Government Security
Network Security Resources

Jump to content

Photo

Weakest Link (Jetty/digest?)

security server exploit vulnerability hash md5 sniffing
  • Please log in to reply
No replies to this topic

#1 ltickett

ltickett

    Private

  • Members
  • 8 posts

Posted 01 June 2011 - 03:59 PM

I've been doing some research into "expanding the functionality" of my pvr which is heavily locked down (no remote access, console etc)

Recently a video-on-demand (vod) service has been added which i thought may give me a way to get "inside" the box!

I managed to use cain (arp poison) to spoof the devices ip/mac and intercept the traffic with wireshark... i can see UDP traffic with the programme listings etc

The content itself being downloaded using TCP via HTTP. The web server is running jetty 6.1.18 and employing digest authentication. My sniffing reveals a username but all of the other values (nonce, result etc) are MD5 hashes which i think are useless?

I've tried to do a lot of googling before asking but reached a point where i'm stuck!

Is there a way to tackle digest authentication?
I thought finding a vulnerability in jetty to exploit might be the way to go? I found some but they appear to rely on the server running default applications (which i doubt this does) or are for older versions. There might be something i've missed?

hxxp://docs.codehaus.org/display/JETTY/Jetty+Security
hxxp://jira.codehaus.org/browse/JETTY-1042

And one final question... the UDP traffic just seems to appear in wireshark without any requests being made to the server. When i try connecting to the server using netcat i don't see any data- am i missing something?

Hope this is the right place- thanks





Also tagged with one or more of these keywords: security, server, exploit, vulnerability, hash, md5, sniffing