Showing 1 - 5 of 5

Files from Daniel Roethlisberger

First Active	2005-12-28
Last Active	2009-08-06

Fiked Fake IKE Daemon: Posted Aug 6, 2009; Authored by Daniel Roethlisberger | Site roe.ch; Fiked is a fake IKE daemon that supports just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi-MitM attack. Basically, knowing the pre-shared key, also known as shared secret or group password, the VPN gateway can be impersonated in IKE phase 1, in order to learn XAUTH user credentials in phase 2. The configuration supported by fiked is IKE aggressive mode using pre-shared keys and XAUTH. Supported algorithms are DES, 3DES, AES128, AES192, AES256, MD5, SHA1, and DH groups 1, 2, and 5. Main mode is not supported.; Changes: This release has some bug fixes.; tags | encryption; systems | cisco; SHA-256 | 94badfbb545c4f0f4092a937d20a277a5854093417fd93f61c92b4bdea3f03fa; Download | Favorite | View

csa-urulu.txt: Posted Feb 28, 2008; Authored by Daniel Roethlisberger | Site csnc.ch; COMPASS SECURITY ADVISORY - USystems Urulu version 2.1 is vulnerable to blind SQL injection attacks.; tags | advisory, sql injection; advisories | CVE-2008-0385; SHA-256 | 1e1471378b677b023b6f7fa0940b772876f9988a978cec82405144ecea8d51ac; Download | Favorite | View

crypt-insecure.txt: Posted Jan 30, 2008; Authored by Daniel Roethlisberger | Site csnc.ch; LSrunasE version 1.0 and Supercrypt version 1.0 suffer from a vulnerability where an insecure use of RC4 is applied.; tags | advisory; advisories | CVE-2007-6340; SHA-256 | 1cf8e9786da360cf50ea789c75e0f6efd6e2213c7f35d9e4714cb9803787e474; Download | Favorite | View

csa-driver.txt: Posted Mar 13, 2007; Authored by Daniel Roethlisberger | Site csnc.ch; COMPASS SECURITY ADVISORY - The Linux drivers for the Omnikey CardMan 4040 smartcard reader contains a buffer overflow vulnerability. Local attackers with direct or indirect write permissions to a cmx device file can execute arbitrary code with kernel privileges or may cause a denial of service condition. Proof of concept exploit included.; tags | exploit, denial of service, overflow, arbitrary, kernel, local, proof of concept; systems | linux; advisories | CVE-2007-0005; SHA-256 | 813c362a94b9a921113b9dc26f6c31af71d84e3bd91b020fb6b76413ca9974f7; Download | Favorite | View

fiked-0.0.4.tar.bz2: Posted Dec 28, 2005; Authored by Daniel Roethlisberger | Site roe.ch; Fiked is a fake IKE daemon that supports just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi-MitM attack. Basically, knowing the pre-shared key, also known as shared secret or group password, the VPN gateway can be impersonated in IKE phase 1, in order to learn XAUTH user credentials in phase 2. The configuration supported by fiked is IKE aggressive mode using pre-shared keys and XAUTH. Supported algorithms are DES, 3DES, AES128, AES192, AES256, MD5, SHA1, and DH groups 1, 2, and 5. Main mode is not supported.; tags | encryption; systems | cisco; SHA-256 | a3c0f94df312321737665ba55342cacbf979b1e14b3fe978db667ccda9b0a1c4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days