Jump to content

zerosignal0

Active Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by zerosignal0

  1. Just to end this topic with some info I actually ended up changing my application abit and just have my data encrypt through a ssled web service instead of utilizing the tunnel now. This ended up being easier from an approach of minimalizing ports that needed to be opened on customer networks. However I did still employee this at some level for tunneling control of these appliance through a single, secured port and it seems to be working great so far. Thanks for the help! -Z
  2. Im going to be going. Im also attending BlackHat so I may only really be around for Fridays events. If your looking for people to hang out with let me know. Imperva is also having a pretty kicking afterparty in the kingpin suites Wednesday evening. Z
  3. NVM I believe I got it now. Apparently when you are forwarding mysql connections you have to actually specify the same address as you assigned the mysql server in the network bindings within the main config file.
  4. Yea after taking into account what you mentioned and doing some more thinking I dont believe we need to worry about a "ssh proxy" for the time being but maybe later in the future. Anyways I have now gotten the priv/pub keys installed on both servers respectively and can connect to the mysql servers ssh from the client system at a remote facility. Now the question is setting up ssh to automatically bring up the tunnel on the client when the system boots. I have another question in regard to connecting mysql on a local port on the "client" server. I cant seem to connect through the mysql CLI on my client machine even after ssh connection using the "-L 3306:localhost:3306" switch. Any ideas?
  5. Thanks for the response and the link. I had already seen the page but it has been one of the better tutorials that I have came across so far. I believe your on the same wavelength as me in terms of using cron or possibly /etc/rc.local for starting the task on boot as well. So now my next question is do you believe for security sake it may be a safer bet to allow for these clients to connect to another server on my dmz using this method and then forwarding through to the MySQL server or do you believe that it wouldnt really benefit me all that much? EDIT: I have another question as well. Using the method that you mentioned within the link how would I go about using a passphrase for me keys and still allow for the system to sustain and start the ssh session securely? Is there a way to script up the passphrase entry from an encrypted file or how would that work? G
  6. Hey everyone, I have a question about the process of creating a secure ssh tunnel between 2 servers to connect the localhost:3306 of the remote server to 3306 of our mysql database. I am familiar with ssh tunneling however I am not familiar with the process of creating the pub/priv keys and also getting the tunnel to be automatically brought up when the server reboots. Is there a chance that anyone could point me in the direction of a descent tutorial or maybe walk me through some of the process? Basically I have gotten SSH tunneling working on both servers with no problems but the idea of using pub/priv keys and scripting the process up on the remote end so that its secure is really what I could use help with. If it helps this remote server is actually going to end up being a appliance on a customers network so we are trying to keep it as secure as possible so that we dont have any prying eyes trying to sniff out the traffic on it. Thanks, G
  7. Just remember don't give the U.S. government too much credit. There are some very smart people that work for the NSA / HLS but remember they are all mostly tasked on war efforts and their funding is now also very limited. Also it still seems like so many people let Hollywood dictate their view of what "big brother" really is. Trust me most of them aren't that good, and this is coming from a guy with top secret clearence for Federal Office of Personnel Management. We handle well over 1,000,000 personnel background checks yearly for all federal employees / GOVT agencies and our gear is ANCIENT!
  8. http://www.openxtra.co.uk/articles/wpa-vs-80211i "Advanced Encryption Standard (AES) is the cipher system used by RSN. It is the equivalent of the RC4 algorithm used by WPA. However the encryption mechanism is much more complex and does not suffer from the problems associated with WEP. AES is a block cipher, operating on blocks of data 128bits long. CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method. Changing even one bit in a message produces a totally different result."
  9. Just a note that you need to look at your webserver at securitytube.net... If you browse to securitytube.net you have a nasty ASP error and have server errors enabled... Not really the best idea for security. I would also suggest setting up a DNS forwarder for securitytube.net to www.securitytube.net I do like the videos though just giving a heads up. -Z
  10. I know that WPA2 is a bit more secure of a standard but the question is can CoWPAtty actually crack WPA2? Also upon reviewing the capture I am getting with wireshark for the 4 way handshake it is almost identical to the standard WPA handshake so I am confused on what the problem is besides there being a code issue with CoWPAtty. Can anyone confirm this? -Z
  11. So heres a question. I am currently using backtrack 3, have downloaded and verified that I am able to crack WPA/TKIP+AES with no problems but I cant seem to crack WPA2/TKIP+AES. I have updated my version of cowpatty to 4.3 and have searched for about 2 hours and seen people with similar problems but no solutions. Anyone else having success cracking WPA2 or is that still in the works as a feature?
  12. Seems like none of the links are working on church of wifis site... Anyone else have a link to the bigger rainbow table files? I didnt really want to go with smaller files as I was going to start the download and leave town for a couple of days. -Z
  13. Well the NMAP portion is something that I am going to only allow basic scans so overhead shouldn't be an issue. Nessus scans on the other hand is going to be something that only members of the sites pay services would be able to perform. Not to say that I would be charging for a free app but it would be within a suite of tools and scans for quarterly audits and such (IE. PCI standard audits). Basically I am creating this site for a penetration and audit company I am putting together for my local area and wanted to give clients easier access to scans that they can run without my intervention and also allow for a very wide array of services and prices. To answer the question about nessus policies I have put together a couple of test policies so far but have done some research on how other companies have done this and found that it is acceptable to have scans run for hours as long as the end results are easily accessed by the customer. That being said I have worked quite a bit with security metrics and have used their suite of scans which seem to basically be full nessus scans setup with customer policies revolving around PCI audits and the scans usually take 1-2 hours to perform and results are emailed and stored on there site for access by your user account. Once I get to the point of getting passed some of the prelims I can share the policies with you along with the code if your interested ;) z-
  14. thanks to both of you for the responses. Destro your right on cue with what I was thinking except this app will be living on a unix box so no c:\X. Thanks to dr0p for the mention of System(); as that command is what I have been toying with so far. I am going to try to tweak this idea some and get back to you with results. BTW dr0p since you mentioned filtering out the nasties I was wondering if you could elaborate a little more on sanitizing commands taken in by system(); and commands of the like? I am assuming that there are going to be complications since utilties like NMAP and NESSUS both enjoy being ran on elevated system accounts so I believe for the time being I am going to limit the processes so that I can have them executed by www-user without incident. Stay tuned ;) Thanks again, z-
  15. I was wondering if someone could maybe point me in the direction of how to execute something like this. Pretty much what I am wanting to do is allow for people to access my site and run nmap / nessus scans directly from a web interface. I have seen some sites like hackertarget.com and many others do this but ultimatly I would like to make something similar to ht as they allow you to simply input your email address and ip / dns and get emailed the results. So I know that passing info back between bash and php isnt that hard but would someone mind helping a guy out with a simple example script of how to do this? z- ps. long nite drinkin last night so if the post is a bit scattered I will clean it later.
×
×
  • Create New...