To encrypt a file:
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
To base-64 encode it, simply add the -a switch (for 'ASCII'):
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc
The encryption operation requires that you supply a passphrase.
To decrypt the same file:
openssl enc -d -aes-256-cbc -in file.enc
To decrypt base-64 version, you guessed it, add -a flag :
openssl enc -d -aes-256-cbc -a -in file.enc
The passphrase will be prompted for. You can also supply the passphrase on the command line using the -pass option, or read the passphrase from a file using -pass file:/path/to/file.
Neato. A lot more cool tips at the OpenSSL Command-Line HOWTO.
Sure beats reading the heinously long and complex man pages for openssl! Now we really need a good way to be able to do this for batch jobs *without* having to store the passphrase in cleartext.
[ add comment ] ( 1082 views ) | permalink
cURL is a very useful utility to perform HTTP/HTTPS operations from the command line. Many times during a web application pentest you need to send an HTTP POST to a login form (e.g. brute force a login to the site). Here's the very simple way to do it, assuming you the form parameters are called username and password.
curl -d "username=SOMEUSER&password=SOMEPASS" -k https://some.website.com/loginform.jsp
The "-d" indicates you are including data for a POST, the -k says ignore SSL certificate warnings from the remote site.
Using curl is really only good for doing quick spot checks, to do large scale brute forcing I'd recommend using THC Hydra, the super useful perl module libwww-perl aka LWP, or Nessus which has incorporated Hydra. On Windows, Brutus works.
[ add comment ] ( 1149 views ) | permalink
Comments are disabled on this blog, mostly because of the toxic trifecta of:
1) unholy blog spammers
2) crappy captcha systems
3) my own laziness
[ add comment ] ( 2626 views ) | permalink
Calendar
