ARTICLE PenTBox v1.0.1 - Secure IM Client

Tuesday 10 November 2009 - 497 read - ( Keywords : Framework , Password Cracking , PenTBox , Vulnerability Scanner )

PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).

PNG - 13.3 kb

A new update for PenTBox, includes a new program, Secure IM Client. With this program, users can create a direct chat room between client and server and with a mode of encoding that makes it a little secure.

PoC: How Base64 encoding/decoding works in the communication.

  • Client and server encode/decode the traffic in a simple Base64 based mode.
  • Server makes a random number (4 – 8).
  • Server sends this number to client. The traffic will be encoded and reversed this number of times.
  • Traffic is encoded and reversed, encoded and reversed, encoded and reversed...In the other way, traffic is reversed and decoded, reversed and decoded, reversed and decoded.

Newness of the project

IANA has approved the petition to include 6817 TCP port of PenTBox Secure IM Protocol in the list.


POSTSCRIPTUM

Download PenTBox v1.1


COMPLIANCE MANDATES

Vulnerability Scanner : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


RELATED ARTICLES

Framework, Password Cracking, PenTBox, Vulnerability Scanner,

25 March 2010 : PenTBox v1.3.2 FINAL released
3 February 2010 : PenTBox v1.3 Beta released
9 January 2010 : PenTBox v1.2 Beta released
24 December 2009 : PenTBox v1.0.1 - looking for phrases
10 November 2009 : PenTBox v1.0.1 - Secure IM Client