Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 01/15/23 in all areas

  1. Salut a todos, Am un proiect pe partea de CyberSecurity, la care lucrez de ceva timp impreuna cu un fost coleg de munca si pe care as vrea sa vi-l prezit si voua cu speranta in a veni si a-l testa. Am fost si la Defcamp unde am avut un stand (multumim @Andrei cu aceasta ocazie) si am rulat un program de BugBounty (care inca e valid - cine gaseste un bug valid il raporteaza si in functie de severitate vom premia cu vouchere Emag) Pe scurt, este vorba de https://razdon.com , un website care va ofera posibilitatea de a "onboardui" si a veda traficul vostru LIVE cu un extra context de securitate la fiecare request. Aceasta parte de live este prezentata sub forma unui dashboard unde poti vedea harta lumii si toate request-urile venind spre locatia serverului tau. Aveti un screenshot atasat mai jos: Dupa cum vedeti proiectul a fost dezvoltat pe RST si aici puteti vedea un window de aproximativ 8 ore cu toate statisticiile legate de RST in aceste 8 ore + traficul live, bineinteles. Pe langa partea de dashboard live, care necesita interactiune minima (practic este doar selectia site-ului in scop - in cazul in care aveti mai multe), avem si partea de analiza de trafic. In partea de analiza de trafic ai optiunea de a cauta in toate request-urile pe o anumita perioada de timp dupa ceva anume (ex. toate requesturile cu status code 4XX or 3XX). In partea de analiza este prezenta si un scurt istoric al atacurilor recente (cu tot cu tipul lor) Puteti vedea o bucata din acesta pagina mai jos: Un alt meniu destul de interesat este cel cu partea de certificate SSL, unde va puteti verifica data de expirare a certificatului (iar pe viitor vom implementa si sistem de alerte - atat la certificate cat si la atacuri). Un screenshot cu partea de certificate mai jos: Putem implementa si partea de WAF, dar momentan avem 0 focus in aceasta directie. Foarte curand vom face release si la un beta pe partea de artificial intelligence / machine learning, cu ajutorul carora vom maximiza eficienta detectarii atacurilor. Acestea fiind spuse, daca cineva este interesat de un asemenea produs, inregistrariile sunt deschise si puteti urma pasii necesari pentru a viziona traficul. Pentru a evita intrebariile de tipul cum faceti asta, va informez de pe acum ca singurul lucru care e necesar pentru aceste actiun sunt logurile de apache, respectiv nginx cu traficul website-ului. Momentan preluam aceste loguri cu un binar scris in GO (pentru eficienta) dar voi pune si varianta (raw) cea de a trimite catre API-ul nostru log-urile fara a rula un binar (safety reasons). O mica schema pentru a intelege mai bine cum sta treaba aveti jos. Mersi si o seara faina! P.S. In caz ca vrea sa ne cumpere careva cu vreo 2-3 mil de euro sa-mi dea un MP, dupaia e mai scump.
    1 point
  2. RecoverPy RecoverPy is a powerful tool that leverages your system capabilities to recover lost files. Unlike others, you can not only recover deleted files but also overwritten data. Every block of your partition will be scanned. You can even find a string in binary files. Demo Installation RecoverPy is currently only available on Linux systems. Dependancies Mandatory: To list and search through your partitions, recoverpy uses grep, dd, and lsblk commands. Although, if you're running a major Linux distrucition these tools should already be installed. Optional: To display real time grep progress, you can install progress. To install all dependencies: Debian-like: apt install grep coreutils util-linux progress Arch: pacman -S grep coreutils util-linux progress Fedora: dnf install grep coreutils util-linux progress Installation from pip python3 -m pip install recoverpy Usage python3 -m recoverpy You must be root or use sudo. Select the system partition in which your file was. If you are out of luck, you can alternatively search in your home partition, maybe your IDE, text editor, etc. made a backup at some point. Type a text string to search. See tips below for better results. Start search, Results will appear in the left-hand box. Select a result. Once you have found your precious, select Open. You can now either save this block individually or explore neighboring blocks for the remaining parts of the file. You could then save it all in one file. Tips Always do backups! Yes, maybe too late... Unmount your partition before you do anything! Although you can search with your partition still mounted, it is highly recommended to unmount your partition to avoid any alteration to your file. Regarding the searched string: Be concise, find something that could be unique to your file. Stay simple, your string is escaped but exotic characters may affect your results. Try to remember the last edit you have made to your file. When you have found your file: You might see multiple results. Your system often use different partion blocks to save successive versions of a file. Make sure you've found the last version. Try exploring neighboring blocks to be sure to save your whole file. Contributing Thank you for considering contributing to RecoverPy. Any request, bug report or PR are welcome. Please read the contributing guide. Download: RecoverPy-main.zip or git clone https://github.com/PabloLec/RecoverPy.git Source: github.com
    1 point
  3. A patch was released in October, but not all servers have installed it. Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. “This is an unauthenticated RCE,” members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit. “Exploitation is trivial and a PoC published.” PoC refers to a proof-of-concept code that exploits the vulnerability. The vulnerability is tracked as CVE-2022-44877. It was discovered by Numan Türle of Gais Cyber Security and patched in October in version 0.9.8.1147. Advisories didn’t go public until earlier this month, however, making it likely some users still aren’t aware of the threat. Figures provided by Security firm GreyNoise show that attacks began on January 7 and have slowly ticked up since then, with the most recent round continuing through Wednesday. The company said the exploits are coming from four separate IP addresses located in the US, Netherlands, and Thailand. Shadowserver shows that there are roughly 38,000 IP addresses running Control Web Panel, with the highest concentration in Europe, followed by North America and Asia. The severity rating for CVE-2022-44877 is 9.8 out of a possible 10. “Bash commands can be run because double quotes are used to log incorrect entries to the system,” the advisory for the vulnerability stated. As a result, unauthenticated hackers can execute malicious commands during the login process. The following video demonstrates the flow of the exploit. Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877 The vulnerability resides in the /login/index.php component and resulted from CWP using a faulty structure when logging incorrect entries, according to the Daily Swig. The structure is: echo "incorrect entry, IP address, HTTP_REQUEST_URI" >> /blabla/wrong.log. “Since the request URI comes from the user, and as you can see it is within double quotes, it is possible to run commands such as $(blabla), which is a bash feature,” Türle told the publication. Given the ease and severity of exploitation and the availability of working exploit code, organizations using Control Web Panel should ensure they’re running version 0.9.8.1147 or higher. Via arstechnica.com
    1 point
  4. De ce nu dai direct paginile? Sa stie lumea de ce e vorba. Cand vinzi asa ceva, ar fi util sa dai: - Link(uri) catre pagina/pagini - Un screenshot cu reach/interactiuni la o postare fara link - Un screenshot cu reach/interactiuni la o postare cu link Eviti sa pierzi timpul, atat tu cat si potentialii clienti
    1 point
×
×
  • Create New...