Pages

Showing posts with label vulnerability. Show all posts
Showing posts with label vulnerability. Show all posts

Tuesday, February 13, 2018

Fedora 27 : Test browsers for inline security.

Open the browser with this page: https://github.com.
Next step is to open the Developer Tools console.
If you use Opera then you can use this keys: Ctr+Shift +C .
If you use Firefox or Chrome browsers use F12 key.
Paste the following code into the console area to create a new inline script and add this java script:
var test = document.createElement('script');
test.innerText = 'alert("hi there");'
document.body.appendChild(test);
For example, this is a good security result on my Opera browser.

The result of this message tell us about the script we tried to execute was stopped by the browser.

Saturday, April 15, 2017

Linux: tools to scan a Linux server for malware and rootkits.

This tools are: chkrootkit, rkhunter, fuser and ISPProtect. All of this tools can be install under Fedora 25 with dnf tool. First tool is chkrootkit is a classic rootkit scanner. It checks your server for suspicious rootkit processes and checks for a list of known rootkit files.
[root@localhost mythcat]# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
...
The Rootkit Hunter named rkhunter is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.
[root@localhost mythcat]# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]
[root@localhost mythcat]# rkhunter --propupd
[ Rootkit Hunter version 1.4.2 ]
File created: searched for 172 files, found 136
[root@localhost mythcat]# rkhunter -c --enable all --disable none
[ Rootkit Hunter version 1.4.2 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /usr/bin/awk                                             [ OK ]
    /usr/bin/basename                                        [ OK ]
    /usr/bin/bash                                            [ OK ]
    /usr/bin/cat                                             [ OK ]
    /usr/bin/chattr                                          [ OK ]
    /usr/bin/chmod                                           [ OK ]
    /usr/bin/chown                                           [ OK ]
    /usr/bin/cp                                              [ OK ]
...
Another tool is fuser
[root@localhost mythcat]# fuser -vn tcp 5222
...
The output of this command let you to see the recall of anything on your machine that should be listening on tcp port 5222.
[root@localhost mythcat]# fuser -vn tcp 19635
...
This output indicates that there is a process named "foo" running with PID number and listening on port 19635. The last tool is ISPProtect. ISPProtect is a malware scanner for web servers, it scans for malware in website files and CMS systems like Wordpress, Joomla, Drupal

Thursday, March 9, 2017

News: WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency.

This is a old news and comes from WikiLeaks how to start one new series of leaks on the U.S. Central Intelligence Agency.
For me is another way to show bugs to people.
The article can be found here:
Some software come with new updates to fix bugs - like notepad, see article: Notepad++ 7.3.3 update fixe.

Wednesday, December 30, 2015

Joanna Rutkowska talk on the 32C3 streaming site.

Joanna Rutkowska covered the last few decades of security on computers.
You can see Joanna Rutkowska 32c3 streaming media.

Thursday, December 24, 2015

How to fix Grub2 bootloader flaw.

According to researchers Ismael Ripoll and Hector Marco,who wrote this article:

A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.

Just hit the backspace key 28 times at the Grub username prompt during power-up.
This will open a Grub rescue shell with the rescue shell allows unauthenticated access to a computer and the ability to load another environment.
The Grub versions 1.98 to 2.02 are affected and suffer integer overflow problem.
The basic of the fault lies within two functions; the grub_password_get() function and the and grub_password_get() script.
To fix it use this patch.

Thursday, June 11, 2015

Fix Bash shell vulnerability under Linux OS .

If some Bash code outside of the curly brace then it will then be executed by the linux system.
env x='() { :;}; echo vulnerable' bash -c " bash test "
If your system is vulnerable, it will then output:
vulnerable
bash test 
How Do You Fix It ? Just open up a terminal, and type:
sudo apt-get update
sudo apt-get upgrade
or under Fedora with :
sudo yum update
Also you can see more about linux and linux tutorials here.