Re: [Full-disclosure] [OT] pls ignore

2014-03-05 Thread Gaurang Pandya
Again pls ignore (or keep guessing) md5: 87d31c01239f672d9ca815899808df41 md5: abcfeb5b23eac9a3b036ed69c57ec0ca sha1: c0ecd66dfd07185dc4368d4fe668001d1536fe87 sha1: 5ff68f0617adcfb6b4ed2390c9afb59977909287 Gaurang. From: Gaurang Pandya To: "full-discl

[Full-disclosure] [OT] pls ignore

2014-02-20 Thread Gaurang Pandya
MD5: 0a763d4c7029b13a1eacb09d71a5b66a MD5: 76964959005d734d32f06d0a6fbabaa3 SHA1: 10e3275a6980eec283cc169e3422b94eed32e119 SHA1: 74464e2b58990fdf4379f8f543ef43eef540d985___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclos

[Full-disclosure] Nokia’s MITM on HTTPS traffic from their phone

2013-01-09 Thread Gaurang Pandya
http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/ Conclusion >From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could

[Full-disclosure] Nokia phone forcing traffic through proxy

2012-12-07 Thread Gaurang Pandya
It has been noticed that internet browsing traffic, instead of directly hitting requested server, is being redirected to proxy servers. They get redirected to Nokia/Ovi proxy servers if Nokia browser is used, and to Opera proxy servers if Opera Mini browser is used. More detailed info at : http

Re: [Full-disclosure] Circumventing NAT via UDP hole punching.

2012-02-22 Thread Gaurang Pandya
I have used reverse shell in such senarios. A logs in to C, and B logs into C with reverse shell. Then A connects reverse shell to B on C. I have used it for ssh management, but can also be done using nc relay and ssh tunnel.. Gaurang. From: Adam Behnke To:

Re: [Full-disclosure] Stress Testing Tools

2011-04-28 Thread Gaurang Pandya
I have generated around 4G of attack using Hping from 6 servers, and I could have still increased it but that was all I needed. So I think hping does good job.. Gaurang. From: Oscar To: Sec Tools Cc: full-disclosure@lists.grok.org.uk Sent: Wed, April 27, 20

Re: [Full-disclosure] Drive-by Pharming Threat

2007-02-19 Thread Gaurang Pandya
--- Andrew Farmer <[EMAIL PROTECTED]> wrote: > On 19 Feb 07, at 20:36, Gaurang Pandya wrote: > > just wondering why cant simple perl script be used > > instead?? > > Because it's easy to write a web page to make a user > run some Flash. > Making a user r

Re: [Full-disclosure] Drive-by Pharming Threat

2007-02-19 Thread Gaurang Pandya
> does perl run in your browser? hmm...true..here server is not in control..thanks. > > On 2/20/07, Gaurang Pandya <[EMAIL PROTECTED]> > wrote: > > just wondering why cant simple perl sc

Re: [Full-disclosure] Drive-by Pharming Threat

2007-02-19 Thread Gaurang Pandya
just wondering why cant simple perl script be used instead?? Gaurang. --- Martin Johns <[EMAIL PROTECTED]> wrote: > On 2/19/07, [EMAIL PROTECTED] < > [EMAIL PROTECTED]> wrote: > > I am curious as to how one "automatically" logs > on? > > There are several potential methods (depending on > the vi