security

27

Six Easy Steps to Make a Super Secure Linux Server

http://www.technicant.com

Curiously many Linux administrators out there are clueless about properly securing or configuring a server. The following steps can significantly increase the stability and security of any Linux servers. These tips are all easy and quick to do as each can be completed in less than fifteen minutes!


Read more »
Created by admin 3 weeks 1 day ago – Made popular 3 weeks 1 day ago
Category: Linux server   Tags:
33

Exporting the Registry for Fun and Profit

http://blog.metasploit.com

Over the last few days, I have been playing with WinScanX, a free command-line tool for querying Windows service information over SMB. WinScanX combines many of the essential tools used during a penetration test into a single utility. One of the more interesting features is the "-y" flag, which instructs WinScanX to save a copy of the remote registry hives for SAM, SECURITY, and SYSTEM.


Read more »
Created by Ian_js 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Linux News   Tags:
7

Exploiting Microsoft IIS with Metasploit

http://blog.metasploit.com

As of this afternoon, the msfencode command has the ability to emit ASP scripts that execute Metasploit payloads. This can be used to exploit the currently-unpatched file name parsing bug feature in Microsoft IIS. This flaw allows a user who can upload a "safe" file extension (jpg, png, etc) to upload an ASP script and force it to execute on the web server.


Read more »
Created by dave-d 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Safe, Reliable, Hash Dumping

http://blog.metasploit.com

The Metasploit Meterpreter has supported the "hashdump" command (through the Priv extension) since before version 3.0. The "hashdump" command is an in-memory version of the pwdump tool, but instead of loading a DLL into LSASS.exe, it allocates memory inside the process, injects raw assembly code, executes its via CreateRemoteThread, and then reads the captured hashes back out of memory. This avoids writing files to the drive and by the same token avoids being flagged by antivirus (AV) and intrusion prevention (HIPS) products.


Read more »
Created by martha23 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Happy Holidays (Project Updates)

http://blog.metasploit.com

Even though Metasploit 3.3.3 was just released on December 23rd, the holidays provided some free time for the community and the development team to add more shiny to the Metasploit Framework.


Read more »
Created by uipoloa 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Metasploit 3.3.1 + NeXpose Community Edition

http://blog.metasploit.com

On December 1st, Rapid7 announced the Community Edition of the NeXpose vulnerability management product. At the same time, we released version 3.3.1 of the Metasploit Framework, which contains the first step towards full integration between NeXpose and Metasploit.


Read more »
Created by gamer2k2 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

A refreshing new direction

http://blog.metasploit.com

For those of you who don't know me, I have been a developer and computer security enthusiast for many years. I have been involved in computer security, specifically, for the last ten years. The first six years were as an independent research and hobbyist. I have spent the last four years working professionally as a software vulnerability researcher.

Tomorrow I will become the latest addition to the Metasploit and Rapid7 team, filling the Exploit Developer position. I am truly honored to have the chance to be part of such a talented team.


Read more »
Created by jake 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Metasploit Framework 3.3 Released!

http://blog.metasploit.com

We are excited to announce the immediate availability of version 3.3 of the Metasploit Framework. This release includes 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. In addition, the Windows payloads now support NX, DEP, IPv6, and the Windows 7 platform.


Read more »
Created by martin_d 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Meterpreter Pivoting, Web Scanning, Wireless, and More!

http://blog.metasploit.com

Last week we released Metasploit 3.3.2 following on the heels of Metasploit 3.3.1. This release marked a major change to how the Meterpreter backend processed commands; instead of running each request serially, the Meterpreter now spawns a background thread for each request.


Read more »
Created by susan 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Automatically Routing Through New Subnets

http://blog.metasploit.com

Among the coolest features in metasploit is the ability to pivot through a meterpreter session to the network on the other side. The route command in msfconsole sets this up but requires a bit of typing to get right.


Read more »
Created by ebookey 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Exploiting the Samba Symlink Traversal

http://blog.metasploit.com

Last night, Kingcope uploaded a video to youtube demonstrating a logic flaw in the Samba CIFS service (this was followed by a mailing list post). This bug allows any user with write access to a file share to create a symbolic link to the root filesystem. From this link, the user can access any file on the system with their current privileges.


Read more »
Created by admin 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Postgres Fingerprinting

http://blog.metasploit.com

Many database servers helpfully provide version number, platform, and other salient details to just about anyone who asks, authenticated or not, which makes fingerprinting these applications a snap. However, Postgres is a little more coquettish about revealing such personal information about itself to just anyone. The best way to determine Postgres' version is to log in and just ask with a "select version()" query, but what if you don't (yet) have credentials?

Lucky for unauthenticated types, it turns out that Postgres is pretty forthcoming in its authentication failure messages.


Read more »
Created by ebookey 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Metasploit Framework 3.3.3 Exploit Rankings

http://blog.metasploit.com

This morning we released version 3.3.3 of the Metasploit Framework - this release focuses on exploit rankings, session automation, and bug fixes. The exploit rank indicates how reliable the exploit is and how likely it is for the exploit to have a negative impact on the target system. This ranking can be used to prevent exploits below a certain rank from being used and limit the impact to a particular target.


Read more »
Created by Timothy van Zad... 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
5

Reproducing the "Aurora" IE Exploit

http://blog.metasploit.com

Update: This module, just like the original exploit, only works on IE6 at this time. IE7 requires a slightly different method to reuse the object pointer and IE8 enables DEP by default.


Read more »
Created by ebookey 3 weeks 2 days ago – Made popular 3 weeks 2 days ago
Category: Utilities   Tags:
1

BIOS password recovery tool

http://www.cgsecurity.org

Here's a BIOS password recovery tool, too bad it needs root access in Linux to get access to cmos. In windows it just works according to the author. Another point for Linux security, another point against helping recovering a lost root password.

CmosPwd decrypts password stored in cmos used to access BIOS SETUP.
Works with the following BIOSes

* ACER/IBM BIOS
* AMI BIOS
* AMI WinBIOS 2.5
* Award 4.5x/4.6x/6.0
* Compaq (1992)
* Compaq (New version)
* IBM (PS/2, Activa, Thinkpad)
* Packard Bell


Read more »
Created by kaikokan 45 weeks 3 days ago – Made popular 45 weeks 3 days ago
Category: Utilities   Tags:
1

Secure Your Linux Host - Part 2: Secure SSH

http://artofinfosec.com

SSH is the preferred (perhaps de facto) remote login service for all things UNIX. The old-school remote login was telnet. But telnet was completely insecure. Not only was the confidentiality of the session not protected, but the password wasn’t protected at all - not weak protection - no protection.


Read more »
Created by kaikokan 1 year 3 weeks ago – Made popular 1 year 3 weeks ago
Category: Utilities   Tags:
1

How to set up an auto-mounted keyfile based luks partition for your home directory

http://techiem2.net

If you have no clue what the title is about:

The story is about encrypting the part of your disk where you keep personal data, keeping the key to the encryption on a flash disk (usb stick). And if you have it inserted while logging in it will automatically decrypt the disk! If not you get a normal home partition where you shouldn't keep any sensitive data.
Great tutorial.
"Anyone that carries confidential data around on their laptop has probably considered encryption at some point or other.


Read more »
Created by kaikokan 1 year 3 weeks ago – Made popular 1 year 3 weeks ago
Category: Tech   Tags:
2

changing your forgotten password in ubuntu, from live cd

http://www.howtogeek.com

how to change your password in ubuntu after booting from live cd, tutorial describes locating your system disk, mounting it, chroot to system root and execute passwd after startup from live cd.
So you can login again!


Read more »
Created by susan 1 year 4 weeks ago – Made popular 1 year 4 weeks ago
Category: install linux   Tags:
3

How to write a Linux virus in 5 easy steps.

http://www.geekzone.co.nz

This guy shows it's possible to write a linux email virus, in a few simple steps

The rumor of the bullet-proof Linux architecture

There is this rumor going around that Linux is virus free. It is said that the old-fashioned multi-user heritage of Linux (and other *nix OSs) prevents malware, since users are not normally running their programs in admin mode (as root user). We are reminded that execute bits are needed to run anything – contrary to Windows – and that execute bits aren't set on any attachments or files saved from emails or from a web-browser.


Read more »
Created by Anonymous 1 year 4 weeks ago – Made popular 1 year 4 weeks ago
Category: Linux News   Tags:

Add this site to google
Add to Google

site feed

Syndicate content

don't forget to vote if you find something useful!!