Jump to content


  • Content count

  • Joined

  • Last visited

Community Reputation

33 Excellent

About osirium

  • Rank
    Registered user
  1. CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE " This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as root. Symantec Messaging Gateway, formerly known as Brightmail, is a linux-based anti-spam/security product for e-mail servers. It is deployed as a physical device or with ESX in close proximity to the servers it is designed to protect. " PS. The advisory says something regards a fully automated python file which can be used to p0wn vulnerable targets but probably won't be released for well-understood reasons. Source: http://seclists.org/fulldisclosure/2017/Aug/28
  2. Summary: " SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to quickly create randomly vulnerable virtual machines that can be used for learning or for hosting CTF events. " Source: https://github.com/cliffe/SecGen
  3. G-Scout: OSS tool to assess the security of Google Cloud Platform (GCP) environment configurations " G-Scout is a tool to help assess the security of Google Cloud Platform (GCP) environment configurations. By leveraging the Google Cloud API, G-Scout automatically gathers a variety of configuration data and analyzes this data to determine security risks. It produces HTML output, which allows for convenient browsing of results. The audited data relates to: IAM roles Compute engine instances Storage buckets Firewall rules SQL and noSQL databases Service account keys G-Scout also allows users to create and customize rulesets simply by creating Python functions. " Source: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/august/introducing-g-scout/
  4. Arbitrary code execution via crafted ssh:// in Git """ A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. """ Source: http://blog.recurity-labs.com/2017-08-10/scm-vulns https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html
  5. Writing my first shellcode - iptables -P INPUT ACCEPT " I've recently started to look into basic application security concepts using the imho excellent material from OpenSecurityTraining.info. In this blogpost I'd like to share my first piece of shellcode executing iptables -P INPUT ACCEPT. **Background** After practically learning how to exploit a simple stackoverflow I wanted to see if I could write my own shellcode. I somehow came across the shellcode repository at shell-storm.org and wanted to develop something that wasn't already in there and is somehow useful. There are multiple entries which execute iptables -F. However, as far as I know, this only flushes all rules from all tables, but doesn't change the default policies. So it may drop all rules, but if a server's default policy is DROP you'll cut the machine off the internet. Mission failed. My idea was to write a piece of shellcode that would change the default policy of the INPUT chain to ACCEPT, i.e. run iptables -P INPUT ACCEPT. Writing shellcode First of all, I'd like to say that I'm not an 1337 sh3llc0d3 3Xp3rt. I read about some basics and tried to understand other people's shellcode and their tricks. So feedback is very welcome! Simply leave a comment or send me an e-mail. The goal is to run /sbin/iptables -P INPUT ACCEPT. At this point we assume that the exploited application has enough privileges to execute this command. Otherwise you might want to add some setuid(0) code or so. " Source: https://0day.work/writing-my-first-shellcode-iptables-p-input-accept/
  6. Smuggling HTA files in Internet Explorer/Edge "In this blog post, we will demonstrate how attackers can serve malicious HTML Application (HTA) [1] files in a way that may bypass traditional proxy filtering. We will also cover some defensive mechanisms that can be used to prevent such attacks. " Source: https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/smuggling-hta-files-in-internet-exploreredge/
  7. Learn C# by Building a Simple RPG " If you want to write a Role Playing Game, but don’t know how to program, or just want to learn how to program in C#, then you’re at right the place. These lessons will take you from a complete beginner to being an author of a Role Playing Game, for free. Now, this isn’t the world’s greatest game. In fact, it’s very short and kind of ugly. However, as you create it, you’ll learn the most common C# programming practices and techniques. Then, if you want, you can improve the game, adding more features and your own special touch to it... " Sources: [-] https://scottlilly.com/learn-c-by-building-a-simple-rpg-index/ [-] https://roguesharp.wordpress.com/
  8. Awesome Hacking A collection of awesome lists for security researchers. Source: https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md
  9. Kali linux revealed

    A couple of weeks ago I did a test installing a bare Debian 9 VM. Then I started to add top 50 tools from Kali Linux. To be honest, this VM is working like a charm atm without all the other unnecessary bull shit which is coming by default with Kali Linux. Overall, you have to understand this distro was built mainly by an Israeli dude and that should raise some concerns. Don't get me wrong, it is an amazing distro but once its popularity grew among security professionals, some interests into have it "backdoored" probably elevated as well. There is also the BlackArch alternative which overall is way more time consuming from tweaking perspective. Also, personally, I found Arch being slightly unfriendly with VMWARE workstation and very sensitive to different kernel changes. But this is just a personal opinion.
  10. " Your Node.js authentication tutorial is wrong ... digging through various Node.js tutorials, as it seems that every Node.js developer with a blog has released their own tutorial on how to do things the right way, or, more accurately, the way they do them. Thousands of front-end developers being thrown into the server-side JS maelstrom are trying to piece together actionable knowledge from these tutorials, either by cargo-cult-copypasta or gratuitous use of npm install as they scramble frantically to meet the deadlines set for them by outsourcing managers or ad agency creative directors. One of the more questionable things in Node.js development is that authentication is largely left as an exercise to the individual developer. The de facto authentication solution in the Express.js world is Passport, which offers a host of strategies for authentication. If you want a robust solution similar to Plataformatec’s Devise for Ruby on Rails, you’ll likely be pointed to Auth0, a startup who has made authentication as a service. Compared to Devise, Passport is simply authentication middleware, and does not handle any of the other parts of authentication for you: that means the Node.js developer is likely to roll their own API token mechanisms, password reset token mechanisms, user authentication routes and endpoints, and views in whatever templating language is the rage today. Because of this, there are a lot of tutorials that specialize in setting up Passport for your Express.js application, and nearly all of them are wrong in some way or another, and none properly implement the full stack necessary for a working web application..... " Source: https://medium.com/@micaksica/your-node-js-authentication-tutorial-is-wrong-f1a3bf831a46
  11. Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users " ..., another popular Chrome extension 'Web Developer' was hijacked by some unknown attackers, who updated the software to directly inject advertisements into the web browser of over its 1 million users. Chris Pederick, the creator of Web Developer Chrome extension that offers various web development tools to its users, alerted late Wednesday that some unknown hackers apparently phished his Google account, updated the extension to version 0.4.9, and pushed it out to its 1,044,000 users. In both the cases, cyber criminals used phishing first to gain access to the developers' Google accounts, hijacked their respective extensions and then updated the extension to perform malicious tasks. " Source: https://thehackernews.com/2017/08/chrome-extension-for-web-developers.html
  12. MalwareTech arrested

    Framing. Sounds like a 1984 Romanian Secret Police operation. The difference is they were much better at doing this than nowadays FBI. https://theoutline.com/post/2054/the-wannacry-hacker-hero-was-spending-big-in-vegas-before-his-arrest LOL
  13. Tare asta. Mai ales sa iti trimita inapoi pe un server ce a vizitat "nenea". Merci!
  14. Deep Web, sau internetul ascuns

    Servus, Partea cu Tor este interesanta si ok nu numai pt accesarea site-urilor under web. Exista si o alta varianta de a rula tor si anume se descarca masina virtuala cu tor si utilitar anonymity. Este un appliance Linux vmdk care din cate imi aduc aminte se gasea la liber si pe site-ul vmware, janusvm. Se instaleaza un vmplayer si se porneste aceasta masina. Configurarea este foarte simpla la nivelul acestui appliance. In browser-ul local se trece ca proxy adresa specificata de appliance dupa configuratie. Se poate accesa apoi web-ul fie in full anonymity, fie folosindu-se doar circuitele tor sau ambele impreuna. ATENTIE: daca incercati sa accesati retele sociale folosind tor la un moment dat vor apare probleme iar de exemplu facebook va va pune o multime de intrebari ..
  15. 227 de milioane cuvinte dictionar

    Nice one...merci fain