Littleblackbox

From charlesreid1

https://github.com/devttys0/littleblackbox

Info

Installing

Littleblackbox is the tool that we will start with, since it has some built-in certificates and can be used to scan for computers using vulnerable keys on the local network.

To install littleblackbox, replace all SSLv3 with SSLv23 (only one instance - in certificates.c - link https://github.com/devttys0/littleblackbox/search?utf8=%E2%9C%93&q=sslv3&type=).

Debian has SSL v3 disabled, due to the Poodle attack (link https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-poodle-sslv3-vulnerability and another link http://disablessl3.com/). Thus, SSL version 3 sessions are not defined in the OpenSSL library, which causes the symbol not found error, This can be fixed by using a different function call, so the symbol will exist. Version 2.3 is ok. So replace "SSLv3" with "SSLv23".

Also, you may need to make this folder to allow littleblackbox to install its man page: 

$ mkdir -p /usr/local/share/man/man1

Now you should be all set.

The Keys

Of course, you probably downloaded this for the keys, so you're also probably wondering where they are. Well, they're all contained in a SQLite database that comes with the repository, called lbb.db (lbb = little black box). The database is not encrypted or anything, so you can extract the contents or you can update the contents to add your own keys.

Exploring the database

Print out a list of all the tables in this sql database using the sqlite_master table: 

>>> for row in c.execute("SELECT * FROM sqlite_master WHERE type='table';"):
...     print(row)
... 
(u'table', u'hardware', u'hardware', 2, u'CREATE TABLE "hardware" (id INTEGER PRIMARY KEY, vendor TEXT, model TEXT, revision TEXT, description TEXT)')
(u'table', u'certificates', u'certificates', 3, u'CREATE TABLE certificates(id INTEGER PRIMARY KEY, fingerprint TEXT, certificate TEXT, key TEXT, description TEXT)')
(u'table', u'firmware', u'firmware', 4, u'CREATE TABLE firmware(id INTEGER PRIMARY KEY, device_id INTEGER, certificate_id INTEGER, vendor TEXT, description TEXT)')

This shows you that there are three tables in this database - the first is hardware, the second is certificates, and the third is firmware. Taking a look in the certificates table, you can see the schema used is to store the certificate text (the public key), the corresponding private RSA key, and a brief description of the key.

Here, we print a single record from the certificates table to show an example of what this looks like: 

>>> for row in c.execute("SELECT * FROM certificates;"):
...     print(row)
...     break
... 
(1, u'9C:49:0C:A8:E5:57:EC:7C:DE:DE:CB:3E:2C:C2:B2:BF:B2:62:CB:73', u'-----BEGIN CERTIFICATE-----\nMIICJDCCAc4CCQCMnrlReg06wjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMC\nREUxDjAMBgNVBAgTBVNheG9uMRAwDgYDVQQHEwdEcmVzZGVuMRowGAYDVQQKExFO\nZXdNZWRpYS1ORVQgR21iSDEPMA0GA1UECxMGREQtV1JUMRowGAYDVQQDExFOZXdN\nZWRpYS1ORVQgR21iSDEeMBwGCSqGSIb3DQEJARYPaW5mb0BkZC13cnQuY29tMB4X\nDTEwMDgwNjIzMzk1NVoXDTIwMDgwMzIzMzk1NVowgZgxCzAJBgNVBAYTAkRFMQ4w\nDAYDVQQIEwVTYXhvbjEQMA4GA1UEBxMHRHJlc2RlbjEaMBgGA1UEChMRTmV3TWVk\naWEtTkVUIEdtYkgxDzANBgNVBAsTBkRELVdSVDEaMBgGA1UEAxMRTmV3TWVkaWEt\nTkVUIEdtYkgxHjAcBgkqhkiG9w0BCQEWD2luZm9AZGQtd3J0LmNvbTBcMA0GCSqG\nSIb3DQEBAQUAA0sAMEgCQQC/shtCk26Tcj6EmLXrf0VTuyx0tJe+j5NS6u9id0Yi\nxPq06pcdyMLZJN5DVTfRf8UOi4l4jDs9GlRHLo8SjbqTAgMBAAEwDQYJKoZIhvcN\nAQEFBQADQQC8k6+rFAuxUvkxpTLGeVDeAEp5YHBtM3NJUwYZibG+NMDvg5ajFWCE\nBCTgqMcHfLGtcF5T1q01SE2wu0szallE\n-----END CERTIFICATE-----', u'-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAL+yG0KTbpNyPoSYtet/RVO7LHS0l76Pk1Lq72J3RiLE+rTqlx3I\nwtkk3kNVN9F/xQ6LiXiMOz0aVEcujxKNupMCAwEAAQJAYOh+RXLY5KtNlaTJ2uq1\nNnYaLEmbqNdWaAWizQl1KF/BS+KO6Q3LJLzRWDP6c/4wbAPPryf+KU8ds93gNsbg\nIQIhAPOd4S6zHAwFwa3GJ12p72APi7Tx9E3IgDGIOKH9h34DAiEAyXCXuTpGkCAT\nx4bN6O25JJsyZbjj70Ta/M6Wc64CNDECIQDrHn3dR2oTRF8Hqw4FPORVjstkKHyD\nsbXfmDwoQ3tIJwIgf+ezHxTGq0sC5CVPZ4BSl9DHjll4uXuiBPX0CB3MHnECIGVk\nKBqdB/1oHIB2//9ACH0Xp/d5YRb/njlOvgupuMcG\n-----END RSA PRIVATE KEY-----', u'SSL Key Pair')
>>>

Adding new keys

Because littleblackbox provides a convenient network scanning function, it may be desirable to... you know... add new keys.

And such.

Retrieved from "https://charlesreid1.com/w/index.php?title=Littleblackbox&oldid=21343"