SSH has several features that are useful during pentesting and auditing. This page aims to remind us of the syntax for the most useful features.
NB: This page does not attempt to replace the man page for pentesters, only to supplement it with some pertinent examples.
SOCKS Proxy Set up a SOCKS proxy on 127.0.0.1:1080 that lets you pivot through the remote host (10.0.0.1):
Command
Tuesday 30 August 2011
AnDOSid the DOS tool for Android
A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners.
Pentesting tools exist to simulate such attacks and help website security people defend against them, however
Monday 29 August 2011
Falsely issued Google SSL certificate in the wild for more than 5 weeks
Reports surfaced this morning that accuse the government of Iran with trying to perform a man-in-the-middle attack against Google's SSL services.
A user named alibo on the Gmail forums posted a thread about receiving a certificate warning about a revoked SSL certificate for SSL-based Google services.
The certificate in question was issued on July 10th by Dutch SSL certificate authority
Attacking Applications List
If you want know what attacking application can do, lease go the Source. This post just list the some app. not all and not detail of the app.
Process Hacker
Sniff-n-Spit
TFTP Theft
isr evilgrade
spiderpig
Bruter
Cain & Abel
KrbGuess
Medusa Parallel Network Login Auditor
Ncrack
RSYaba
Windows Credentials Editor
thc-hydra
Dangerous Kitten
Syringe
shellcodeexec
subSeven
winAUTOPWN
DB Audit
Process Hacker
Sniff-n-Spit
TFTP Theft
isr evilgrade
spiderpig
Bruter
Cain & Abel
KrbGuess
Medusa Parallel Network Login Auditor
Ncrack
RSYaba
Windows Credentials Editor
thc-hydra
Dangerous Kitten
Syringe
shellcodeexec
subSeven
winAUTOPWN
DB Audit
Open Source database of android malwares
this post is just example or some part of the list of android malwares, if you want to see all in the list, please go to the Source.This database is open source and anybody can send comments (or an email to androguard (at) t0t0 (dot) fr) in order to apply modifications on signatures or to add new signatures. You can test if an application contains a malwares in the androguard example database,
Thursday 25 August 2011
Monitoring SSL Connections with Bro: Quickstart
Introduction Bro (www.bro-ids.org) is an amazing suite of software which can do things that no other IDS on the planet can come close to. In this post, I want to cover one such feature: SSL monitoring. Bro has a true understanding of the SSL being used on your network and will efficiently process certificates on the wire for a variety of purposes. Out of the box, Bro can very