Blog de Iván López: HTTPort + HTTHost o Cómo saltarse Proxy + Firewall Corporativo. [ACTULIZADO 26/06/2007]: Con una captura de la configuración del Htthost por petición en un comentario. Hace poco que he cambiado de trabajo y en el nuevo tenemos el acceso a internet muy capado. Una de las webs a la que no podemos acceder es Gmail. Aunque no recibo muchísimos emails diarios, siempre está bien poder ver el correo durante el día alguna vez por si hay algo interesante o sobre todo por si necesito buscar o enviar algo desde esa cuenta. He estado buscando diversas alternativas para poder saltarme estas restricciones y al final estos son los recursos que tengo y los pasos que he dado: En casa tengo un pequeño servidor encendido 24x7 con el Emule funcionando (lo siento Alex pero de momento es windows y no debian) en el que tengo instalado un servidor VNC.
Como no tengo ip estática utilizo los servicios de no-ip.com y la funcionalidad DDNS de mi router para asignar un nombre de dominio a mi ip dinámica. 4.- Mi siguiente intento fue con HTTPort. Facebook Trucos| Page Web: Proxyficando nuestras aplicaciones. Buenas, hoy me encontré con ProxyFirewall, aquí la podeis des ¿que hace esta herramienta? Bueno, lo que hace es que nos permite “proxyficar” nuestras aplicaciones, aprovechando que tengo Tor instalado, me decidi a probarla y funciona bastante bien, aqui dejo unas capturas despues de haber proxyficado Internet Explorer: Cualesmiip con Firefox: En ese mismo momento con IE despues de pasarlo por el ProxyFirewall Tambien he pasado el messenger como se ve aquí: Y se puede utilizar con las herramientas que necesiteis “anonimizar”…..
¿Como se hace? Para los que como yo la querais probar con Tor, despues de instalar Proxy Firewall, lo primero es decirle con que proxys debe trabajar, en este caso con los de Tor y seguimos estos pasos: - Vamos a la pestaña Open proxies -Add proxies - Y con la opcion HTTP(S) marcada añadimos el proxy http de tor, asi: Pulsamos add to list y despues ok -Hacemos lo mismo con el SOCK5 Fuente BY:Stiuvert. Tunnelling out of corporate networks (Part 2) Tunnelling out of corporate networks (Part 1)
Tunneling your way out of corporate networks PART2: OpenVPN | WSEC. The next way to tunnel out of corporate networks (that have an auth proxy, blahblablah,…) is using a SSL VPN. Openvpn ( is a piece of software which is not too hard to configure and it also supports proxies out of the box. Ofcourse, it also has a client and a server side component and – because it uses SSL – you need certificates. So first of all, let's set up the certificates. We'll assume we are using our Backtrack box, somewhere on the Internet with a public IP.
Luckily for us, we have OpenVPN installed by default on BT5. A bunch of stuff is not required, but I found that these are the best options for me. If we run our script (making sure that our server.conf and all cert files are in /etc/openvpn), we should see our VPN listening on port 443: Now to our client. Replace the SERVERIP and the PROXYIP with the IP of your server and your proxy. Tunneling your way out of corporate networks PART 1 : SSH + Socks | WSEC. In this blog post I’ll show the first of an effective and popular way to get full internet connectivity while being in a fairly well shut-down network (Let’s call it a corporate network, since 90% of corporate networks have some kind of proxy for outgoing traffic). While doing internal pentesting I’m sure you have all encountered the annoying fact that you are given some proxy credentials with which you can only use http/https and with the addition of a content filter which doesn’t allow you to browse ‘hacker sites’, which you obviously need to access for research during your tests.
First of all, let’s assume we have a box on the Internet, with an SSHD we can access. Also, let’s assume we can only use a proxy to get out. First, we need to tunnel our way through the proxy For this we can use the proxytunnel tool (what’s in a name). In order to use it, we do the following (on our laptop PC): proxytunnel -a 222 -p PROXYIP:8080 -d fw.hackingmachines.net:22 -P username:password. Tunneling your way out of corporate networks PART 1 : SSH + Socks | WSEC. Tunneling your way out of corporate networks PART 1 : SSH + Socks | WSEC. Kali Linux ISO of Doom. In our last blog post, we provided an example of running an unattended network installation of Kali Linux.
Our scenario covered the installation of a custom Kali configuration which contained select tools required for a remote vulnerability assessment using OpenVAS and the Metasploit Framework. With just a few minor changes to this concept, we can further leverage Kali to create other cool and shiny toys as well. In today’s post, we’ll see what it takes to create what we fondly refer to as “The Kali Linux ISO of Doom”. The idea we had was tbao build an “unattended self-deploying” instance of Kali Linux that would install itself on a target machine along with a customized configuration requiring no user input whatsoever.
There could be several uses for such an image: In the first scenario, you need to perform an internal penetration test in a remote location. The second scenario is rather cool. But, enough back patting, lets move on to the awesomeness. # Now we create the client keys.