~/O-Saft# cd
root@kali:~# |
'tk' 패키지 설치 및 'o-saft' 그래픽 버전 실행 실시
|
root@kali:~/O-Saft# apt-get install tk
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
libtxc-dxtn-s2tc multiarch-support
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
tk8.6
다음 새 패키지를 설치할 것입니다:
tk tk8.6
0개 업그레이드, 2개 새로 설치, 0개 제거 및 1508개 업그레이드 안 함.
0 바이트/77.5 k바이트 아카이브를 받아야 합니다.
이 작업 후 120 k바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y
Selecting previously unselected package tk8.6.
(데이터베이스 읽는중 ...현재 324166개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../tk8.6_8.6.8-4_amd64.deb ...
Unpacking tk8.6 (8.6.8-4) ...
Selecting previously unselected package tk.
Preparing to unpack .../archives/tk_8.6.0+9_amd64.deb ...
Unpacking tk (8.6.0+9) ...
tk8.6 (8.6.8-4) 설정하는 중입니다 ...
Processing triggers for menu (2.1.47+b1) ...
tk (8.6.0+9) 설정하는 중입니다 ...
Processing triggers for man-db (2.7.6.1-4) ...
root@kali:~/O-Saft#
root@kali:~/O-Saft# ./o-saft.tcl &
[1] 13030 |
'192.168.20.205:9443' 입력 -> 'Start' 버튼 클릭 -> 각각의 항목 클릭 및 확인
Ex2) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 II
'nmap'을 이용하여 bWAPP SSL 스켄 실시
|
root@kali:~# nmap -v -v --script ssl-cert,ssl-enum-ciphers -p 9443 192.168.20.205
Starting Nmap 7.60 ( https://nmap.org ) at 2019-02-21 17:28 KST
NSE: Loaded 2 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Initiating ARP Ping Scan at 17:28
Scanning 192.168.20.205 [1 port]
Completed ARP Ping Scan at 17:28, 0.04s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 17:28
Scanning www.bwapphttpslow.com (192.168.20.205) [1 port]
Discovered open port 9443/tcp on 192.168.20.205
Completed SYN Stealth Scan at 17:28, 0.04s elapsed (1 total ports)
NSE: Script scanning 192.168.20.205.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.04s elapsed
Nmap scan report for www.bwapphttpslow.com (192.168.20.205)
Host is up, received arp-response (0.00018s latency).
Scanned at 2019-02-21 17:28:44 KST for 0s
PORT STATE SERVICE REASON
9443/tcp open tungsten-https syn-ack ttl 64
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024) - D
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
| TLS_RSA_WITH_DES_CBC_SHA (rsa 1024) - D
| TLS_RSA_WITH_RC4_128_MD5 (rsa 1024) - D
| TLS_RSA_WITH_RC4_128_SHA (rsa 1024) - D
| compressors:
| DEFLATE
| NULL
| cipher preference: client
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| 64-bit block cipher DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| CBC-mode cipher in SSLv3 (CVE-2014-3566)
| Ciphersuite uses MD5 for message integrity
| Weak certificate signature: SHA1
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024) - D
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
| TLS_RSA_WITH_DES_CBC_SHA (rsa 1024) - D
| TLS_RSA_WITH_RC4_128_MD5 (rsa 1024) - D
| TLS_RSA_WITH_RC4_128_SHA (rsa 1024) - D
| compressors:
| DEFLATE
| NULL
| cipher preference: client
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| 64-bit block cipher DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| Weak certificate signature: SHA1
|_ least strength: D
MAC Address: 00:0C:29:5B:24:81 (VMware)
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 17:28
Completed NSE at 17:28, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
Raw packets sent: 2 (72B) | Rcvd: 2 (72B)
root@kali:~# |
Ex3) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 III
'sslscan'을 이용하여 bWAPP SSL 스켄 실시
|
root@kali:~# sslscan --no-failed --version 192.168.20.205:9443
Version: 1.11.11-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)
Connected to 192.168.20.205
Testing SSL server 192.168.20.205 on port 9443 using SNI name 192.168.20.205
TLS Fallback SCSV:
Server does not support TLS Fallback SCSV
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression enabled (CRIME)
Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 128 bits RC4-MD5
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.0 56 bits DES-CBC-SHA
Preferred SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted SSLv3 112 bits DES-CBC3-SHA
Accepted SSLv3 56 bits DES-CBC-SHA
Preferred SSLv2 128 bits RC2-CBC-MD5
Accepted SSLv2 128 bits RC4-MD5
Accepted SSLv2 112 bits DES-CBC3-MD5
Accepted SSLv2 56 bits DES-CBC-MD5
Accepted SSLv2 40 bits EXP-RC2-CBC-MD5
Accepted SSLv2 40 bits EXP-RC4-MD5
SSL Certificate:
Signature Algorithm: sha1WithRSAEncryption
RSA Key Strength: 1024
Subject: bee-box.bwapp.local
Issuer: bee-box.bwapp.local
Not valid before: Apr 14 18:11:32 2013 GMT
Not valid after: Apr 13 18:11:32 2018 GMT
root@kali:~#
|
Ex4) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 IV
'sslyze'을 이용하여 bWAPP SSL 스켄 실시
|
root@kali:~# sslyze --regular --hide_rejected_ciphers 192.168.20.205:9443
AVAILABLE PLUGINS
-----------------
PluginCertInfo
PluginHeartbleed
PluginCompression
PluginSessionResumption
PluginOpenSSLCipherSuites
PluginChromeSha1Deprecation
PluginSessionRenegotiation
PluginHSTS
CHECKING HOST(S) AVAILABILITY
-----------------------------
192.168.20.205:9443 => 192.168.20.205:9443
SCAN RESULTS FOR 192.168.20.205:9443 - 192.168.20.205:9443
----------------------------------------------------------
* Deflate Compression:
VULNERABLE - Server supports Deflate compression
* Session Renegotiation:
Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations
Secure Renegotiation: OK - Supported
* TLSV1_2 Cipher Suites:
Server rejected all cipher suites.
* Certificate - Content:
SHA1 Fingerprint: ae5fb7be864a78e168318fc1c96a4bd242c4e6c3
Common Name: bee-box.bwapp.local
Issuer: bee-box.bwapp.local
Serial Number: D8BD254AB15C9F5B
Not Before: Apr 14 18:11:32 2013 GMT
Not After: Apr 13 18:11:32 2018 GMT
Signature Algorithm: sha1WithRSAEncryption
Public Key Algorithm: rsaEncryption
Key Size: 1024 bit
Exponent: 65537 (0x10001)
* Certificate - Trust:
Hostname Validation: FAILED - Certificate does NOT match 192.168.20.205
Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: self signed certificate
Microsoft CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
Mozilla NSS CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
Apple CA Store (OS X 10.10.5): FAILED - Certificate is NOT Trusted: self signed certificate
Certificate Chain Received: ['bee-box.bwapp.local']
* Certificate - OCSP Stapling:
NOT SUPPORTED - Server did not send back an OCSP response.
* Session Resumption:
With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
With TLS Session Tickets: OK - Supported
* SSLV2 Cipher Suites:
Preferred:
RC2-CBC-MD5 - 128 bits HTTP 200 OK
Accepted:
RC4-MD5 - 128 bits HTTP 200 OK
RC2-CBC-MD5 - 128 bits HTTP 200 OK
DES-CBC3-MD5 - 112 bits HTTP 200 OK
DES-CBC-MD5 - 56 bits HTTP 200 OK
EXP-RC4-MD5 - 40 bits HTTP 200 OK
EXP-RC2-CBC-MD5 - 40 bits HTTP 200 OK
* TLSV1_1 Cipher Suites:
Server rejected all cipher suites.
* TLSV1 Cipher Suites:
Preferred:
AES256-SHA - 256 bits HTTP 200 OK
Accepted:
AES256-SHA - 256 bits HTTP 200 OK
RC4-SHA - 128 bits HTTP 200 OK
RC4-MD5 - 128 bits HTTP 200 OK
AES128-SHA - 128 bits HTTP 200 OK
DES-CBC3-SHA - 112 bits HTTP 200 OK
DES-CBC-SHA - 56 bits HTTP 200 OK
* SSLV3 Cipher Suites:
Preferred:
AES256-SHA - 256 bits HTTP 200 OK
Accepted:
AES256-SHA - 256 bits HTTP 200 OK
RC4-SHA - 128 bits HTTP 200 OK
RC4-MD5 - 128 bits HTTP 200 OK
AES128-SHA - 128 bits HTTP 200 OK
DES-CBC3-SHA - 112 bits HTTP 200 OK
DES-CBC-SHA - 56 bits HTTP 200 OK
Unhandled exception when processing --heartbleed:
socket.timeout - timed out
SCAN COMPLETED IN 5.06 S
------------------------
root@kali:~# |
Ex5) Sensitive Data Exposure - BEAST/CRIME/BREACH Attacks 이해 V
81-1. testssl.sh 다운로드 주소.txt
'testssl.sh' 다운로드 및 'testssl'을 이용하여 bWAPP SSL 스켄 실시
|
root@kali:~# git clone https://github.com/drwetter/testssl.sh.git
'testssl.sh'에 복제합니다...
remote: Enumerating objects: 19, done.
remote: Counting objects: 100% (19/19), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 9232 (delta 10), reused 9 (delta 4), pack-reused 9213
오브젝트를 받는 중: 100% (9232/9232), 64.04 MiB | 373.00 KiB/s, 완료.
델타를 알아내는 중: 100% (5728/5728), 완료.
root@kali:~# ls
Desktop O-Saft Templates o-saft.tgz test.php
Documents Pictures Videos pass.txt testssl.sh
Downloads Public b374k-3.2.2.php password.txt udev_netlink.rb
Music Ransomware bWAPP.snmp slowloris.pl user.txt
root@kali:~# cd testssl.sh/
root@kali:~/testssl.sh#
root@kali:~/testssl.sh# ls
CHANGELOG.stable-releases.txt LICENSE etc utils
CREDITS.md Readme.md openssl-iana.mapping.html
Dockerfile bin t
Dockerfile.md doc testssl.sh
root@kali:~/testssl.sh# ./testssl.sh -U 192.168.20.205:9443
###########################################################
testssl.sh 3.0rc4 from https://testssl.sh/dev/
(c957e4e 2019-02-20 21:37:59 -- )
This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
###########################################################
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
on kali:./bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
Start 2019-02-21 17:32:02 -->> 192.168.20.205:9443 (192.168.20.205) <<--
rDNS (192.168.20.205): --
Service detected: HTTP
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) VULNERABLE (NOT ok)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), session IDs were returned but potential memory fragments do not differ
ROBOT not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
CRIME, TLS (CVE-2012-4929) VULNERABLE (NOT ok)
BREACH (CVE-2013-3587) potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
Can be ignored for static pages or if no secrets in the page
POODLE, SSL (CVE-2014-3566) VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)
TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention NOT supported and vulnerable to POODLE SSL
SWEET32 (CVE-2016-2183, CVE-2016-6329) VULNERABLE, uses 64 bit block ciphers for SSLv2 and above
FREAK (CVE-2015-0204) VULNERABLE (NOT ok), uses EXPORT RSA ciphers
DROWN (CVE-2016-0800, CVE-2016-0703) VULNERABLE (NOT ok), SSLv2 offered with 6 ciphers
Make sure you don't use this certificate elsewhere, see:
https://censys.io/ipv4?q=FF29B36FCC813AE5B2100D985E692A612DE6F15570374320F85B43076CF08163
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) SSL3: AES256-SHA AES128-SHA
DES-CBC3-SHA DES-CBC-SHA
TLS1: AES256-SHA AES128-SHA
DES-CBC3-SHA DES-CBC-SHA
VULNERABLE -- and no higher protocols as mitigation supported
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
RC4 (CVE-2013-2566, CVE-2015-2808) VULNERABLE (NOT ok): RC4-SHA RC4-MD5
RC4-MD5
EXP-RC4-MD5
Done 2019-02-21 17:32:36 [ 37s] -->> 192.168.20.205:9443 (192.168.20.205) <<--
root@kali:~/testssl.sh# cd
root@kali:~# |
[유튜브] 동영상 강의 링크 (구독! 좋아요!!!)
웹해킹 81. A6 - bWAPP Sensitive Data Exposure - BEAST&CRIME&BREACH Attacks https://youtu.be/tAfZXY34UZk
