SSH Dinamic Port Forwarding

This is a mind note, cause i always forgot the command to create a dinamic port forwarding through ssh. Suppose you want to navigate the web with your browser but you want that the browser connection is made by other machine that has sshd running. So you can access web pages as if from the other machine.

You need to create a connection to the sshd server with the parameter -D and the port number where the local machine will listen to forward the connections. Example:

command>ssh myuser@sshdserver -D 8080


Now you have to configure the web browser to use SOCK Host: localhost Port:8080

In windows you can use putty, and you have to configure

Connection->SSH->Tunnel
Option: Source Port = 8080
Destination: Dinamic

That's all

Email Harvesting

I made an update to an old but useful tool, "googleharvester". Now the tool also works with msn search. I ported the program to Python because i feel more comfortable with the language and i program faster ;)
You can download the tool: Here

Now the tool is called "theHarvester"
enjoy

Ngsec - Game #3 - Brainstorming

Well another Web application hacking game from Ngsec, this time there were 5 levels. The difficulty was very hard at the 2 first levels, and very very easy in the last 3. The order of the levels should have been inverse :) . But with some patience and Mandingo's tips, i finished in 9 hours aprox (not in a row).

It's was good game to kill some time and program a little.

Try it and became a g00r00 ;)

Game #3

Some tips:
Level 1 - I become blind.
Level 2 - Timing, it's all about timing.
Level 3 - Too easy, no tips.
Level 4 - With the tips and clues in the game, plus some tampering should be enough.
Level 5 - Very easy, just google.

The RequesteR

Hello!, this time i bring a new tool for editing and sending HTTP request, it's a simple tool that you can use to debug or compare raw request to the HTTP servers. It's useful to replace the usual telnet session where do you need to type everything every time you want to send a request. With this tool you can change a simple letter in the request and re-send it, just pushing one button.
It supports SSL and request/response history. It's based on python and pygtk.

This is the first version, if you liked or think that would be cool to add something else please write me :)

Get it from Here

Enjoy

Proxim wifi cards on Ubuntu Dapper

I received some Proxim Gold Orinoco B/G Pccard to test for wireless assessments, at first i try the card in my Ubuntu Dapper but it didn't worked. I read some how-to's but they recommended to use ndiswrapper, the problem of ndiswrapper is that don't support monitor mode :( .
Then i found Madwifi a Linux kernel device driver for Wireless LAN chipsets from Atheros, the Proxim card is based on atheros, cool. I downloaded and compiled the new version of the driver, the "ng" branch; all was ok, but when i tried to pass to Monitor mode it didn't worked. I tried some tips on some forums but no way..
I decided to install the old version of madwifi drivers, compiled them, try them, and all went OK!

So if you have a Proxim Gold card, i recommend to use the madwifi old version.