🔐 Pracivo Crypto Lab

PRACIVO LAB — INTENTIONALLY VULNERABLE
⚠️ Pracivo Security Lab — Cryptography vulnerabilities: ECB penguin attack, padding oracle, weak ciphers, SSL/TLS misconfig, JWT cracking.

SSL/TLS Misconfiguration

PROTOCOL WEAKNESS
# SCAN FOR TLS ISSUES
# testssl.sh — comprehensive TLS scanner:
./testssl.sh target.com

# nmap:
nmap --script ssl-enum-ciphers -p 443 target.com

# sslscan:
sslscan target.com

# COMMON VULNERABILITIES:

# 1. POODLE (SSLv3 padding attack)
# Enabled if: SSLv3 is supported
# Test: nmap --script ssl-poodle -p 443 target.com
# Fix: disable SSLv3 completely

# 2. BEAST (CBC mode in TLS 1.0)
# Enabled if: TLS 1.0 with CBC ciphers
# Fix: disable TLS 1.0

# 3. DROWN (SSLv2 on same key)
# Enabled if: any server with same certificate uses SSLv2
# Fix: disable SSLv2 everywhere

# 4. SWEET32 (birthday attack on 64-bit block ciphers)
# Enabled if: 3DES or Blowfish ciphers supported
# Fix: disable 3DES cipher suites

# 5. LUCKY13 (timing attack on CBC in TLS)
# Fix: use TLS 1.3 with AEAD ciphers only

# 6. Weak cipher suites
# Bad:  TLS_RSA_WITH_RC4_128_SHA
# Bad:  TLS_RSA_WITH_DES_CBC_SHA
# Good: TLS_AES_256_GCM_SHA384 (TLS 1.3)
# Good: TLS_CHACHA20_POLY1305_SHA256 (TLS 1.3)

# 7. Self-signed or expired certificates
# Test: curl -v https://target.com 2>&1 | grep -i "cert\|expire\|valid"

# 8. Certificate transparency / CT log leaks
# Find subdomains via CT logs:
# crt.sh/?q=%.target.com

# BEST PRACTICE TLS CONFIG:
# - TLS 1.2 minimum (TLS 1.3 preferred)
# - Disable SSLv2, SSLv3, TLS 1.0, TLS 1.1
# - Only AEAD cipher suites (GCM, ChaCha20)
# - HSTS header: Strict-Transport-Security: max-age=31536000; includeSubDomains
# - HPKP or Certificate Transparency pinning