22 June 2011

[Securityoverride.com] Forensics Level 4

Bài viết liên quan:

Level 1
Level 2
Level 3
Level 4

The following is a wireshark trace file of an HTTP authentication forensics4.rar.
Find the username and password of the HTTP authentication and enter it below to receive credit.

The server IP is and client IP is
Wireshark is a network protocol analyzer for Unix and Windows and can be downloaded here.

Bắt đầu nào

Vấn đề rút ra là
In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request.

Before transmission, the user name is appended with a colon and concatenated with the password. The resulting string is encoded with the Base64 algorithm. For example, given the user name Aladdin and password open sesame, the string Aladdin:open sesame is Base64 encoded, resulting in QWxhZGRpbjpvcGVuIHNlc2FtZQ==. The Base64-encoded string is transmitted and decoded by the receiver, resulting in the colon-separated user name and password string.

While encoding the user name and password with the Base64 algorithm typically makes them unreadable by the naked eye, they are as easily decoded as they are encoded. Security is not the intent of the encoding step. Rather, the intent of the encoding is to encode non-HTTP-compatible characters that may be in the user name or password into those that are HTTP-compatible.

Security Concerns-
Although the scheme is easily implemented, it relies on the assumption that the connection between the client and server computers is secure and can be trusted. Specifically, if SSL/TLS is not used, then the credentials are passed as plaintext and could be intercepted easily. The scheme also provides no protection for the information passed back from the server.

Existing browsers retain authentication information until the tab or browser is closed or the user clears the history. [1] HTTP does not provide a method for a server to direct clients to discard these cached credentials. This means that there is no effective way for a server to "log out" the user without closing the browser. This is a significant defect that requires browser manufacturers to support a 'logout' user interface element or API available to JavaScript, further extensions to HTTP, or use of existing alternative techniques such as retrieving the page over SSL/TLS with an unguessable string in the URL.
Đừng hỏi mình nhé :))
Hoac đừng hỏi sao đó là là Base64 ... đây thực là là những ví dụ điển hình và đơn giản thôi. Luyện skill là chính


Post a Comment

Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))