Penetration Testing mailing list archives

Re: FW: OPENSSL + NETCAT

From: Frank Knobbe <fknobbe () knobbeits com>
Date: 26 Jul 2002 22:54:47 -0500

You can use OpenSSL on the sending end, and sslproxy on the receiving
end. I used the two in a recent pentest for hijacking of an web SSL
session.

For shell-shoveling though cryptcat should work just fine for you. What
is your reason to make it extra complicated?

Regards,
Frank


On Thu, 2002-07-25 at 12:41, Jeremy Junginger wrote:

In conducting a pen-test, I have run into a situation where I would like
to transmit data (without using cryptcat) by using OpenSSL and Netcat
through the firewall and past the IDS (nothing but net...heheh..).   Any
tips on how to "play catch" across the network using SSL and netcat on
both the client and the server?  Thanks for the help!

Schematic ?
[pc]----files(over ssl)---->[firewall]--->[IDS]---->files(over ssl)
--->[external server]
                      |
                  [IDS]
                      |
                  [DMZ]

Jeremy


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

FW: OPENSSL + NETCAT Jeremy Junginger (Jul 25)
- RE: FW: OPENSSL + NETCAT agrego (Jul 27)
- Re: FW: OPENSSL + NETCAT Jason Lunz (Jul 27)
- Re: FW: OPENSSL + NETCAT Frank Knobbe (Jul 27)