I can see a use of this type of attack for getting around captchas. If I host a web page that gives you access to download free mp3s, and all you have to do is complete a captcha to get it, what if I get that captcha from another site? I mean, when you load my page, I load the site I want to attack and show you their captcha instead?! That would basically make you my captcha-cracking conscript!

Proxytunnel is a program that connects stdin and stdout to a server somewhere on the network, through a standard HTTPS proxy. Getting it built seems to be pretty straight forward stuff.

rootninja@rootninja ~ ]$ ssh -Y remotehost “vncserver :1 && vncviewer localhost:1″
Starting applications specified in /home/rootninja/.vnc/xstartup
Log file is /home/rootninja/.vnc/remotehost.com:1.log

Want to have some fun with users that keep ssh’ing to your box? Let them in, then kill them right away. I don’t even remember when/why I wrote this silly script, but here it is. There’s a lot better ways you could do this, and if you want any real ssh security, don’t even let them log in at all.

I just saw a recent article describing some simple ssh attacks that looked a little funny to me. So I figured I’ll test them out. The one that smelled funny was using local and remote port forwarding on itself, localhost. It just doesn’t work on modern linux …

Accessing the hidden VMware ESXi service console was supposed to be done only while working directly with a VMware technician, but it’s just so darn handy when you’re a command line junkie, that how can you resist right?

[user@localhost ~]$  cat ~/.ssh/id_rsa.pub ~/.ssh/id_dsa.pub | ssh user@remotehost ’sh -c “cat - >> ~/.ssh/authorized_keys”‘
You’ll be prompted for the password just this one last time.  This is perfect for running a script that runs several remote commands through ssh.  Here’s a script that checks for your keys and adds them if …

Yes, I know this is ancient stuff, but I have no choice but to mess with it right now.  Old ultrasparc garbage, weeee!  So here goes the installation of some ‘modern day’ packages so I can work with this old box.  (It hasn’t been touched since 2002, ouch)
First you’ll need …