Re: FW: OPENSSL + NETCAT

From: Frank Knobbe (fknobbe@knobbeits.com)
Date: Fri Jul 26 2002 - 23:54:47 EDT


You can use OpenSSL on the sending end, and sslproxy on the receiving
end. I used the two in a recent pentest for hijacking of an web SSL
session.

For shell-shoveling though cryptcat should work just fine for you. What
is your reason to make it extra complicated?

Regards,
Frank

On Thu, 2002-07-25 at 12:41, Jeremy Junginger wrote:
> In conducting a pen-test, I have run into a situation where I would like
> to transmit data (without using cryptcat) by using OpenSSL and Netcat
> through the firewall and past the IDS (nothing but net...heheh..). Any
> tips on how to "play catch" across the network using SSL and netcat on
> both the client and the server? Thanks for the help!
>
> Schematic ?
> [pc]----files(over ssl)---->[firewall]--->[IDS]---->files(over ssl)
> --->[external server]
> |
> [IDS]
> |
> [DMZ]
>
> Jeremy
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/





This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT