boom - Nätverkserversäkerhetsinformation
Remember
http://www.sitic.se/ - Recommendations from the swedish IT-incidentministry.
Did NSA Put a Secret Backdoor in New Encryption Standard? - Dual_EC_DRBG
If so stay away from this API http://msdn2.microsoft.com/en-us/library/aa375534.aspx
Ligistsidan
Krossa spammare .. olika smaker
Datorvirus och maskar
Nätverks-Sniffers samt andra tillbehör för nätverkstekniker.
Google hacking database - funny search querys for sensitive information
Hacking Google - A little story about making google print spitting out full .pdf's of books.
Vad som finns innanför BusyBox på BBB XAVI-X8222r - Hur man kan fiska fram root lösenord till Bredbandsbolagets operatörslåsta modem via modemets webinterface.
Inside Toshiba AC100-10D (scandinavian model)
Wargames och hacking resurser.
Wargames är servrar uppsatta av hackers för hackers. Små spel där målet är att bryta sig in på servern som kör wargamet. Observera att det är mycket olagligt att göra samma sak mot en server som INTE kör ett wargame! Läs INSTRUKTIONERNA innan du börjar delta i spelen så att du är på det klara vilka regler som gäller!
http://www.thebroken.org/ - shows how hacking is done.
http://www.bpfh.net/simes/computing/chroot-break.html - How to break out of a chroot() jail
Hack.se has opened a wiki, this might be a interesting spot to watch in the future...
Olika tekniker som elak-kod använder
musings-surgery with printf.pdf
Elak-kod-arkiv som får servermjukvaror att mjukna
http://www.s0ftpj.org/en/tools.html
w00tw00t.at.ISC.SANS.DFind
http://seclists.org/fulldisclosure/2005/Jun/0098.html
Apache
Running OpenBSD/NetBSD/FreeBSD with unpatched default apache? Risks are that GOBBLES know a way to escape your security grip.
Original source for GOBBLES exploits.
Many webservers running AWStats are remote exploitable
OpenSSH pre 3.4 exploit
patch openssh-3.4p1.tar.gz with this ssh.diff and you got the cyber weapon of the millenium. this is the end of a era. OpenBSD one remote exploit in nerly six years. sad but true. install openssh v3.4 and be safe.
Original GOBBLES SSH exploit tar ball :sshutup-theo.tar.gz
Samba
Windows NT/2k/XP/.NET RC1 with NETBIOS
enabled DoS Attack tool.
SMBdie.zip
Unknown:
SMB Password brute force crack
smbcrack.c
smbcrack
Pine
pine-cert-20040201.txt BSD local
Säkerhetshål i mjukvara
Unpatched security holes
Title: Using the backbutton in IE is dangerous.
Read more: http://online.securityfocus.com/archive/1/267561
Test the exploit : Using the backbutton in IE is dangerous.
Confirmed:
OS | Browser | Version |
Windows NT Wokstation 4 | IE | 5.50.4807.3200CO SP2 |
Patches: None?
added by: dinki
if you think this is serious.. well here is list of more reasons to avoid explorer. Unpatched IE holes.
Patched secutiry holes
Title: IE craches if it encounters the tag <input type> before <html> on a webpage
Read more and test the exploit: Missing File (/gudinna/uploads/IEcrash.html) (Note! this might crash your browser)
Patches: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-032.asp
Title: SAMBA remote root explot
Exploit: sambal.c
Patches: http://www.samba.org
Verified:
$ ./sambal -b bruteforce lotus.gudinna.com
samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)
--------------------------------------------------------------
+ Bruteforce mode. (Linux)
+ Host is running samba.
+ Worked!
--------------------------------------------------------------
*** JE MOET JE MUIL HOUWE
OpenBSD lotus 3.1 GENERIC#1 i386
uid=0(root) gid=0(wheel) egid=32767(nobody) groups=32767(nobody)
whoami
root
Comment: well well.. remember keep track of your servers installed from ports... ;)
Title: Read local files using Netscape/Mozilla browsers.
Read more and test the exploit: http://sec.greymagic.com/adv/gm001-ns/
Patches: Downlod new version of your software based on Mozilla 1 RC2.
Solution: Install netscape v5/v4 or install any new Mozilla/Netscape browser based on the new Mozilla 1.0 RC2 engine.
added by: zyz
Title: OpenBSD 3.0 cron / mail local root exploit
Read more: http://www.openbsd.org/errata30.html#mail
Test the exploit : http://packetstormsecurity.nl/0204-exploits/obsd-cron.c or OpenBSD 3.0 (before 08 Apr 2002) local mail exploit
Confirmed:
OS | Host | Log |
OpenBSD 3.0 (GENERIC) #94: Thu Oct 18 14:48:27 MDT 2001 | lotus.gudinna.com | lotus.txt |
Patches: Yes
added by: dinki
Title: IE allows universal Cross Site Scripting.
Read more: http://jscript.dk/adv/TL002/
Test the exploit : IE allows universal Cross Site Scripting
Patches: Yes : Patch side effects, this seems to be a quick patch from microsofts side. When trying to run the standalone executable iexplore.exe may result in craches and many menu options are disabled. running the integrated IE inside file widows works with menu options.
added by: zyz
Title: Windows XP Helpcenter Flaw (file delete)
Missing File (/gudinna/uploads/helpcenter.htm)
easy.tgz
Referenser till aktuell sida