Security Archives

Reverse Proxy into Linux via SSH

Posted on August 15, 2018August 15, 2018 by PodTech

Instructions to establish a reverse SSH proxy on server startup. Useful for setting up a server behind gateways/firewalls. Install SSH keys on the remote and local server. Note the command should work independently before setting up as a service.

/usr/bin/ssh -NT -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" 
-o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 user@remotehost.com

1 2	/usr/bin/ssh -NT -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 user@remotehost.com

On the remote server you can login via the tunnel

ssh user@localhost -p 2220

1	ssh user@localhost -p 2220

Create a service[…]

Heartbleed – OpenSSL Application Source Code Example

Posted on April 14, 2014 by PodTech

[perl] /* * CVE-2014-0160 heartbleed OpenSSL information leak exploit * ========================================================= * This exploit uses OpenSSL to create an encrypted connection * and trigger the heartbleed leak. The leaked information is * returned within encrypted SSL packets and is then decrypted * and wrote to a file to annoy IDS/forensics. The exploit can * set[…]

Heart Bleed – Exploit Example Code

Posted on April 10, 2014 by PodTech

If you need to test your server for the vulnerability, here is a simple Python script… [python] #!/usr/bin/python import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage=’%prog server [options]’, description=’Test for SSL heartbeat vulnerability (CVE-2014-0160)’) options.add_option(‘-p’, ‘–port’, type=’int’, default=443, help=’TCP port to test (default: 443)’)[…]

Ubuntu – Update OpenSSL – Fix HeartBleed Vulnerability

Posted on April 10, 2014March 20, 2018 by PodTech

In case you haven’t heard, a critical bug in the widely used OpenSSL library has been disclosed this week. http://www.bbc.co.uk/news/technology-26971363 Despite the cool name and vector logo, Heartbleed is one of the scariest security bugs to hit the Internet in a long time. I was able to query my own server to reveal memory[…]

Setting up SSH public/private keys

Posted on December 2, 2010 by PodTech

Setting up SSH public/private keys SSH (Secure Shell) can be set up with public/private key pairs so that you don’t have to type the password each time. Because SSH is the transport for other services such as SCP (secure copy), SFTP (secure file transfer), and other services (CVS, etc), this can be very convenient and[…]

SHA1 Cracking Passwords In The Cloud: Amazon‚Äôs New EC2 GPU Instances

Posted on November 23, 2010 by PodTech

Cracking Passwords In The Cloud: Amazon‚Äôs New EC2 GPU Instances. An interesting article! SHA1 for password hashing is officiall deprecated..