Instructions to establish a reverse SSH proxy on server startup. Useful for setting up a server behind gateways/firewalls. Install SSH keys on the remote and local server. Note the command should work independently before setting up as a service. /usr/bin/ssh -NT -o “ServerAliveInterval 60” -o “ServerAliveCountMax 3” -o “PubkeyAuthentication=yes” -o “PasswordAuthentication=no” -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 […]
[perl] /* * CVE-2014-0160 heartbleed OpenSSL information leak exploit * ========================================================= * This exploit uses OpenSSL to create an encrypted connection * and trigger the heartbleed leak. The leaked information is * returned within encrypted SSL packets and is then decrypted * and wrote to a file to annoy IDS/forensics. The exploit can * set […]
Heart Bleed – Exploit Example Code If you need to test your server for the vulnerability, here is a simple Python script… [python] #!/usr/bin/python import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage=’%prog server [options]’, description=’Test for SSL heartbeat vulnerability (CVE-2014-0160)’) options.add_option(‘-p’, ‘–port’, type=’int’, default=443, […]
In case you haven’t heard, a critical bug in the widely used OpenSSL library has been disclosed this week. http://www.bbc.co.uk/news/technology-26971363 Despite the cool name and vector logo, Heartbleed is one of the scariest security bugs to hit the Internet in a long time. I was able to query my own server to reveal memory […]
Setting up SSH public/private keys SSH (Secure Shell) can be set up with public/private key pairs so that you don’t have to type the password each time. Because SSH is the transport for other services such as SCP (secure copy), SFTP (secure file transfer), and other services (CVS, etc), this can be very convenient and […]
SHA1 Cracking Passwords In The Cloud: Amazon’s New EC2 GPU Instances Cracking Passwords In The Cloud: Amazon’s New EC2 GPU Instances. An interesting article! SHA1 for password hashing is officiall deprecated..