Basic Netcat commands

Basic Netcat commands -e prog inbound program to exec (dangerous!!)-g gateway source-routing hop point(s), up to 8-G num source-routing pointer: 4, 8, 12, ...-h this cruft-i secs delay interval for lines sent, ports scanned-l listen mode, for inbound connects-L listen harder, re-listen on socket close-n numeric-only IP addresses, no DNS-o file hex dump of traffic-p port local port number-r randomize local and remote ports-s addr local...

Read More

Exploiting a database server MySQL

Exploiting a database server MySQL This paper describes the process to get the credentials of a MySQL database server. Primarily when installing MySQL system administrators often place a weak password for the root user, as the case of root, configure remote connections to the server to any user and assign database to root, see Figure 1 , being this a serious security flaw that compremete the information handled in this server. The first...

Read More

The Shadow File Buffer Overflows with Bowcaster Part 2

Buffer Overflows with Bowcaster Part 2 This is the second in a multi-part tutorial on developing a buffer overflow exploit using Bowcaster.  Here's Part 1. In part 1, we had gotten a crash by sending a 2048-byte pattern to the vulnerable program. The saved return address had been overwritten with 0x41367241 and restored to the $ra register.  That value is located at an offset of 528 in our overflow buffer.  Now we need to...

Read More

BOTNET FORT DISCO" BRUTE FORCE ATTACKS WORDPRESS - JOOMBLA

Password theft has been a growing problem within the security community. Arbor Networks researchers have discovered a botnet called "Fort Disco" which was used to involve more than 6,000 websites based on popular CMS such as WordPress, Joomla and DataLife Engine. The botnet "Fort Disco" currently consists of about 25,000 Windows machines and receives a list of sites to attacks from a central command and control server. Robots also receive...

Read More

How to Move an Addon Domain to Its Own cPanel Account

How to Move an Addon Domain to Its Own cPanel Account One of the great features of cPanel is its ability to host multiple domains on a single account, which helps to reduce hosting costs (assuming your web hosts allows addon domains) and eases management tasks. However, there are limitations. For instance, if you need to install an SSL certificate on an addon domain, you will have to first move it to its...

Read More

The Shadow File Buffer Overflows with Bowcaster Part 1

Buffer Overflows with Bowcaster Part 1 This is the first in a multi-part tutorial on developing a buffer overflow exploit using Crossbow (now called Bowcaster), which I released earlier today. For this tutorial I've written a simple program in C that overflows a buffer on the stack with whatever it reads from the network.  I cross-compiled it for MIPS Linux and ran it using QEMU chrooted into the unpacked filesystem of the...

Read More

The Shadow File Buffer Overflows with Bowcaster Part 3

Buffer Overflows with Bowcaster Part 3 This is the third part in a multi part tutorial on using the Bowcaster exploit development framework to build a buffer overflow exploit. In the last part, we had built an exploit buffer and added a ROP chain that would flush the MIPS CPU cache, locate the stack (which is randomized), and return into it.  Now it's time to add a payload. Bowcaster provides a few MIPS Linux payloads, and the one we'll use for this buffer overflow is the connect-back payload, which will yield an interactive shell. In...

Read More

HOWTO : Adaptec Storage Manager on Ubuntu 64-bit Desktop

HOWTO : Adaptec Storage Manager on Ubuntu 64-bit Desktop I have 2 Adaptec RAID cards 5805 and 2405 on two different server and desktop. Adaptec Storage Manager monitors the RAID remotely. You can even create and format the RAID remotely too. However, it cannot upgrade the firmware under Linux system. Step 1 : Download Adaptec Storage Manager. Go to the following site and select the latest version of Storage Manager. 5805 and 2405 are under Adaptec Unified Serial SAS/SATA. The current version at this writing is v6.50.18570 dated...

Read More

MySQL vulnerability allows attackers to bypass password verification

IDG News Service - Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials. The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in May. However, many server administrators might not be aware of its impact, because the changelog for those versions contained very little information about the security bug. The vulnerability can only be exploited if MySQL...

Read More

D-Link Devices Unauthenticated Remote Command Execution

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::CommandShell def initialize(info = {}) super(update_info(info, 'Name' => 'D-Link Devices Unauthenticated Remote Command Execution', ...

Read More

10 Useful Options You Can Configure In Your Router’s Web Interface

Your wireless router has a variety of useful options you can configure. These are practically hidden — you wouldn’t know these features exist unless you were digging through your router’s configuration pages. Bear in mind that different routers have different options. You may not have all the options listed here on your own router. The options will also be in different places with different names. Accessing Your Router’s Web Interface The...

Read More

A comprehensive tutorial explaining the importance of SEO for WordPress

WordPress is a universally known platform for creating websites and blogs with attractive themes. One of the best aspects that differentiate it from the other platforms is the fact that it is extremely easy to use. You do not need to be a master in the plethora of coding languages available. It has a series of plugins that support SEO and are extremely compatible. If you wish to create stunning business websites but financial crunch and budget...

Read More