NEET
05/17/2023 (Wed) 08:05
No.703696
del
>>703678
>Aren't some of those algorithms depreciated or insecure by design and the reason you will be able to brute force it?
The group name is literally just a human chose string like "[companyname]" or "vpn". So you're literally just trying to start a session using the transform you found in the first step and passing the group name and seeing if it gets accepted or rejected.
There are issues with the transform parameters though. SHA1 is deprecated and it's basically not advised to use Diffie-Hellman group 2 as we're pretty sure the NSA have spent hundreds of millions of dollars pre-computing discreet logs.
>Was it because the waf didn't do a deep packet inspection?
The WAF was stopping SQL injection and path traversal and the like, but didn't stop a null pointer causing Java to vomit and reveal that an old vulnerable version of Jetty was running the app.
>Aren't some of those algorithms depreciated or insecure by design and the reason you will be able to brute force it?
The group name is literally just a human chose string like "[companyname]" or "vpn". So you're literally just trying to start a session using the transform you found in the first step and passing the group name and seeing if it gets accepted or rejected.
There are issues with the transform parameters though. SHA1 is deprecated and it's basically not advised to use Diffie-Hellman group 2 as we're pretty sure the NSA have spent hundreds of millions of dollars pre-computing discreet logs.
>Was it because the waf didn't do a deep packet inspection?
The WAF was stopping SQL injection and path traversal and the like, but didn't stop a null pointer causing Java to vomit and reveal that an old vulnerable version of Jetty was running the app.