«
Expand/Collapse
56 items tagged "gateway"
Related tags:
web gateway [+],
web [+],
user [+],
server architecture [+],
server [+],
gateway associates [+],
external authentication [+],
vulnerability [+],
security [+],
astaro security gateway [+],
astaro [+],
control stack [+],
based buffer overflow [+],
activex [+],
access [+],
symantec [+],
service vulnerability [+],
mcafee [+],
gateway version [+],
gateway service [+],
denial of service [+],
content [+],
command execution [+],
citrix access [+],
web authentication [+],
typical interaction [+],
symantec web [+],
shell metacharacters [+],
service [+],
safer use [+],
proof of concept [+],
overflow vulnerability [+],
nmap [+],
host headers [+],
cisco [+],
buffer overflow vulnerability [+],
authentication [+],
altigen [+],
tcp packet [+],
sql injection [+],
router [+],
remote [+],
netsupport [+],
multiple [+],
hacks [+],
gateway user [+],
code execution [+],
Newbie [+],
Area [+],
webbiblio [+],
victim [+],
unwanted guests [+],
twitter [+],
thanks in advance [+],
texas [+],
subject gateway [+],
subject [+],
sslstrip [+],
software package [+],
sms [+],
protocol [+],
portal [+],
policy security [+],
page parameter [+],
opendns [+],
open source software [+],
new generation [+],
network [+],
netsupport manager [+],
misc [+],
manager [+],
management interface [+],
management gui [+],
management gateway [+],
management [+],
linux box [+],
landesk management [+],
lan [+],
iptables [+],
internet gateway [+],
information disclosure vulnerability [+],
golden gateway [+],
golden [+],
gateway url [+],
gateway system [+],
gateway portal [+],
exploits [+],
dos [+],
disclosure [+],
destination port [+],
cross site scripting [+],
content services [+],
cisco security advisory [+],
cisco security [+],
cisco ios [+],
chris kantarjiev [+],
cellphones [+],
border gateway protocol [+],
border [+],
arpspoof [+],
aprs tracker [+],
aprs [+],
amateur radio enthusiast [+],
advisory [+],
Software [+],
citrix [+]
-
-
14:55
»
Packet Storm Security Exploits
McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
-
14:55
»
Packet Storm Security Recent Files
McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
-
14:55
»
Packet Storm Security Misc. Files
McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
-
-
11:29
»
SecuriTeam
This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of the Symantec Web Gateway appliance.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:31
»
Packet Storm Security Exploits
This Metasploit module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.
-
18:31
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.
-
18:31
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.
-
-
8:13
»
Hack a Day
[Chris Kantarjiev] is an amateur radio enthusiast (call sign K6DBG) and does a lot with the APRS. We think his build, turning a WRT54gl router into an APRS gateway will be very useful for the APRS tracker builds we’ve been covering. Setting up an Internet Gateway, or igate, on APRS usually requires a ‘real’ computer. [...]
-
-
10:01
»
Hack a Day
[GuySoft] threw together a cellphone-based SMS gateway that allows him to push text messages to Twitter. Once up and running, it can be used by multiple people, either with shared or individual Twitter accounts. At its core, this setup uses the cellphone as a tethered modem on a Linux box. The open source software package, [...]
-
-
7:59
»
Packet Storm Security Exploits
The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.
-
7:59
»
Packet Storm Security Recent Files
The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.
-
7:59
»
Packet Storm Security Misc. Files
The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.
-
-
11:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:56
»
SecuriTeam
Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:01
»
Packet Storm Security Tools
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
-
13:00
»
Packet Storm Security Recent Files
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
-
-
19:01
»
Packet Storm Security Tools
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
-
19:01
»
Packet Storm Security Recent Files
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
-
-
9:01
»
Packet Storm Security Tools
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
-
9:00
»
Packet Storm Security Recent Files
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
-
-
19:43
»
Packet Storm Security Tools
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
-
19:42
»
Packet Storm Security Recent Files
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
-
-
1:08
»
remote-exploit & backtrack
Ok,
I have recently signed up with a new ISP [Sky] and they do not allow 3rd party routers. This would not be an issue if the router they supplied had a greater range than just one room :(.
My proposal is to create my wireless network using my existing hardware connect the old router to the new router via LAN.
New router has the following settings:
ip = 192.168.0.1
DNS = 208.67.222.222 [OpenDNS seems more reliable than their Supplied DNS]
Plan is to have old router on same ip subset. eg make it be 192.168.0.10 with a gateway of the new router.
This setup works.
Now i have disabled DHCP so that each PC/Device has to be manually configured.
My question is this:
If i shifted the new routers ip to 192.168.0.[anything but 1] and setup old router and my devices with this gateway. How long would it take to discover on average the gateway? I know wireshark has a gateway detection tool, is there anything else i need to be wary of?
I know this is my home network and i am probably over thinking here, but if i can hide the gateway from detection easily then surely thats another reason to deter unwanted guests on my network.
For info i am still finding my feet with BT4Final so if the tool is included i may need pointing to it.
I have posted this inthe newbie thread as i am sure that this will have you guys slapping forehead and shouting thats easy - do this.
Thanks in advance
-
-
0:00
»
remote-exploit & backtrack
I have the following setup works
# Victim
[My Laptop@10.0.0.2] < ---- > [My PC@10.0.0.1 & Gateway@10.0.0.138]
Works fine running sslstrip & bt4 vm on my pc as the attacker on my eth0 interface.
What im finding difficult is this setup, it effectively DoS attacks my router.
# Victim on XP [My Laptop@10.0.0.2]
>>>>>>>>>>>>>>>>>>>>>>> [Gateway@10.0.0.138]
# bt4 VMware [My Laptop@10.0.0.4]
- Victim on XP is connected to the gateway on my 1490 Mini WLAN Card.
- bt4 VMware is using my ALFA'36H to connect to the gateway, so both wireless.
arpspoof between XP@10.0.0.2 & Gateway@10.0.0.138 with interface wlan0 works. But as soon as i do the iptables i effectivly DoS the router and the victim cannot surf the net, so the attack becomes useless.
Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
So all im left with is a forum post from remote exploit i found the other day i cannot find again which breifly mentioned not needing sslstrip to do an attack like this because it is only encrypted with wpa/wep not ssl yet and that i can just run airdecap-ng to take off the encryption.
So how can i get this working using either method.
And going back to my original scenario with 1 client. If i reversed roles and used bt4 vmware on the laptop would i be able to do this sslstrip attack on the PC? or is it only limited to being ran from the wired side of the network?
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB (1 unread)
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost (19 unread)
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution