Re: FW: OPENSSL + NETCAT
From: Frank Knobbe (fknobbe@knobbeits.com)Date: 07/27/02
- Previous message: Jason Lunz: "Re: FW: OPENSSL + NETCAT"
- In reply to: Jeremy Junginger: "FW: OPENSSL + NETCAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Frank Knobbe <fknobbe@knobbeits.com> To: Jeremy Junginger <jjunginger@interactcommerce.com> Date: 26 Jul 2002 22:54:47 -0500
You can use OpenSSL on the sending end, and sslproxy on the receiving
end. I used the two in a recent pentest for hijacking of an web SSL
session.
For shell-shoveling though cryptcat should work just fine for you. What
is your reason to make it extra complicated?
Regards,
Frank
On Thu, 2002-07-25 at 12:41, Jeremy Junginger wrote:
> In conducting a pen-test, I have run into a situation where I would like
> to transmit data (without using cryptcat) by using OpenSSL and Netcat
> through the firewall and past the IDS (nothing but net...heheh..). Any
> tips on how to "play catch" across the network using SSL and netcat on
> both the client and the server? Thanks for the help!
>
> Schematic ?
> [pc]----files(over ssl)---->[firewall]--->[IDS]---->files(over ssl)
> --->[external server]
> |
> [IDS]
> |
> [DMZ]
>
> Jeremy
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Jason Lunz: "Re: FW: OPENSSL + NETCAT"
- In reply to: Jeremy Junginger: "FW: OPENSSL + NETCAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
