Day 3

Page content

SPF/DKIM/DMARC

SPF

Sender Policy Framework Whitelisting of Mail Senders (resp. their MTA)

# SPF Record
stoege@cas-puffy RD:0 $ dig txt ost.ch +short 
"v=spf1 mx a:smtp01.ost.ch a:smtp02.ost.ch a:smtp03.ost.ch include:spf.protection.outlook.com -all"
"atlassian-domain-verification=mAHOHBOXxMe1UY/dDOFAqWSzeWJyoFosKuUf0NbaXHjWQcQOedw8QsLnPhPTF+pU"
"MS=ms41259948"
"google-site-verification=uXsX_aEfoeSpZ9tzZgcmmRCl99PcBClh8usP1_eoLDM"
"QuoVadis=f5454eb2-12d3-4af4-8db6-173f2d4c8e67"
"have-i-been-pwned-verification=9e7ce5e8d1af7986d410ec1f1991a6e7" ""

# Hosts
stoege@cas-puffy RD:0 $ dig +short smtp01.ost.ch smtp02.ost.ch smtp03.ost.ch
146.136.105.31
195.176.16.73
152.96.81.81

# Include MSFT
stoege@cas-puffy RD:0 $ dig +short txt spf.protection.outlook.com            
"v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/48 include:spfd.protection.outlook.com -all"

DKIM

Signature of Mail Headers

-> Mail, check header -> DKIM Signatrue, s=SELECTOR

dig txt SELECTOR._domainkey.gmail.com

stoege@cas-puffy RD:0 $ dig txt 20210112._domainkey.gmail.com  

; <<>> dig 9.10.8-P1 <<>> txt 20210112._domainkey.gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60326
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;20210112._domainkey.gmail.com. IN  TXT

;; ANSWER SECTION:
20210112._domainkey.gmail.com. 300 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8JxVBMLHZRj1WvIMSHApRY3DraE/EiFiR6IMAlDq9GAnrVy0tDQyBND1G8+1fy5RwssQ9DgfNe7rImwxabWfWxJ1LSmo/DzEdOHOJNQiP/nw7MdmGu+R9hEvBeGRQ" "Amn1jkO46KIw/p2lGvmPSe3+AVD+XyaXZ4vJGTZKFUCnoctAVUyHjSDT7KnEsaiND2rVsDvyisJUAH+EyRfmHSBwfJVHAdJ9oD8cn9NjIun/EHLSIwhCxXmLJlaJeNAFtcGeD2aRGbHaS7M6aTFP+qk4f2ucRx31cyCxbu50CDVfU+d4JkIDNBFDiV+MIpaDFXIf11bGoS08oBBQiyPXgX0wIDAQAB"

;; Query time: 16 msec
;; SERVER: 108.61.10.10#53(108.61.10.10)
;; WHEN: Fri Nov 05 09:51:14 CET 2021
;; MSG SIZE  rcvd: 482

DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) https://mxtoolbox.com/dmarc.aspx

stoege@cas-puffy RD:0 $ dig +short txt _dmarc.sbb.ch
"v=DMARC1; p=none; sp=none; aspf=r; pct=100"

Traeffik

SNI: 1.2.3.4
TLS Wildcard Certifiate
Wildcard DNS entry
Host Labels

Docker

Little Demo

docker search
docker pull hackinglab/alpine-ttyd
docker inspect hackinglab/alpine-ttyd
docker run --rm -i -p 7681:7681 hackinglab/alpine-ttyd

Man in the Middle

HTTP Public Key Pinning

https://de.wikipedia.org/wiki/HTTP_Public_Key_Pinning

  • draft in 2011
  • introduced in 2015
  • removed in 2020

-> use Certificate Transparency https://de.wikipedia.org/wiki/Certificate_Transparency https://letsencrypt.org/de/docs/ct-logs/

Fix Kali CD - Reset Home (FF Plugins …)

root@hlkali:/home/hacker# apt-get install --reinstall hl-userhome-kali

Win10 Setup

RDP

SSH MITM

TLS MITM

sha256: c7a959b45d7feea8d8f7621e44b4b42c44868da112fbe050f26804b5a3661cad