Challenge Response Tutorial
Moderator: General Moderators
Challenge Response Tutorial
I rethought my concerns against the javascript as it really does no harm to use it. So I worked it into my login system and I think I might have cought a little hole in it.
At the end when the user is authenticated or denied the challenge_resonse is not deleted from the database. This might give an attacker a 5 minute window to use the response again if he listens to the traffic and thats what we are resuming to use it in the first place.
I think that was just forgotten in the turorial but it might be a good idea to add it.
At the end when the user is authenticated or denied the challenge_resonse is not deleted from the database. This might give an attacker a 5 minute window to use the response again if he listens to the traffic and thats what we are resuming to use it in the first place.
I think that was just forgotten in the turorial but it might be a good idea to add it.
The easiest way to listen in would be a packet sniffer, using ARP poisoning an attacker can route all traffic behind his node on a network through him called a middle man attack and log all traffic. Obviously the risk is greater on a wireless network because no ARP poisoning is needed. Just FYI someone could "feasibly" listen in on a level all the way up the ISP, but it'd be damn near impossible unless they had access to the physical switches at the ISP
Find a *nix box with a connection between the server, and the target. Get a shell on that box. Then:neophyte wrote:Just how does some one 'listen' in anyway?
# tcpdump -i eth0
(Or whichever interface you need to listen to).
Thats it. Unfiltered, raw text will spew upon the screen, including packets containing passwords, usernames, and more.
Of course, that is the "Matrix" view, which isn't at all simple to parse. There are about a hundred different apps that can do that for you, turning it from packet stew to a sexy gui allowing you to watch the progress of a session.
Extremely often.neophyte wrote:How often does it happen?
Depends on the knowledge of the attacker. Considering that you can buy 1,000 machine botnets for $20 online these days, each of which can be a listening post.. not hard.neophyte wrote:How hard is it to do?
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
I checked the tutorial and surprise surprise you're quite right. Each check should allow only a single usage of the challenge. Essentially it must delete the challenge the moment it is used as a precaution against any potential misuse.
And they say peer review is worthless...oh the fools
I have amended the tutorial php code to delete the challenge after it is fetched from the database. Thanks for letting me know!
And they say peer review is worthless...oh the fools
I have amended the tutorial php code to delete the challenge after it is fetched from the database. Thanks for letting me know!
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland