Gudinna Wiki VisaÄndraBifogaVersionerUppdateratSökKarta

boom - Nätverkserversäkerhetsinformation


Remember

External Image

http://www.sitic.se/ - Recommendations from the swedish IT-incidentministry.

@Did NSA Put a Secret Backdoor in New Encryption Standard? - Dual_EC_DRBG
If so stay away from this API http://msdn2.microsoft.com/en-us/library/aa375534.aspx

Ligistsidan
Krossa spammare .. olika smaker
Datorvirus och maskar
Nätverks-Sniffers samt andra tillbehör för nätverkstekniker.

@Google hacking database - funny search querys for sensitive information
@Hacking Google - A little story about making google print spitting out full .pdf's of books.
Vad som finns innanför BusyBox på BBB XAVI-X8222r - Hur man kan fiska fram root lösenord till Bredbandsbolagets operatörslåsta modem via modemets webinterface.
Inside Toshiba AC100-10D (scandinavian model)

Wargames och hacking resurser.

@The glider
  Uploaded Image: Glider.png
@hacker-emblem
Wargames är servrar uppsatta av hackers för hackers. Små spel där målet är att bryta sig in på servern som kör wargamet. Observera att det är mycket olagligt att göra samma sak mot en server som INTE kör ett wargame! Läs INSTRUKTIONERNA innan du börjar delta i spelen så att du är på det klara vilka regler som gäller!

http://www.thebroken.org/ - shows how hacking is done.
http://www.bpfh.net/simes/computing/chroot-break.html - How to break out of a chroot() jail
@Hack.se has opened a wiki, this might be a interesting spot to watch in the future...

Olika tekniker som elak-kod använder

musings-surgery with printf.pdf

Elak-kod-arkiv som får servermjukvaror att mjukna

http://www.s0ftpj.org/en/tools.html

w00tw00t.at.ISC.SANS.DFind

http://seclists.org/fulldisclosure/2005/Jun/0098.html

Apache

Running OpenBSD/NetBSD/FreeBSD with unpatched default apache? Risks are that @GOBBLES know a way to escape your security grip.
@Original source for GOBBLES exploits.

Many webservers running AWStats are remote exploitable

OpenSSH pre 3.4 exploit

patch openssh-3.4p1.tar.gz with this ssh.diff and you got the cyber weapon of the millenium. this is the end of a era. OpenBSD one remote exploit in nerly six years. sad but true. install openssh v3.4 and be safe.
Original @GOBBLES SSH exploit tar ball :sshutup-theo.tar.gz

Samba

Windows NT/2k/XP/.NET RC1 with NETBIOS
enabled DoS Attack tool.
SMBdie.zip

Unknown:
SMB Password brute force crack
smbcrack.c

smbcrack

Pine

pine-cert-20040201.txt BSD local

Säkerhetshål i mjukvara

Unpatched security holes


Title: Using the backbutton in IE is dangerous.
Read more: http://online.securityfocus.com/archive/1/267561
Test the exploit : Using the backbutton in IE is dangerous.
Confirmed:
OSBrowserVersion
Windows NT Wokstation 4IE5.50.4807.3200CO SP2
Patches: @None?
added by: dinki

if you think this is serious.. well here is list of more reasons to avoid explorer. @Unpatched IE holes.

Patched secutiry holes

Title: IE craches if it encounters the tag <input type> before <html> on a webpage
Read more and test the exploit: Missing File (/gudinna/uploads/IEcrash.html) (Note! this might crash your browser)
Patches: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-032.asp

Title: SAMBA remote root explot
Exploit: sambal.c
Patches: http://www.samba.org
Verified:
$ ./sambal -b bruteforce lotus.gudinna.com
samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)
--------------------------------------------------------------
+ Bruteforce mode. (Linux)
+ Host is running samba.
+ Worked!
--------------------------------------------------------------
*** JE MOET JE MUIL HOUWE
OpenBSD lotus 3.1 GENERIC#1 i386
uid=0(root) gid=0(wheel) egid=32767(nobody) groups=32767(nobody)
whoami
root

Comment: well well.. remember keep track of your servers installed from ports... ;)

Title: Read local files using Netscape/Mozilla browsers.
Read more and test the exploit: http://sec.greymagic.com/adv/gm001-ns/
Patches: Downlod new version of your software based on Mozilla 1 RC2.
Solution: Install netscape v5/v4 or install any new Mozilla/Netscape browser based on the new Mozilla 1.0 RC2 engine.
added by: zyz

Title: OpenBSD 3.0 cron / mail local root exploit
Read more: http://www.openbsd.org/errata30.html#mail
Test the exploit : http://packetstormsecurity.nl/0204-exploits/obsd-cron.c or OpenBSD 3.0 (before 08 Apr 2002) local mail exploit
Confirmed:
OSHostLog
OpenBSD 3.0 (GENERIC) #94: Thu Oct 18 14:48:27 MDT 2001 lotus.gudinna.com lotus.txt
Patches: @Yes
added by: dinki

Title: IE allows universal Cross Site Scripting.
Read more: http://jscript.dk/adv/TL002/
Test the exploit : IE allows universal Cross Site Scripting
Patches: @Yes : Patch side effects, this seems to be a quick patch from microsofts side. When trying to run the standalone executable iexplore.exe may result in craches and many menu options are disabled. running the integrated IE inside file widows works with menu options.
added by: zyz

Title: Windows XP Helpcenter Flaw (file delete)
Missing File (/gudinna/uploads/helpcenter.htm)

easy.tgz

Referenser till aktuell sida