Penetration Testing mailing list archives
Re: FW: OPENSSL + NETCAT
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 26 Jul 2002 22:54:47 -0500
You can use OpenSSL on the sending end, and sslproxy on the receiving end. I used the two in a recent pentest for hijacking of an web SSL session. For shell-shoveling though cryptcat should work just fine for you. What is your reason to make it extra complicated? Regards, Frank On Thu, 2002-07-25 at 12:41, Jeremy Junginger wrote:
In conducting a pen-test, I have run into a situation where I would like to transmit data (without using cryptcat) by using OpenSSL and Netcat through the firewall and past the IDS (nothing but net...heheh..). Any tips on how to "play catch" across the network using SSL and netcat on both the client and the server? Thanks for the help! Schematic ? [pc]----files(over ssl)---->[firewall]--->[IDS]---->files(over ssl) --->[external server] | [IDS] | [DMZ] Jeremy ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- FW: OPENSSL + NETCAT Jeremy Junginger (Jul 25)
- RE: FW: OPENSSL + NETCAT agrego (Jul 27)
- Re: FW: OPENSSL + NETCAT Jason Lunz (Jul 27)
- Re: FW: OPENSSL + NETCAT Frank Knobbe (Jul 27)