Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: FW: OPENSSL + NETCAT

RE: FW: OPENSSL + NETCAT

From: George Milliken <gmilliken_at_farm9.com>
Date: Thu, 01 Aug 2002 13:01:55 -0700

Try also 'cryptcat' by farm9.com, available all over the place or at
www.farm9.com

Cryptcat is netcat with twofish encryption, and full source, of course.
Also rcrypt is a rhinedahl (sp) encryption tool available from farm9.

George Milliken, CEO
farm9

-----Original Message-----
From: agrego_at_campus.cem.itesm.mx [mailto:agrego_at_campus.cem.itesm.mx]
Sent: Thursday, July 25, 2002 5:46 PM
To: pen-test_at_securityfocus.com
Subject: RE: FW: OPENSSL + NETCAT

You can use Stunnel (http://www.stunnel.org)
It will provide you with the appropriate SSL wraping.
Simply compile it, and from there, the sky is the limit...
Here are a couple of ideas:
1. You can brute forece logins (over the encrypted link, like you said
nothing but net) 2. You could use stuff like whisker and use it on top
of the ssl wrapper.

Hope this helps.
AG

-- Original Message --

>In conducting a pen-test, I have run into a situation where I would
>like to transmit data (without using cryptcat) by using OpenSSL and
Netcat
>through the firewall and past the IDS (nothing but net...heheh..).
Any
>tips on how to "play catch" across the network using SSL and netcat on
>both the client and the server? Thanks for the help!
>
>Schematic ?
>[pc]----files(over ssl)---->[firewall]--->[IDS]---->files(over ssl)
>--->[external server]
> |
> [IDS]
> |
> [DMZ]
>
>Jeremy
>
>
>-----------------------------------------------------------------------
>-----
>This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please
see:
>https://alerts.securityfocus.com/
>
>

------------------------------------------------------------------------ 

----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see: https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 02 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]