Thursday, December 24, 2015

EICAR - How to test upload file antivirus protection doing security assessments



how to brute force local users using telnet on open SMTP relays


Sometimes doing a penetration test there is a open SMTP relay.
This can be used to brute force local users.

telnet <smtp-server> <port>

smtp> HELO test
smtp> MAIL FROM: bughunter@x1622.com
smtp> RCPT TO: admin@localhost
smtp> RCPT TO: root@localhost 
smtp> RCPT TO: test@localhost 
smtp> RCPT TO: local@localhost 
...

You will receive different responses if user exists or not. 

Wednesday, December 23, 2015

create huge file with random content in bash

Sometimes needed to create huge files with random stuff for penetration tests.

tr -dc A-Za-z0-9 </dev/urandom |dd of=/tmp/test.txt bs=1MB count=49 iflag=fullblock

count=<size-in-MB>

Microsoft Virtual Machines with different Internet Explorer Versions

Monday, December 21, 2015

SSH Disabling Password Authentication on Debian

/etc/ssh/sshd_config

set

PermitRootLogin no
PasswordAuthentication no
UsePAM no

How To Set Up SSH With Public-Key Authentication On Debian

https://www.howtoforge.com/set-up-ssh-with-public-key-authentication-debian-etch

Summary:
server> apt-get install ssh
client> mkdir ~/.ssh
client> chmod 700 ~/.ssh
client> cd ~/.ssh
client> ssh-keygen -t rsa -C "A comment"
client> scp -p id_rsa.pub remoteuser@remotehost:/tmp
server>ssh remoteuser@remotehost
server>mkdir ~/.ssh
server>chmod 700 ~/.ssh
server>cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
server>chmod 600 ~/.ssh/authorized_keys
server>mv /tmp/id_rsa.pub ~/.ssh
server>logout
client> rm id_rsa.pub
client> ssh remoteuser@remotehost


Monday, December 14, 2015

simple rule to block JOOMLA 0-day code execution with MODSECURITY


based on the information provided at SUCURIs blog this simple MOD-SECURITY rule should block the attack.

SecRule REQUEST_HEADERS:User-Agent "JDatabaseDriverMysqli" "phase:1,t:none,log,deny,msg:'Joomla 0-day code execution'"


Thursday, December 10, 2015

RFC1918 Address Allocation for Private Internets

Private Address Space

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

https://tools.ietf.org/html/rfc1918

Sunday, December 6, 2015

Three #DEFCON talks related to malware.


DEFCON 17: Making fun of your malware youtube
DEFCON 17: Malware Freakshow youtube
DEFCON 18: My Life As A Spyware Developer youtube