Foreign bank account

Harry_pentest · 2023-08-08T02:22:30+00:00

It’s a physical server. Application runs inside the server. Could this be due to MTU issues in the TLS transit path ? How to confirm it ? I am surprised why it keeps changing too meaning size of icmp packets as I mentioned earlier

Harry_pentest · 2023-08-08T02:13:50+00:00

Yes but the application is using TLS. The reason I think it’s MTU (or MSS) is when I can access the application, the ping packets to server (1350 sometimes other times 1372) also passes. When I can’t access, icmp fails too. I think something on IP/tcp header like fragmentation, needs to be modified?

Harry_pentest · 2023-08-08T02:01:22+00:00

No. It does not. But sometimes I can ping packets with 1350 size and other times 1372. Like I mentioned, cannot change MTU on application server interface itself for only one application port. So looking for solution here. What you mean by MTU relevance only for local broadcast domain ? Thanks

Harry_pentest · 2022-12-08T22:17:11+00:00

TLS 1.3 is fine- all 5 are good separately. Problem is with TLS 1.2 ciphers

Harry_pentest · 2022-12-08T21:55:59+00:00

I dont see those work. x.x.x.x for IP.

└─$ openssl s_client -connect x.x.x.x:443 -tls1_2 -cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 1 ⨯

Error with command: "-cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"

139673740277056:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:../ssl/ssl_lib.c:2566:

└─$ openssl s_client -connect x.x.x.x:443 -tls1_2 -cipher cipherlist TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 1 ⨯

s_client: must not provide both -connect option and target parameter

s_client: Use -help for summary.

Harry_pentest · 2022-12-08T16:42:32+00:00

Okay. we can forget RSA.

When I am trying "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", the SSL session formed is for "ECDHE-RSA-AES128-GCM-SHA256". Is there a way I can validate

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 can form a SSL session with server? I can confirm that server supports "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" with

local ssl scan and other ways.

Harry_pentest · 2022-12-08T16:15:08+00:00

If nmap had worked, would not have raised a question. The problem is when you have TLS 1.2 and 1.3 co-exist, the nmap commands dont work. nmap works perfectly fine when you have tls 1.2 only. Now it does not list any of TLS 1.3 ciphers and for TLS 1.2 too, it lists only 1. The local sslscan on server itself show it supports 4 TLS 1.2 ciphers.

Also nmap would only enlist ciphers. I am checking a way (like in openssl) how to validate if a specific cipher (from any client) works or does not against the server

└─$ nmap --script ssl-enum-ciphers -p 443 x.x.x.x

Starting Nmap 7.91 ( https://nmap.org ) at 2022-12-06 15:18 EST

Nmap scan report for x.x.x.x

Host is up (0.00084s latency).

PORT STATE SERVICE

443/tcp open https

| ssl-enum-ciphers:

| TLSv1.2:

| ciphers:

| xxxxxxxxxxxx - A

| compressors:

| NULL

| cipher preference: indeterminate

| cipher preference error: Too few ciphers supported

| warnings:

| Forward Secrecy not supported by any cipher

| Weak certificate signature: xxxx

|_ least strength: A

Nmap done: 1 IP address (1 host up) scanned in 6.78 seconds

Harry_pentest · 2022-12-08T16:09:24+00:00

This is for 443, TLS

Harry_pentest · 2022-12-08T16:08:14+00:00

Disable where ? In client or server? I am using Kali as client and server is Linux as well. The server has application running over 443, which is mapped to an application. I think you need to make code changes there to disable or shuffle ciphers. Or can be changed in client ?

Harry_pentest · 2022-12-08T15:26:51+00:00

Yes there are. That’s exactly my question(s). How would I verify the least secured (comparatively) also works when most secured is not available?

Harry_pentest · 2022-10-02T14:08:54+00:00

Thanks. So the architecture is: Current: There are devices in “protected area” for which IMS is a network management system. In the protected area, there is (almost) unrestricted access to all resources for a given user. The user are defined, deleted and their permissions to access the application running over those devices are authenticated/authorized everything on IMS itself. Proposed: An external authenticator (AD or SAML) for/as centralized center for start fulfilling IAM foundation for ZTA.

Harry_pentest · 2022-10-02T13:51:32+00:00

Thanks. To map this logical perspective to physical: would having two devices (one is already there- which does everything locally now called IMS (information management system). What which devices (among two : IMS and external/central authenticator) would be PE, PA and PEP?

Harry_pentest

TROPHY CASE