ethical hacking - assignment 1
pdf
keyboard_arrow_up
School
George Brown College Canada *
*We aren’t endorsed by this school
Course
CYBER
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
6
Uploaded by DoctorDuck3030
ACTIVITY 1
GROUP – MOSSAD
NAME – LAKSH GUPTA
ID: 101431341
TASK 1:
LANMAN ALGORITHM AND ITS SECURITY FLAWS:
Lanman Hash algorithm aka LM Hash was typically utilized in the older versions of the windows
operating systems. It was used for storing passwords and authenticating them.
Five security flaws are:
1.
CASE INSENSITIVITY
- No sensitivity for upper and lower case
LM hash is case insensitive, meaning it converts every password or text into uppercase before
encrypting it. This can tremendously reduce the security of the password by reducing the level of
complexity. For example, in LM Hash the passwords EthiCAL HacKiNG and ethical hacking are
the same for the algorithm since they would be ultimately converted into ETHICAL HACKING
before encryption process begins.
2.
PASSWORD PADDING
- Fixed length of password padding.
As shown in the slide above, if the password length is 15 characters, the padding would be done
up to 14 characters. If the padding is done up to a fixed length, it is predictable and makes it easier
for attackers to crack the password. The fixed length requirement reduces the complexity of the
password and limits the user to create a strong password.
3.
DES & CONSTANT KEY
– LM Hash uses DES with fixed constant for every password.
Data encryption Standard or DES is already an outdated algorithm plus a weak one. It is highly
susceptible to attacks given the newer technologies and computing power. Using it with a fixed
constant ("KGS!@#$%") makes the attack a lot easier if these are pre-computed. Even if the
password is broken into two chunks, it still uses the same constant and then the clear text is used
to encrypt it. This makes it highly unsafe to be used.
4.
NO SALTING
– Weak padding.
Salting is a technique in cryptography which enhances the security of a password with the help of
hashing and encryption. It adds a random value to the password for padding which is called as salt.
Since it is random, adding it to the password before hashing increases the complexity of a
password. In LM Hash, identical passwords can produce the same hash (which refers also to the
case insensitivity of the algorithm), hence making it super easy for attackers.
The lack of salting also gives an edge to the attackers, in the sense that they can use pre-computed
tables also known as rainbow tables to look up all the pre-computed hash and guess the plain text.
5.
INSUFFICIENT DIVISION
– Division of cleartext into two blocks only.
Since the algorithm divides the password into two blocks and then uses the same constant in the
encryption process, it makes it very easy to attack each block separately and decrypt the password.
Rainbow tables can be used to decrypt each block and then combine the result to easily retrieve
the password.
CONCLUSION:
These are significant security flaws relating to the encryption algorithm, choice of encryption
constants and conversion to uppercase letters only. It is often recommended to use a password that
is long and has combination of symbols, numbers and letters with the use of both uppercase and
lowercase letters. Using LM Hash algorithm can lead to security breaches due to insufficient
cryptographic methods.
TASK 2:
RESEARCH ON MOVEIT 0-DAY VULNERABILITIES:
Moveit is a secured file manager transfer application developed by Progress Software. It encrypts
data both in motion and at rest to provide IT Security controls for business data which is extremely
sensitive.
Zero day vulnerability clearly translates to the fact that there are no defenses or protection for the
attack that is being carried out, and the breached system can be actively exploited.
What is it? How can it be used?
The Moveit 0-Day Vulnerability is a security vulnerability in the Moveit Transfer.
If it is carried out it can pose a threat to sensitive business data as the attackers can access the data
and make the data public [1].
Fig 1. Move it exploit pathway
The figure above explains how the hackers exploited the Move it platform.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Who are the target systems?
The target system initially is Progress Software and by extension their clients, who use Moveit for
secure data transfer and management.
Around the world in 2023, over 662 companies have started using MOVEit as File Sharing tool
[2].
The top industries using moveit are IT Sector, Healthcare and Financial Sector [2]. All the
clients using moveit are the target systems.
How many CVEs are available and how can they be used?
CVE stands for Common Vulnerabilities and Exposures; these are the standardized identifiers for
known vulnerabilities in software and hardware products. In 2023, 14149 CVEs have been
published (as of quarter 2) [3]. CVEs can help with security patch management, scanning and
assessing the vulnerabilities, assessing risk and responding to a incident. CVEs can also be used
in regulatory compliance and security audits.
Vendors also might use CVEs to assess the security record of software products as well as
hardware products.
In relation to the attack:
There are 2 CVEs that can be used:
All MOVEit Transfer versions before May 31, 2023 are vulnerable to CVE-2023-34362, and all
MOVEit Transfer versions before June 9, 2023 are vulnerable to CVE-2023-35036 [4].
As of August, the broadening impact potential of moveit attacks has resulted in several overlapping
vulnerabilities raised by NIST, including [1]:
CVE-2023-35708
CVE-2023-35036
CVE-2023-34362
So, it is safe to assume, that three CVEs in total can be used for security patch management and
assessing the vulnerabilities.
As a pen tester, how can you plan to use this vulnerability, please explain in detail (if you
want to be technical, then go ahead as well)
It is very important to exploit the vulnerabilities in a controlled and ethical environment with an
organization’s permission. That being stated,
Pen testers can use 0-day vulnerability in the following ways:
Assessing and demonstrating the risk:
When doing the assessment of security policies, we might be able to identify a 0-day vulnerability.
When discovered, we can attempt to ethically exploit it to see the amount of impact it might have
on the organization and what potential risks it might pose.
After successful exploitation, it should be demonstrated to the organisation. It is important to do
this in a controlled manner and then demonstrate to the organization how a potential attacker could
gain unauthorized access to sensitive data.
Identifying the problem and suggesting solutions:
The weaknesses and problems revealed during ethical exploitation can help us identify the areas
of improvement and thus we can provide recommendations for implementing new strategies or
practices.
This can lead to configuring new defenses and implementing better intrusion detection systems.
Testing Incident Response:
0-day vulnerabilities should be used to test the incident response capabilities of an organization.
For example, we can setup a breach which would show us how well we can respond to the incident
including the detection of the attack, implementing measures to avoid it and handling the data.
Awareness and training:
Emphasizing on the identification of the weaknesses and security protocols that can be changes,
we can spread awareness about the fact and put in place training programs to improve security
practices.
REFERENCES:
[1] The moveit zero day vulnerability, UPgrad, August 01, 2023,
https://www.upguard.com/blog/the-moveit-0-day
[2] Moveit, 6sense,
https://6sense.com/tech/file-sharing/moveit-market-share#
[3] https://www.cve.org/About/Metrics
[4] timeline of events, rapid7,
https://www.rapid7.com/blog/post/2023/06/14/etr-cve-2023-34362-moveit-vulnerability-timeline-
of-events/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help