AdSense

Monday, April 2, 2018

Setting up HTTP Basic Authentication


SETTING UP HTTP BASIC AUTHENTICATION

- Layout for this exercise:







- Web applications may provide their own access control methods, but a web server can also restrict access by using two types of authentications that are part of the HTTP standard: Basic and Digest authentication.

- HTTP Basic Authentication (BA) is the simplest way to enforce access control to web resources. When making a request, the user agent  provides credentials (username and password) to the web server.

- BA uses standard fields in the HTTP header, not providing confidentiality because the credentials are sent just encoded with Base64, but not encrypted or hashed at all. 

- For further information about HTTP Basic Authentication:

https://en.wikipedia.org/wiki/Basic_access_authentication


- To implement Basic Authentication on an Apache web server, first of all a password file must be created, so that Apache can read it whenever the web page is requested.

- The utility htpasswd (part of the apache2-utils package) manages user files for basic authentication. As an example, let's take:

username: admin (very common as default username in many devices)
password: ababa (simple, for the purpose of ease in this exercise)




- The hidden file .htpasswd has been created and stored encrypted on the server side:




- The default encryption format to store the credentials is "$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. 

https://httpd.apache.org/docs/2.4/misc/password_encryptions.html


See source file apr_md5.c for the details of the algorithm:

http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_md5.c?view=markup


- Editing the Ubuntu default virtual host file (000-default.conf):




- Adding the HTTP BA restriction for the directory called "basicauth", where the web page is contained. The <Directory> block specifies that the type of authentication is Basic, the name of the realm (the realm name defines a protection space for a web resource in combination with the canonical root URL of the server being accessed), the path to the .htpasswd file, and the requirement of "valid-user" credentials:






- In this way, we have established a per-directory basis HTTP BA specific for the directory "basicauth" that we are interested in. 


- After editing the virtual host file, let's restart the web server:




- Configtest command checks that the syntax of the configuration file is correct:







- Reviewing the status of the web server:





- Now, a user is prompted to enter credentials when trying to access the web resources contained in the directory "basicauth".

- In case of introducing bad credentials, the server answers with the default "Unauthorized" message:








- Introducing the correct credentials, the web resources are finally available:







Thursday, March 8, 2018

Pentest via cellular network (V): Nmap port scanner with SMS message


PENTEST VIA CELLULAR NETWORK (V): NMAP PORT SCANNER WITH SMS MESSAGE

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):




- This exercise is based on the four previous exercises:

http://www.whitelist1.com/2018/03/pentest-via-cellular-network-i-global.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-ii.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-iii-sms.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-iv-port.html


1 - Writing the Python script

- The Python script used in this exercise uses libraries and scripts from previous exercises:






- Some libraries are imported:




- A function is defined  to process the SMS message requests:





- External stored data is invoked:




- The script waits until an SMS message arrives, then processing it, and finally giving back an answer:





2 - Testing the script

- First, from the smartphone an SMS message is launched asking about the port 22 of the localhost:





- Running the Python script at the Raspberry Pi, it detects the request from the smartphone and finally gives back an answer:












- Before launching another test to the host 192.168.1.6, let's perform an Nmap scan in the usual way:




- Now,  from the smartphone an SMS message is launched inquiring about the port 135 of the host 192.168.1.6:





- The Raspberry Pi gives an answer back to the smartphone via an SMS message, and the result is equal to the usual Nmap port scanning: port 135 is open.











Pentest via cellular network (IV): port scanning with Python-nmap


PENTEST VIA CELLULAR NETWORK (IV): PORT SCANNING PYTHON-NMAP

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):





1 - Installing Python-Map on the Raspeberry Pi

- python-nmap is a python library which helps in using Nmap port scanner.

- It allows to easilly manipulate nmap scan results and will be a perfect tool for systems administrators who want to automatize scanning task and reports. 

- It also supports nmap script outputs.

- For further information:

https://xael.org/norman/python/python-nmap/

- Python-nmap works on top of Nmap, so let's make sure that Nmap is previosly installed:




- Downloading python-nmap:






- Uncompressing:






- Setting up and installing:






2 - Testing python-nmap with Python interactive mode

- Now, let's check its funcionality scanning the port 22 of the localhost Raspberry Pi, invoking python-nmap from Python:




- The SSH port 22 is in "open" status:





3 - Writing a Python script using python-nmap

- This Python script uses python-nmap for scanning, and it is based on the documentation provided by the python-nmap official website: 

https://xael.org/norman/python/python-nmap/






- Let's notice that the final section of the script just indicates to scan the localhost port 22:




- Running the script the result is successful:











Pentest via cellular network (III): SMS messages with Hologram Python SDK


PENTEST VIA CELLULAR NETWORK (III): SMS MESSAGES WITH HOLOGRAM PYTHON SDK

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):





- The goal of this exercise is to send/receive SMS messages between a Hologram modem (installed at a Raspberry Pi device) and a smartphone via the celullar network, using the Hologram Python SDK library.


- First of all, let's create an external data script where the device key and the phone number are stored:







- Now, importing libraries from the Hologram Python SDK, this Python script sends an SMS  message and prints the successful result:







- Running SendTEST.py:




- In similar way, this Python script puts the modem into receiving mode and prints the message once it has been received:






- Running ReceiveTEST.py (in the image I have removed the sender phone number by privacy reasons):                                                                                                                                                                                











- The smartphone screen displays the SMS messages exchanged with the modem: