Penetration Testing (pen-test) Mailing List

Re: SSL MITM not on port 443

Thu, 28 Aug 2008 11:56:33 +0300

Posted by Ahmad Taha on Aug 28

Hi,
You can also try to redirect/tunnel the connection, use some tool to
listen on the required port and forward the traffic to ettercap on port
443, you can accomplish this with many ways. I hope this will fix your
problem:)

Regards,
Ahmad Taha Zaki

...

Re: SSL MITM not on port 443

Thu, 28 Aug 2008 10:43:57 +0200

Posted by Roman Fulop on Aug 28

you could always redirect traffic to certain port woth iptables.

christopher.riley_at_r-it.at wrote:
> Unfortunately i've already tried to use Paros as a MITM proxy for the
> connection. The application does complain about the certificate, as you'd
> expect. However I need to...

RE: SSL MITM not on port 443

Thu, 28 Aug 2008 08:21:16 +0200

Posted by christopher.riley_at_r-it.at on Aug 28

Unfortunately i've already tried to use Paros as a MITM proxy for the
connection. The application does complain about the certificate, as you'd
expect. However I need to replace the normal Paros certificate with one
that is faked especially for the application (such as the ones created by
...

Re: SSL MITM not on port 443

Wed, 27 Aug 2008 13:13:24 -0700

Posted by James Matthews on Aug 27

I have found that ethercap worked nicely!

On Wed, Aug 27, 2008 at 10:24 AM, Robbie Gill <rgill_at_arubanetworks.com> wrote:
>
> Try pointing the application to a MITM proxy like Paros
> (http://www.parosproxy.org/index.shtml) or WebScarab
> (...

New Tool Released: XTest1.0!

Wed, 27 Aug 2008 12:51:39 -0500

Posted by Jason Ostrom on Aug 27

http://xtest.sourceforge.net

Sipera VIPER Lab has released a new & free test tool, XTest, that is a
result of our research into the ability or inability (your choice) of
wired 802.1x with EAP-MD5 to protect IP Phone endpoints and the VoIP
Infrastructure.

Jason Ostrom

...

RE: SSL MITM not on port 443

Wed, 27 Aug 2008 10:24:18 -0700

Posted by Robbie Gill on Aug 27

Try pointing the application to a MITM proxy like Paros
(http://www.parosproxy.org/index.shtml) or WebScarab
(http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project). Such
a proxy sits in the middle of the client application and the server and
presents its own certificate to both...

New Nmap Features

Wed, 27 Aug 2008 09:32:21 -0400

Posted by Daniel Miessler on Aug 27

For anyone interested, here's a summary of the list of features in
Nmap's latest version---as presented by Fyodor at BH/DC.

http://dmiessler.com/blog/a-summary-of-new-nmap-features-from-blackhatdefcon-2008

Cheers,

SSL MITM not on port 443

Wed, 27 Aug 2008 13:32:32 +0200

Posted by christopher.riley_at_r-it.at on Aug 27

I've come across a problem in a pentest that I'm working on right now that
I thought the members of the list might be able to assist me with.

I'm working with a propriatary software (written in C++) that communicates
on a high port number using HTTPS. I'm trying to test to see if the
...

Read MAPI emails and play VOIP traffic dump

Wed, 27 Aug 2008 15:48:58 +0400

Posted by mark mark on Aug 27

Hi,

Is there any way you can read emails on Outlook/Exchange environment
by listening on the wire? We have the traffic dump but wireshark only
says the protocol used is MAPI. Also for the VOIP, traffic dump, we
ended up with some file that won't play on any media player.. Any idea
how to...

Re: Keylogger winlinux

Wed, 27 Aug 2008 10:48:18 +0200

Posted by michele dallachiesa on Aug 27

2008/8/18 administrator - <illegal.visitor_at_gmail.com>:
> Hi there,
>
> I am new to the pentesting field and currently busy with OSCP. I have
> read a great number of books and publications. From all of this I
> compiled a handy toolset. However I am missing a good...

SensePost reDuh Tools now available for download

Wed, 27 Aug 2008 09:25:56 +0200

Posted by Glenn Wilkinson on Aug 27

Hi there,

We have just blogged the availability of the reDuh tools covered in our
BlackHat/Defcon 2008 talk. [http://www.sensepost.com/blog/2399.html]

reDuh allows you to tunnel TCP over well formed HTTP, effectively
creating a full TCP circuit through an uploaded jsp, php or asp page. A
...

PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 1213) and BA-Con 2008 Speakers (Sept. 30 Oct. 1)

Tue, 26 Aug 2008 13:02:12 -0700

Posted by Dragos Ruiu on Aug 26

Spanish url: http://ba-con.com.ar/speakers.html?language=es

Speaker list and Dojos for BA-Con, September 30, October 1st.
(all presentations in both Spanish and English)

Presentations:

WPA/WPA2: how long is it gonna make it - Cédric Blancher & Simon Maréchal,
EADS & SGDN
...

Re: Comprehensive firewall test using Nmap?

Tue, 26 Aug 2008 09:33:11 +0200

Posted by Gabriele Brosulo on Aug 26

On Saturday 23 August 2008 21:32:07 Bill Weiss wrote:
> Gabriele Brosulo(brosulo_at_edisoft.net)@Thu, Aug 21, 2008 at 11:08:02AM +0200:
> > On Thursday 21 August 2008 09:00:02 Alexander Sandstr?m Krantz A wrote:
> > > Is it possible to automatically alter the source...

Re: Comprehensive firewall test using Nmap?

Fri, 22 Aug 2008 18:00:19 -0300

Posted by M.B.Jr. on Aug 22

No CJ,
I guess Alexander means an automatic port alteration during your

nmap -g $srcport -oA blabla-$srcport etc

suggestion.

Regards,

On 8/21/08, Carl-Johan Bostorp <Carl-Johan.Bostorp_at_hps.se> wrote:
> Hi,
>
> Using simple scripting would be a good way to get things...

Re: a quotgoodquot vulnerability for educational purposes

Mon, 25 Aug 2008 22:38:02 -0300

Posted by eldraco on Aug 25

hi all,

we are teaching pentesting too, and we use:

Solution a:
1- webgoat (you can use the one in www.damnvulnerablelinux.org)
2- metasploit

Solution b:
We also use w3af, that comes with a lot of .php files (all what it can test)
for apache, so you can test your w3af installation. This...