Day 3
Page content
SPF/DKIM/DMARC
SPF
Sender Policy Framework Whitelisting of Mail Senders (resp. their MTA)
# SPF Record
stoege@cas-puffy RD:0 $ dig txt ost.ch +short
"v=spf1 mx a:smtp01.ost.ch a:smtp02.ost.ch a:smtp03.ost.ch include:spf.protection.outlook.com -all"
"atlassian-domain-verification=mAHOHBOXxMe1UY/dDOFAqWSzeWJyoFosKuUf0NbaXHjWQcQOedw8QsLnPhPTF+pU"
"MS=ms41259948"
"google-site-verification=uXsX_aEfoeSpZ9tzZgcmmRCl99PcBClh8usP1_eoLDM"
"QuoVadis=f5454eb2-12d3-4af4-8db6-173f2d4c8e67"
"have-i-been-pwned-verification=9e7ce5e8d1af7986d410ec1f1991a6e7" ""
# Hosts
stoege@cas-puffy RD:0 $ dig +short smtp01.ost.ch smtp02.ost.ch smtp03.ost.ch
146.136.105.31
195.176.16.73
152.96.81.81
# Include MSFT
stoege@cas-puffy RD:0 $ dig +short txt spf.protection.outlook.com
"v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/48 include:spfd.protection.outlook.com -all"
DKIM
Signature of Mail Headers
-> Mail, check header -> DKIM Signatrue, s=SELECTOR
dig txt SELECTOR._domainkey.gmail.com
stoege@cas-puffy RD:0 $ dig txt 20210112._domainkey.gmail.com
; <<>> dig 9.10.8-P1 <<>> txt 20210112._domainkey.gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60326
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;20210112._domainkey.gmail.com. IN TXT
;; ANSWER SECTION:
20210112._domainkey.gmail.com. 300 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8JxVBMLHZRj1WvIMSHApRY3DraE/EiFiR6IMAlDq9GAnrVy0tDQyBND1G8+1fy5RwssQ9DgfNe7rImwxabWfWxJ1LSmo/DzEdOHOJNQiP/nw7MdmGu+R9hEvBeGRQ" "Amn1jkO46KIw/p2lGvmPSe3+AVD+XyaXZ4vJGTZKFUCnoctAVUyHjSDT7KnEsaiND2rVsDvyisJUAH+EyRfmHSBwfJVHAdJ9oD8cn9NjIun/EHLSIwhCxXmLJlaJeNAFtcGeD2aRGbHaS7M6aTFP+qk4f2ucRx31cyCxbu50CDVfU+d4JkIDNBFDiV+MIpaDFXIf11bGoS08oBBQiyPXgX0wIDAQAB"
;; Query time: 16 msec
;; SERVER: 108.61.10.10#53(108.61.10.10)
;; WHEN: Fri Nov 05 09:51:14 CET 2021
;; MSG SIZE rcvd: 482
DMARC
Domain-based Message Authentication, Reporting and Conformance (DMARC) https://mxtoolbox.com/dmarc.aspx
stoege@cas-puffy RD:0 $ dig +short txt _dmarc.sbb.ch
"v=DMARC1; p=none; sp=none; aspf=r; pct=100"
Traeffik
SNI: 1.2.3.4
TLS Wildcard Certifiate
Wildcard DNS entry
Host Labels
Docker
Little Demo
docker search
docker pull hackinglab/alpine-ttyd
docker inspect hackinglab/alpine-ttyd
docker run --rm -i -p 7681:7681 hackinglab/alpine-ttyd
Man in the Middle
HTTP Public Key Pinning
https://de.wikipedia.org/wiki/HTTP_Public_Key_Pinning
- draft in 2011
- introduced in 2015
- removed in 2020
-> use Certificate Transparency https://de.wikipedia.org/wiki/Certificate_Transparency https://letsencrypt.org/de/docs/ct-logs/
Fix Kali CD - Reset Home (FF Plugins …)
root@hlkali:/home/hacker# apt-get install --reinstall hl-userhome-kali
Win10 Setup
RDP
SSH MITM
TLS MITM
sha256: c7a959b45d7feea8d8f7621e44b4b42c44868da112fbe050f26804b5a3661cad