namhb

In previous post, i installed snort with barnyard to send log to snort report. Today, i installed addition Base: Snort log analysis: Download file: #wget http://sourceforge.net/projects/adodb/files/latest/download?source=files #wget http://sourceforge.net/projects/secureideas/files/latest/download?source=files #yum --enablerepo=epel -y install php-adodb php-pear-Image-Graph #unzip adodb517.zip #tar xvzf base-1.4.5.tar.gz #cp -R base-1.4.5 /var/www/html/ #mv  /var/www/html/base-1.4.5  /var/www/html/base #cp -R adodb5 /var/www/html/base #chmod 777 -R /var/www/html/base Go http:// /base and setup, adodb path is /var/www/html/base/adodb5 After complete this tutorial, i started config snort to send log to center log. I am using splunk to Log Central Manager. I used syslog-ng to send snort log to splunk. Frist, in snort machine, i edited config to force snort write alert to plain text file: #vim /etc/sysconfig/snortd ( i don`t remmeber path) Find ALERT and uncomment it, change ALERT=fu

Today i started learning Python. I had first program. After finish, i learned: print number, string, format etc function local and global variable read file string find index and substring And now, this is my first program: #Author:     Namhb #Email:     namhb@gmail.com #Program:    Demo1 #Version:    0.1 ############################################# ##### Start program ##### Lib import getpass ##### Global Variable userfile = "user.txt" userc = "" rolec = "" logined = False failcount = 0 maxfail = 3 ##### Function def menu():     print "+---------------------------------------------+"     print "+                                             +"     print "+     Demo Python Program                     +"     print "+   namhb@gmail.com                           +"     print "+                                             +"     print "+--------------------------------------

Step 1: Preparing #yum install pcre pcre-devel php php-common php-gd php-cli php-mysql flex bison mysql mysql-devel mysql-bench mysql-server php-pear.noarch php-pear-DB.noarch php-pear-File.noarch kernel-devel libxml2-devel vim-enhanced.i386 #yum install gcc-c++ Download sourcode: #cd /usr/local #wget http://ips-builder.googlecode.com/files/libnet-1.0.2a.tar.gz #wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz #wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz #wget http://www.snort.org/downloads/1623 -O daq-0.6.2.tar.gz #wget http://www.snort.org/downloads/1631 -O snort-2.9.2.3.tar.gz #download https://www.snort.org/snort-rules/ #wget http://www.unixwiz.net/tools/nbtscan-source-1.0.35.tgz #wget http://jpgraph.net/download/download.php?p=1.27.1 -O jpgraph-1.27.1.tar.gz Step 2: Install lib #cd /usr/local #tar zxvf /root/libnet-1.0.2a.tar.gz #cd Libnet-1.0.2a #./configure && make && make install #cd /usr/local #tar zxvf /root/libdnet-1.12.tgz #cd libdnet-1

Demo Linux Bufferoverflow Exploit: ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

My demo for Local File Include. If you can not found any file contain mailicous code on server, you can use access log to inject malicious code. Note: If you send url by web browser, url will be encoded. So, you must send direct url to server to write code to access log. ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

My report in tomorrow. If you find SQL injection, with union stament, you can force web application print result. Ex: union 1,2,3,4,5 -> You can see 2 3 4 5 number. Replace 2 with 'namhb', you can see namhb. So, you can exploit XSS in SQL injection. Now, you can insert javascript, instead: alert(/namhb/) (in script tag). Buzz, new dialog. Finish, have got many script, you can use sqli,js. See demo: ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Ở 2 phần trước, chúng ta đã nói về stack overflow. Phần này, chúng ta sẽ nói về một phương pháp khai thác khác sử dụng ngoại lệ, để từ đó thực hiện lệnh nhảy tới đoạn code mong muốn. Trước hết, cần phải nói về ngoại lệ - exception handlers ? Việc bắt ngoại lệ được đặt trong ứng dụng, mục đích để bắt các ngoại lệ mà ứng dụng có thể gặp phải ( ví dụ như file không tồn tại, hay chia cho 0...) try {   //run stuff.  If an exception occurs, go to code } catch {   // run stuff when exception occurs } Nếu trong một chương trình bình thường không sử dụng ngoại lệ, đầu tiên sẽ đẩy vào các tham số, rồi đến EIP, EBP, tiếp đến cấp phát cho các biến cục bộ. Nếu chương trình có sử dụng ngoại lệ, sẽ cấp phát thêm một vùng để chứa ngoại lệ "Address of exception handler" là một phần của  SEH record. Windows có một SEH mặc định (Structured Exception Handler) để bắt ngoại lệ. Khi mà ngoại lệ này được bắt, bạn sẽ thấy một popup “xxx ha

First is demo smash the stack: Next is demo SEH exploit: ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

With msfpayload, you can create web shell to backdoor ( like metepreter). This is my demo with metasploit ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.