SlideShare una empresa de Scribd logo

Presentation nix

Descargar como PPT, PDF
F
fangjiafu
Tecnología
1 de 53
SSH Tricks and More! Presented by Kyle Young
Who am I? • Just another computer technician • Obtaining my macro degree in network administration from GRCC • Planning on getting a Bachelors degree in Digital Forensics at FSU • Been tinkering with computers since I was in middle school • Became obsessed with Information Security in 2005 • Owner/Hoster of zitstif.no-ip.org • Administrator on HITB forums
Read this book if you want to learn more about SSH! SSH, The Secure Shell: The Definitive Guide, 2nd Edition By Daniel J. Barrett, Richard E. Silverman ,Robert G. Byrnes Publisher: O'Reilly Media Released: May 2005 Pages: 668
Presentation Note! I WILL NOT BE COVERING THE PROPRIETARY VERSION OF SSH (Tectia) SORRY! 
Why do a presentation on SSH tricks? • SSH is one of my favorite protocols • There have been plenty of articles and blog posts on the subject – I thought it was time to kind of aggregate these and add some of my own tips/tricks
What is SSH? • Is it a shell? … No • Is it a solution to all of your security problems? … No “Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices.” - en.wikipedia.org/wiki/SSh
SSH History • SSH v1.X - Invented by Tatu Ylönen in 1995 • Created due to a password sniffing attack that took place at Helsinki University of Technology • Created as a secure replacement for telnet, rlogin and rsh protocols
SSH and You! • If you work in the information technology realm, there’s a good chance you have used SSH before. • The SSH Client is natively available on practically all Non-Windows Operating Systems • Can be more quick and dirty than Remote Desktop • Easier to use on a phone than Remote Desktop (You may want to check out ‘mosh’ http://mosh.mit.edu/ )
What can I use SSH for? • For login to a shell on a remote host • For executing a single command on a remote host (replacing rsh) • Secure file transfer • For forwarding or Tunneling • Forwarding X from remote hosts • The list goes on... https://en.wikipedia.org/wiki/Secure_Shell#Usag e
SSH and Cyber Espionage • Duqu Worm – (Nov 2011) Contained instructions to exploit a zero day vulnerability in OpenSSH 4.3 on CentOS systems – After compromising the system the worm then updated OpenSSH to version 5.8
Speaking of SCADA/SSH... “Another day, another SCADA threat: ICS-CERT is now warning utilities and other critical infrastructure providers about potential brute- force attacks against control systems with SSH command-line access. “ - Kelly Jackson Higgins (darkreading.com) Feb 06, 2012
Basic SSH Usage
Insecurity Issues With Default Client Settings Make sure your clients (and servers) are strictly using version 2 Or they may be vulnerable to version downgrade attacks! You can also edit your ssh_config and change the directive : Protocol 2 
Downgrade attacks on SSH Clients Downgrade attacks can  be performed with ettercap-ng  and ettercap-filters!  Image From http://openmaniak.com/
Connecting for the first time to an SSH Server: Do you know it’s safe? If you’re very paranoid, you’ll want to verify the RSA fingerprint and randomart image  with what fingerprint your given when connecting.  To do so: On the server side you’ll have (usually requiring physical access to the  Machine) You would need to do this: sudo ssh-keygen -lvf /etc/ssh/ssh_host_rsa_key.pub Then on your client side you want to edit your ssh_config file and set this option: VisualHostKey yes http://www.itworld.com/it-managementstrateg
Connecting for the first time to an SSH Server: Do you know it’s safe? One issue with this: “Obviously you need a secure method of getting verified copies of the fingerprint and randomart images for the computers you want to log into. ” - Carla  Schroder http://www.itworld.com/it-managementstrategy/261500/16
One other thing.. Oh yeah Kippo can be ugly.. An attacker can capture your SSHv2 credentials using Kippo: •To do so an attacker needs to be in your local area network or spoofing the IP address  or domain name of the SSH server host that the victim is trying to connect to.  •Setup Kippo to listen on the appropriate port •If needed perform an ARP poisoning attack on the victim. •Once the victim tries to connect they would most likely get a mismatching fingerprint. However, with putty, an  ignorant or hasty victim could simply click “YES”.  http://pauldotcom.com/wiki/index.php/Episod
OK I’m connected…am I still safe? Not necessarily  - Some versions of the openssh- server  daemon will handle  password authentication in clear  text in memory!  Proof of concept:  http://zitstif.no-ip.org/capturessh2.txt   #Tested on SSH-2.0-OpenSSH_4.7p1  Debian-8ubuntu1.2  #Tested on SSH-2.0-OpenSSH_5.1p1  Debian-5ubuntu1  #Tested on OpenSSH 5.2 (protocol 2.0)  Fedora 11 Need to find the source on this  one! 
OK I’m connected…am I still safe? Watch out on your client side: http://blog.diogomonica.com/post/3087360614 Poor man’s SSH keylogger! 
Locking Down The Server Side: sshd_config is your friend! •This may be debatable, but change  your ssh server’s listening port to  something different than port 22. • Again.. Make sure your ssh server is  strictly using Protocol Version 2 •Do not permit root login! •Permit/Deny only specific users or  groups! (AllowUsers/AllowGroups Directive OR DenyUsers/DenyGroups) https://www.linux.com/learn/tutorials/305769-a
Oh yeah..a quick note on changing the default port for ssh http://danielmiessler.com/blog/security-and-ob
Oh yeah..a quick note on changing the default port for ssh
Locking Down The Server Side: sshd_config is your friend! •Disable PasswordAuthentication and  authenticate only using keys •Configure an Idle Log out time period  (ClientAliveInterval XXX ) •Limit what interface/addresses SSHD  binds to •Limit the amount of authentication tries  (MaxAuthTries ) https://www.linux.com/learn/tutorials/305769 http://www.cyberciti.biz/tips/linux-unix-bsd-op
Locking Down The Server Side: sshd_config is your friend! •Change the login grace time  (LoginGraceTime) •Oh yeah… disable empty passwords  (Duh..) (PermitEmptyPasswords no) https://www.linux.com/learn/tutorials/305769 http://www.cyberciti.biz/tips/linux-unix-bsd-op http://www.uptimemore.com/password-retry-
Locking Down The Server Side: Programs to help you lock down your server •If applicable use iptables (or pf)  to permit/deny specific IP  addresses/ranges List of programs to help ward off  dictionary attacks/brute force  attacks on  http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-p (#16) •Setup port-knocking!  http://www.cyberciti.biz/tips/linux-unix-bsd-op
Quick tips for speeding up SSHD login sshd_config is your friend! •Disable server side DNS look- ups if you don’t need it.  (UseDNS No) If you’re not using PAM with  SSH then disable PAM (UsePAM No) http://www.cyberciti.biz/tips/linux-unix-bsd-op
Client side configuration tips ssh_config is your friend! Are you sick of constantly typing in your  passwords (if you’re using passwords) when  doing additional connections when you’ve  already authenticated to your ssh server?  Solution: Add this to your ssh_config file  Host * ControlPath ~/.ssh/master-%r@%h:%p ControlMaster auto http://www.evilsoft.org/2009/10/23/stupid-
Client side configuration tips ssh_config is your friend! Save yourself some keystrokes! ssh –C –D 1234 user@example.com -p 5432  Edit your ssh_config file to something like this: Host example example.com HostName example.com   User user Port 5432 DynamicForward 1234  Compression Yes Now you only need to type: ssh example http://codeutopia.net/blog/2011/07/08/why-di
Client side configuration tips ssh_config is your friend! Are there any options to check for DNS  spoofing?  YES!  CheckHostIP Yes This will force ssh to do an additional check  in the known_hosts file for the IP address of  the server. 
For more information on configuring sshd_config and ssh_config, please see: man sshd_config && man ssh_config
Now for those beautiful client-sided one liners…(top 10 one liners from commandlinefu.com) 1 2 3 4 5
Client-sided one liners…(top 10 one liners from commandlinefu.com) 6 7 8
Client-sided one liners…(top 10 one liners from commandlinefu.com) 9 10
Client-sided one liners…(more awesome one liners from commandlinefu.com)
Client-sided one liners…(more awesome one liners from commandlinefu.com)
For more awesome one-liners from commandlinefu.com:
More awesome one-liners: http://diogomelo.net/blog/10/ssh-tricks Don’t want to expose remote desktop via your firewall? You can still use it through ssh!: ssh –L 3389:192.168.1.100:3389 user@site.com  Put the ssh client in a very verbose mode for troubleshooting/debugging: ssh –vvv user@site.com  http://linuxaria.com/howto/trucchi-con-ssh?lang=en
More awesome one-liners: http://www.linuxjournal.com/article/6602?page=0,1 Pipe webcam over ssh:  http://unix.stackexchange.com/questions/2302/can-i-pipe-dev-video-o
Client-sided one liners: Fun with the ‘-t’ option Any programs that need a pseudo terminal screen to work and you need run quickly, use  -t. Examples: ssh –t user@example.com “python” ssh –t user@example.com “irb” ssh –t user@example.com “ssh anotheruser@anotherhost.com” ssh –t user@example.com “msfconsole”  ssh –t user@example.com “screen” ssh  -t user@example.com “vi”
Client-sided one liners: Fun with reverse connections Don’t have metasploit or any fancy info-sec security tools on your device that is connected  to a LAN, but this device still has an SSH client on it?  NO PROBLEM! Target host: 192.168.1.102 Target port: 445 Payload port: 4444 ssh –t –R  192.168.1.102:445:127.0.0.1:4445 –R 192.168.1.102:4444:127.0.0.1:4444  attacker@penbox.org “msfconsole” Then through metasploit  on your remote host you would point your attacks towards your  loopback interface 
Client-sided one liners (Poor man’s VPN/proxy) This will bind a SOCKS server to port 9050 on the interface 192.168.1.100 
Client-sided one liners (Poor man’s VPN/proxy) OK big deal.. I know that.. What’s special about it? 
Client-sided one liners (Poor man’s VPN/proxy) What this means:  •You can now tunnel traffic securely between you the client, and example.com • If example.com’s subnet is 10.1.10.255, you can now access resources in that  subnet via your tunnel, hence why this is a poorman’s VPN. •You can use programs like proxychains in tandem with SOCKS •NOTE: example.com’s hosts file (/etc/hosts) does affect the DNS name resolution of  the SOCKS client  
Client-sided one liners (Poor man’s VPN/proxy) Programs that play nicely with proxychains:  rdesktop netcat socat nmap  hping telnet openvas nessus hydra wget ssh metasploit (though not needed) (set Proxies socks5:localhost:1234)  ncrack ...(The list goes on) Almost any application that works on *nix and relies on TCP/IP
Ways of setting up sshd the quick and dirty way… Scenario 1: Are you doing a pentest and you’re able to find a router that is compatible with openwrt  or  dd-wrt?  Upload it! Most versions of openwrt and dd-wrt support SSHD Scenario 2: You’ve popped a shell on a Windows box and you’d like to setup an SSHD server: Copssh_3.1.4_Installer.exe /S  Copssadm --command activeuser –user USERNAME –shell /bin/bash 
Ways of setting up sshd the quick and dirty way… Meterpreter from the metasploit project now has a meterpreter script that can deploy an  openssh server on Windows victims.  (I must admit, the few times I’ve tried it, it has never  worked for me!) 
SSH and Window$ SSH Clients on Windows: Putty, plink, psftp, ssh (cygwin) (there are a bunch..  http://en.wikipedia.org/wiki/Comparison_of_SSH_clients#Platform) Probably one of the best guides for installing Cygwin w/ an openssh  server on Windows: http://pigtail.net/LRP/printsrv/cygwin-sshd.html NOTE: Follow the steps very closely!  Minimal/Easy Install options of cygwin with sshd:  http://sshwindows.sourceforge.net/ https://www.itefix.no/i2/copssh For X11 forwarding over SSH, Install Xming and use putty:  http://sourceforge.net/projects/xming/  
Programming/Automating SSH Examples of languages that you can use for automating SSH:
Programming/Automating SSH Python Example:  Very good guide on paramiko:  http://jessenoller.com/2009/02/05/ssh-programming-with-paramiko-completely-different/
SSH and IPV6 Very good guide for getting around with IPv6 and show examples of SSH  usage: http://www.enterprisenetworkingplanet.com/netsp/article.php/3634596/Getting-Around-IPv6.htm Things to check: •Use ping6 to ping at least your lookback interface ::1 •Use ping6 to ping ipv6 domain names: (i.e. ipv6.google.com) •Make sure your IPV6 server is setup to listen on an IPV6 address  (NOTE: 0.0.0.0 in IPV6 is ::: ) Simple example using ssh and ipv6: ssh user@2001:4860:800a::93
Live Demo: SSH/Miredo/IPV6 Thanks Mubix! ( http://www.room362.com/blog/2010/9/24/rev )
? Questions?
FIN! Postscript: man ssh

Recomendados

Gwc3
Gwc3Gwc3
Gwc3Dan Kaminsky
 
SSH
SSHSSH
SSHZach Dennis
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
 
How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 

Recomendados

Gwc3
Gwc3Gwc3
Gwc3Dan Kaminsky
 
SSH
SSHSSH
SSHZach Dennis
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
 
How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNoSuchCon
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsBishop Fox
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disastersinfodox
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
So you want to be a security expert
So you want to be a security expertSo you want to be a security expert
So you want to be a security expertRoyce Davis
 
Steelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashSteelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashinfodox
 
Nginx warhead
Nginx warheadNginx warhead
Nginx warheadSergey Belov
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)hannob
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Positive Hack Days
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015Zi Lin
 
Aide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege EscalationAide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege Escalationnullthreat
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
The Unix Command Line | Jim Reevior
The Unix Command Line | Jim ReeviorThe Unix Command Line | Jim Reevior
The Unix Command Line | Jim ReeviorOomph, Inc.
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access darkRoyce Davis
 

Más contenido relacionado

La actualidad más candente

Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNoSuchCon
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsBishop Fox
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disastersinfodox
 
So you want to be a security expert
So you want to be a security expertSo you want to be a security expert
So you want to be a security expertRoyce Davis
 
Steelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashSteelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashinfodox
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)hannob
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Positive Hack Days
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015Zi Lin
 
Aide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege EscalationAide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege Escalationnullthreat
 

La actualidad más candente (19)

Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!
 
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation Methods
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
So you want to be a security expert
So you want to be a security expertSo you want to be a security expert
So you want to be a security expert
 
Steelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashSteelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trash
 
Nginx warhead
Nginx warheadNginx warhead
Nginx warhead
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015
 
Aide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege EscalationAide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege Escalation
 

Similar a Presentation nix

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
The Unix Command Line | Jim Reevior
The Unix Command Line | Jim ReeviorThe Unix Command Line | Jim Reevior
The Unix Command Line | Jim ReeviorOomph, Inc.
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access darkRoyce Davis
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowNovell
 
DSSH: Innovation in SSH
DSSH: Innovation in SSHDSSH: Innovation in SSH
DSSH: Innovation in SSHJuraj Bednar
 
Dssh @ Confidence, Prague 2010
Dssh @ Confidence, Prague 2010Dssh @ Confidence, Prague 2010
Dssh @ Confidence, Prague 2010Juraj Bednar
 
Ssh
SshSsh
Sshgh02
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guideCraig Cannon
 
Simple tips to improve Server Security
Simple tips to improve Server SecuritySimple tips to improve Server Security
Simple tips to improve Server SecurityResellerClub
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 

Similar a Presentation nix (20)

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
The Unix Command Line | Jim Reevior
The Unix Command Line | Jim ReeviorThe Unix Command Line | Jim Reevior
The Unix Command Line | Jim Reevior
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access dark
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
 
DSSH: Innovation in SSH
DSSH: Innovation in SSHDSSH: Innovation in SSH
DSSH: Innovation in SSH
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Dssh @ Confidence, Prague 2010
Dssh @ Confidence, Prague 2010Dssh @ Confidence, Prague 2010
Dssh @ Confidence, Prague 2010
 
Ssh
SshSsh
Ssh
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
Simple tips to improve Server Security
Simple tips to improve Server SecuritySimple tips to improve Server Security
Simple tips to improve Server Security
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 

Más de fangjiafu

Wce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurityWce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurityfangjiafu
 
Oracle forensics 101
Oracle forensics 101Oracle forensics 101
Oracle forensics 101fangjiafu
 
Understanding and selecting_dsp_final
Understanding and selecting_dsp_finalUnderstanding and selecting_dsp_final
Understanding and selecting_dsp_finalfangjiafu
 
Wce12 uba ampliasecurity_eng
Wce12 uba ampliasecurity_engWce12 uba ampliasecurity_eng
Wce12 uba ampliasecurity_engfangjiafu
 
Ddos analizi
Ddos analiziDdos analizi
Ddos analizifangjiafu
 
Bypass dbms assert
Bypass dbms assertBypass dbms assert
Bypass dbms assertfangjiafu
 
Cursor injection
Cursor injectionCursor injection
Cursor injectionfangjiafu
 
Create user to_sysdba
Create user to_sysdbaCreate user to_sysdba
Create user to_sysdbafangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Layer 7 ddos
Layer 7 ddosLayer 7 ddos
Layer 7 ddosfangjiafu
 
Tlsoptimizationprint 120224194603-phpapp02
Tlsoptimizationprint 120224194603-phpapp02Tlsoptimizationprint 120224194603-phpapp02
Tlsoptimizationprint 120224194603-phpapp02fangjiafu
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashingfangjiafu
 
Burp suite injection中的应用by小冰
Burp suite injection中的应用by小冰Burp suite injection中的应用by小冰
Burp suite injection中的应用by小冰fangjiafu
 
2008 07-24 kwpm-threads_and_synchronization
2008 07-24 kwpm-threads_and_synchronization2008 07-24 kwpm-threads_and_synchronization
2008 07-24 kwpm-threads_and_synchronizationfangjiafu
 

Más de fangjiafu (20)

Wce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurityWce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurity
 
Oracle forensics 101
Oracle forensics 101Oracle forensics 101
Oracle forensics 101
 
Understanding and selecting_dsp_final
Understanding and selecting_dsp_finalUnderstanding and selecting_dsp_final
Understanding and selecting_dsp_final
 
Wce12 uba ampliasecurity_eng
Wce12 uba ampliasecurity_engWce12 uba ampliasecurity_eng
Wce12 uba ampliasecurity_eng
 
Ddos analizi
Ddos analiziDdos analizi
Ddos analizi
 
Bypass dbms assert
Bypass dbms assertBypass dbms assert
Bypass dbms assert
 
Cursor injection
Cursor injectionCursor injection
Cursor injection
 
Create user to_sysdba
Create user to_sysdbaCreate user to_sysdba
Create user to_sysdba
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Layer 7 ddos
Layer 7 ddosLayer 7 ddos
Layer 7 ddos
 
Tlsoptimizationprint 120224194603-phpapp02
Tlsoptimizationprint 120224194603-phpapp02Tlsoptimizationprint 120224194603-phpapp02
Tlsoptimizationprint 120224194603-phpapp02
 
Crypto hlug
Crypto hlugCrypto hlug
Crypto hlug
 
Fp
FpFp
Fp
 
Rr 7944
Rr 7944Rr 7944
Rr 7944
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
 
Burp suite injection中的应用by小冰
Burp suite injection中的应用by小冰Burp suite injection中的应用by小冰
Burp suite injection中的应用by小冰
 
Oech03
Oech03Oech03
Oech03
 
2008 07-24 kwpm-threads_and_synchronization
2008 07-24 kwpm-threads_and_synchronization2008 07-24 kwpm-threads_and_synchronization
2008 07-24 kwpm-threads_and_synchronization
 
Unit07
Unit07Unit07
Unit07
 
Unit05
Unit05Unit05
Unit05
 

Último

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Presentation nix