y wares?
Cheers,
John Jacobs
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
> Sounds pretty neat to be honest. But one thing I'm wondering is that if
> they have root, what's stopping them from turning that off? After all
> they need root to load the modules in the first place, so if they are
> in a position to want to do that, then they are in a position to turn
Those considering Tripwire I would ask they take a look at OSSEC-HIDS; the
filesystem change notification is outstanding and with inotify() support you
get immediate notification of changes. The monitoring and alerting of log
files is also exceptional. I am not affiliated with OSSEC in any wa
> Very useful john jacob ... really helpful.
> do you maintaine your blog or any other resource you want to share with us.
> thanx a ton .
Thank you for the kind words and I consider it an honor to have been helpful.
I do not have a blog. I have enjoyed this thread, sharing what I know, and
l
> Why take the risk? You don't know what the attacker actually did
> until you do some analysis. If you do analysis before capturing a
> disk image, you're destroying evidence.
>
> Rebuilding a server is not hard. It has a known quantity of effort
> involved and reliably prevents further intrusion
> Subject: Re: [Full-disclosure] one of my servers has been compromized
> From: ja...@zero-internet.org.uk
> Date: Mon, 5 Dec 2011 17:36:53 +
> CC: tim-secur...@sentinelchicken.org; lu...@sulweb.org;
> full-disclosure@lists.grok.org.uk
> To: flamdu...@
> For future reference, and for the benefit of people searching for
> solutions to similar problems: You've made the most common rookie
> mistake. You have already trashed potentially critical information
> about the attack by trying to clean up the server first. Don't do
> that.
Tim, while I do
> 2. Do you think said phpmyadmin vulns are reasonable attack vectors in my
> case?
I do, I believe this is to be the initial infection vector. Scanning for
PHPMyAdmin is often and frequent and since it's likely that it was present in
it's default (or one of the default) URIs discovery is like
http://packetstormsecurity.org/files/25728/w000t-shell.c.html
It's a trojan, based on the w00t-shell.c code; the shell code adds a
passwordless root account under the name w000t.
Date: Mon, 3 Oct 2011 15:31:29 +0100
From: d.martyn.fulldisclos...@gmail.com
To: full-disclosure@lists.grok.org.uk
crazy.
Please do not recommend a Linux key-gen, I do not pirate GNU/Linux! I've seen
many of these Linux torrents floating around and the last thing I want is to be
sued over downloading Linux! Amazingly many of them are right out there in the
open too!
Kind Regards,
J
Hello FD,
There appear to be multiple WordPress powered sites that are performing
an DB->XML dumb of the articles and subsequent pages. The comments
section includes originating IP address, datetime, E-Mail address,
homepage, etc. These entities are traditionally not exposed to the anonymo
> Insect Pro is actively looking for partners to expand the frontiers of
> Insect Pro and grow our penetration testing tool at a competitive
> level worldwide.
Dear Sir, I would very much like to be a partner and I think this is an
exceptional product that not only offers more than what is alrea
Hi,
> On ubuntu lucid, I found a way to add corrupted entries to /etc/passwd
> e.g. "AAA\n", but not to /etc/shadow. Does someone know a way to use
> that for privilege escalation? What is the "+" line handling in
> /etc/passwd for?
Please see "man 5 passwd", I suspect you'll be able to leverage
n-depth approach.
> Happy hacking,
> Dan
Cheers,
John Jacobs
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
lable. If a
vendor were to offer, say 20 evasions, well they would most certainly have our
business because 20 is clearly more than 11 or 10 respectively.
John Jacobs Patel
Sr. Security Engineer & Evasion Specialist
Date: Fri, 19 Nov 2010 23:20:29 +0530
From: umamahesh.venk...@gmail.com
> > Of course it's wise to disable password authentication and just use
> > public key authentication.
>
> Why? Ssh is encrypted, so you're not exposing a password when you login.
> How
> does public key authentication make you more secure (in a practical sense)?
>
Paul, it's more secure i
> Hello list. I'd like to warn you about Susan Bradley. I've seen her
> pictures and for its you must be desperate to want to own her.
>
> http://www.smbnation.com/Portals/0/speakers/speaker_susan-bradley.jpg
s/PMS/menopause/gi
Consequently, in my humble opinion I think there should be less focus on the
emotional interaction between Microsoft and Travis' findings. Of course it's
easy for me to assert this; when I wake up in the morning I don't have the same
challenges of wading through a soup of emotional fog and di
I'm not the original author of this message, saw it pop-up on Snort-Sigs and as
a graduate student myself I figured I'd give this guy a hand to get more
visibility. I'm not so sure it's a troll. YMMV. -John
Message below, unaltered:
Hello Snort and Emerging Threats communities, this is off-t
Hello FD, first and foremost thank you for the strong effort and excellent
signatures. As such, in an attempt to give back to a wonderful community, I
humbly submitted the following Snort rules for inclusion into the ET
signatures. A brief explanation is provided below:
The first signature i
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
21 matches
Mail list logo
