Jump to content

Search the Community

Showing results for tags 'vulnerability'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 8 results

  1. Hi all, i'm undertaking a project to determine which vulnerability scanning tools within Kali Linux are best suited for the job, there were three tools tested and these were, Nikto, Sparta and OpenVAS. The results that these scans returned when scanning metasploitable 2 with a Kali linux machine are as follows: Metasploitable 2 Nikto 15 Sparta 46 OpenVAS 144 These results are solely the number of vulnerabilities that were returned, OpenVAS seems to be the right choice but im looking for feedback to back up these results of whether this is accurate? or maybe whether the other tools have features that may give them an advantage over the other. Any feedback would be most welcome. Thanks.
  2. Sometimes you discovering a vulnerability when you don’t search for and sometimes finally like this, it’s simply a false alert. More than 70 percents of vulnerabilities I’ve found in my life have no rapport with a security research, but simply due to chance, when doing administrator tasks for example. This day, I decide for a customer that have millions of hit on this website because of a holiday game, to put the content of his website directly in memory for not having iops problems anymore. For doing this i simply use a ramdisk and i make a synchronization from disk (where is stored the code) to ramdisk each minute via rsync. This customers is on a lxc container with 8 GB RAM connected to a separate MySQL server by a private network. The webserver only use less than 1 GB of RAM and the applications less than 500 MB of disk space. So I just create a ramdisk like this : mkdir /home/ramdisk echo "shm /home/ramdisk tmpfs nodev,nosuid,noexec 0 0" >> /etc/fstab mount /home/ramdisk rsync -avz --stats --delete /home/xxxx /home/ramdisk/ After this, i am verifying with a simple df -h and i can see a big suprise : ~# df -h Filesystem Size Used Avail Use% Mounted on zfstore/zfs-containers/subvol-9202234-disk-1 32G 1.4G 31G 5% / none 492K 0 492K 0% /dev tmpfs 26G 68K 26G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 1.7G 0 1.7G 0% /run/shm shm 126G 410M 126G 1% /home/ramdisk My /home/ramdisk have a size of 126 G. Just after i verify with and without it, if ram seems used by this but the ram is exactly at the same state. Very excited to probably have found a new vulnerability, i am verifying on a new container on an other cluster and i can reproduce the problem with success. In the same time I am sending an email to a person i know that work on an implementation of this product and it is finally just a display problem : Privileged containers only fail to *show* the used memory (it’s an accounting issue), but after hitting the specified limits you’ll be writing to swap space instead, and ultimately the kernel’s OOM killer will kill the container before it starts using more RAM than assigned (note that both RAM and swap limits have to be hit). End of the story :) -- Christophe Casalegno https://twitter.com/Brain0verride
  3. Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that help users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way! Check out the Faraday project in Github. Two years ago we published our first community version consisting mainly of what we now know as the Faraday Client and a very basic Web UI. Over the years we introduced some pretty radical changes, but nothing like what you are about to see - we believe this is a turning point for the platform, and we are more than happy to share it with all of you. Without further ado we would like to introduce you to Faraday 2.0! https://github.com/infobyte/faraday/releases/tag/v2.0 This release, presented at Black Hat Arsenal 2016, spins around our four main goals for this year: * Faraday Server - a fundamental pillar for Faraday's future. Some of the latest features in Faraday required a server that could step between the client and CouchDB, so we implemented one! It still supports a small amount of operations but it was built thinking about performance. Which brings us to objective #2... * Better performance - Faraday will now scale as you see fit. The new server allows to have huge workspaces without a performance slowdown. 200k hosts? No problem! * Deprecate QT3 - the QT3 interface has been completely erased, while the GTK one presented some versions ago will be the default interface from now on. This means no more problems with QT3 non-standard packages, smooth OSX support and a lighter Faraday Client for everyone. * Licenses - managing a lot of products is time consuming. As you may already know we've launched Faraday's own App Store https://appstore.faradaysec.com/ where you can get all of your favourite tools (Burp suite, IDA Debugger, etc) whether they're open source or commercial ones. But also, in order to keep your licenses up to date and never miss an expiry date we've built a Licenses Manager inside Faraday. Our platform now stores the licenses of third party products so you can easily keep track of your licenses while monitoring your pentest. With this new release we can proudly say we already met all of this year's objectives, so now we have more than four months to polish the details. Some of the features released in this version are quite basic, and we plan to extend them in the next few iterations. Changes: * Improved executive report generation performance. * Totally removed QT3, GTK is now the only GUI. * Added Faraday Server. * Added some basic APIs to Faraday Server. * Deprecated FileSystem databases: now Faraday works exclusively with Faraday Server and CouchDB. * Improved performance in web UI. * Added licenses management section in web UI. * Fixed bug when deleting objects from Faraday Web. * Fixed bug when editing services in the web UI. * Fixed bug where icons were not copied to the correct directory on initialization. * Added a button to go to the Faraday Web directly from GTK. * Fixed bug where current workspace wouldn't correspond to selected workspace on the sidebar on GTK. * Fixed bug in 'Refresh Workspace' button on GTK. * Fixed bug when searching for a non-existent workspace in GTK. * Fixed bug where Host Sidebar and Status Bar information wasn't correctly updated on GTK. * Fixed sqlmap plugin. * Fixed metasploit plugin. We hope you enjoy it, and let us know if you have any questions or comments. https://www.faradaysec.com https://github.com/infobyte/faraday https://twitter.com/faradaysec
  4. I've been seeking online for a complete tutorial that goes from finding if a computer is vulnerable to an exploit to getting a meterpreter session without the use of trojans. The things that are missing are... 1.the exact procedure of scanning a pc to find if it is vulnerable (and if it is possible a pc outside a local network and how is it possible to scan individual compuiters that are behind routers?) 2. Importing a new exploit that isnt already inside the metasploit framework. 3. setting a backdoor without the use of the persistance command of the meterpreter. 4. the procedure of the triggering of the exploit on the victim machine (what happens exactly?) any kind of info is apreciated.
  5. Is there any way for me to inject a payload into the duck that records keystrokes automatically, or at least run a software that i made, a keylogger, automatically upon insertion? If there is can you give the codes? Thank you.
  6. Have you guys read the recent news? http://thehackernews.com/2013/09/hacking-facebook-to-delete-any-account.html The researcher literally shares the single .php line to put into the URL that is needed to delete ANY facebook account, and even the ID data needed is publicly available too. It's an even more shame because the researcher turned this into Facebook (for those who know, Facebook pays those who find bugs in their system) and they won't even look at his submission. It's a shame
  7. Hi guys, so I recently accessed for the first time a wireless network with RADIUS username and password style instead of the traditional wifi PSK, got a bit curious and after a little research about it's way of functioning and vulnerabilities I read that it was possible to obtain the MD5 hash relating to the password and username, but there seems to be little information on anything more specific. Do you know how this works? Is the MD5 obtained by monitoring an authentication or can you fake simulate an authentication with a username and get the MD5 with the password? Cheers ;)
  8. Hello, I've been lurking in these forums every now and then to read up on random discussion (fresh account, first post), and I need some advice here. I'm attending a school to get my Associates Degree, and we have a sort of 'system' on campus that the students and staff use. I stumbled upon a way to exploit said system (not an issue of epic proportions, but still something that bothers me), and I would like to inform the I.T. staff so they can fix it. I just don't know how to approach them. Should I drop by in person, or email them? What if they don't care? What if they get pissed? Just, too many questions with very uncertian outcomes. Anyway, enough rambling. My question is this: How do I approach the right person about a security issue?
×
×
  • Create New...