Shell access on a Unix-type server is access to send commands to a target as
a user of the system and get a response back (standard input to a shell and
standard output from that shell). This shell service is limited and some
commands will work and other will not. Window shell access has a similar
limited command structure and this article will explore how to navigate and
give some interesting tips hopefully as well.
A tool that can demonstrate this is netcat as I will illustrate below using
netcat for shell access on a windows target. On a windows machine open up a
command prompt and start a netcat listener (see Figure #1). You may need to
install the program http://nmap.org/ncat before you continue.
Figure #1 starting a netcat listener on windows
Now connect to it from you Linux box with the following command in Figure #2
Figure #2 connecting to the windows box vi... (more)
When performing a penetration test on a customer’s network by simulating an
attack and trying to find a way inside many forget there is an easier way.
Many networks have well established security protection through firewalls,
Intrusion Detections/ Protections Systems that will alert to your presents.
Performing a vulnerability scan using tools such as NeXpose, Nessus, nmap,
etc will alert many systems. By performing some research on the target and
learn what the company does you can narrow your attack. By using some social
engineering you can email your payload to an inspecting v... (more)
Intrusion detection tools that use the libpcap C/ C++ library  for network
traffic capture (such as Snort  and Tcpdump ) can output packet capture
information to a file for later reference. The format of this capture file is
known as pcap. By capturing packet data to a file, an investigator can return
later to study the history of an intrusion attempt – or to turn up other
important clues about clandestine activity on the network.
Of course, the traffic history data stored in a pcap file is much too vast to
study by just viewing the file manually. Security experts use spe... (more)
The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J.
Hudson and licensed under an Apache-style license. OpenSSL has lots of
features but I will cover encoding, checksums, encryption, passwords and pass
Many Linux distributions have OpenSSL as part of the bundled packages and is
most likely located in /usr/bin. To find it on your system type:
$ which openssl
$ openssl version
OpenSSL 1.0.0a 1 Jun 2010
Versions may vary and currently openssl-1.0.0d Feb 8 is the current version.
Most of the examples that are found in this document sh... (more)
The purpose of this article is to describe some tools and techniques in
performing the planning, scoping, and recon portion of a penetration test. In
covering these tools and techniques the reader will learn how to use them to
find vulnerabilities in their organization and help improve security posture.
Some other names for this first phase of penetration testing are; OSINT (Open
Source Intelligence), Footprinting, Discovery, and Cyberstalking.
During reconnaissance we'll gather information from public sources to learn
about the target and try to find what is importan... (more)