Collaborate Disseminate
For an ordinary user, how would I verify that a private key file was generated using reasonably secure algorithms? In response to things like allegedly insecure ssh-keygen defaults.
Continue reading How do I determine if an existing SSH private key is secure?
December is usually a quiet month at Microsoft, but this year there have been several newsworthy events, including Microsoft’s plans to drop the EdgeHTML rendering engine and a new virtualization feature called Windows Sandbox.
The post Everything You Need to Know About Windows – December 2018 Edition appeared first on Petri.
Continue reading Everything You Need to Know About Windows – December 2018 Edition
I am with an ethical hacking course and I am trying to access from a Kali machine to another machine with remote Linux terminal (Tiny Linux version 3-4) and when doing a vulnerability scan with nmap I get the following servic… Continue reading Remote control of an Apache 2.2.21 machine and OpenSSH 7.2
I’m new to Metasploit and looking for some advice on what I should be doing to port https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 into a Metasploit exploit module. I’ve successfully used the POC on a metaspl… Continue reading Seeking suggestions for porting my first Metasploit exploit to module
OpenSSH, a suite of networking software that allows secure communications over an unsecured network, is the most common tool for system administrators to manage rented Linux servers. And given that over one-third of public-facing internet servers run L… Continue reading Old and new OpenSSH backdoors threaten Linux servers
As I understand sshd (openssh in my case) typically does/may log the fingerprint/hash of the public key of incoming connections which are attempting to authenticate via key.
What I’m looking for is the full public key of inc… Continue reading Possible to get sshd (openssh) to log the public key of failed key based login attempts?
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server wi… Continue reading LibSSH Flaw Allows Hackers to Take Over Servers Without Password
Let’s be extra paranoid and assume that the SSH server my client is connected to, was “enhanced” so that every SSH client that establishes an connection with it, will be tricked into thinking that it wants to create reverse p… Continue reading Could a running SSH server somehow fool connected SSH client to create a reverse port forward?
An OpenSSH bug that was reclassified as a vulnerability after it was fixed has made scary headlines – but the sky isn’t falling Continue reading Vulnerability in OpenSSH “for two decades” (no, the sky isn’t falling!)
I have generated an RSA key-pair on a computer, and I want to check if the RSA private key is encrypted (protected) with a passphrase.
Note that the problem is not that I forgot the passphrase, but rather that I want to gen… Continue reading Checking if an RSA private key is passphrase protected