Thursday, September 18, 2014

Symlink v4 (Priv8 symlink bypass 2014)


An attacker positions a symbolic link in such a manner that the targeted user or application accesses to the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions the attacker would normally have. 

Attack_Prerequisites
  • The targeted application must perform the desired activities on a file without checking as to whether the file is a symbolic link.
  • The attacker must be able to predict the name of the file the target application is modifying and be able to create a new symbolic link where that file would appear. 
Resources_Required
  • No special resources are required beyond the ability to create the necessary symbolic link. 

Solutions and Mitigation:
Design: Check for the existence of files to be created, if in existence verify they are neither symlinks nor hardlinks before opening them. Implementation: Use randomly generated file names for temporary files.  
DOWNLOAD LINK (Symlink v4 (Priv8 symlink bypass 2014)):
Read more »

Tuesday, July 29, 2014

How To Install Backtrack/Kali Linux on Android Device [ Easy way ]


 Click here to see full image
 
Hello guys, today I'm going to show you the easiest way to install backtrack on an android device.
For this tutorial you need:
 
All of the programs mentioned above are free.Ok, now let's start,
The first thing you need to do is install Busybox from Google play:

 Click here to see full image
 
Install it, then open it when it's done, it will install some more things.
When it's done, install Linux Installer from Google Play:

Click here to see full image
 
Open Linux installer, then click on Install Guides from the list on your right hand side:

http://adfoc.us/23962944651211
When you click that, you'll see a list of Linux distros, click on Backtrack and you will see a screen with steps on how to install it. Now click on the second page of those steps, you will get a page that looks like this:

http://adfoc.us/23962944651378
 
Just click on "Download Image", and let it finish downloading.
While it's downloading, open Google play and install Terminal Emulator, and Zarchiver.

 
 Click here to see full image resolution 
  

Click here to see full image resolution

When it finishes downloading, open Zarchiver, and look for the ZIP file that you downloaded, and extraxt the image into a root folder called "backtrack", extract the image into an external memory card not the internal one.Once it's done, open Linux Installer again, and click on launch, you'll get a screen that looks like this:

Click here to see full image
 
If it didn't recognize any distro, click on Setting > Edit then change the file path there to your backtrack image, the .img file that you extracted.
When it finally say "backtrack" on the drop down list, click "Start Linux"
Terminal Emulator will open, you just have to proceed with the installation steps, ask you for a new password, and some preferences.
When it's done you will get a red "root@localhost~#" like the picture bellow:
 
Click here to see full image resolution
You are now in BackTrack.
Now if you want backtrack in GUI, open Google play, and install Android VNC:

Click here to see full image
 
Open It when it finishes installing, and it will look like this:

Click here to see full image resolution
 
Set to the same settings in the picture, but not the IP address, you can get your IP by opening backtrack terminal, in terminal emulator, and running "ifconfig" command:

Click here to see full image resolution

 
Settings for VNC are,
Username: backtrack
Password: backtrack
IP: from the "ifconfig" command or just put 127.0.0.1
Color Format: 24-bit

Now click connect, and boom! You'r in backtrack Desktop! ;)

Click here to see full image resolution

When you finis using it, remember to disconnect VNC AND exit backtrack in Terminal Emulator, else it will be taking your battery in the background.

Click here to see full image resolution

Open It when it finishes installing, and it will look like this:
- Read more at: http://www.securitygeeks.net/2013/03/how-to-install-backtrack-in-android.htmlOpen It when it finishes installing, and it will look like this:
Open It when it finishes installing, and it will look like this:
- Read more at: http://www.securitygeeks.net/2013/03/how-to-install-backtrack-in-android.html
Hello guys, today I'm going to show you the easiest way to install backtrack on an android device. For this tutorial you need: Rooted android device Linux installer (Can be found on Google play) Zarchiver (Can be found on Google play) Busybox (Can be found on Google play) Android-VNC (Can be found on Google play) Terminal Emulator (Can be found on Google play) All of the programs mentioned above are free. Ok, now let's start, The first thing you need to do is install Busybox from Google play:
- Read more at: http://www.securitygeeks.net/2013/03/how-to-install-backtrack-in-android.html
Hello guys, today I'm going to show you the easiest way to install backtrack on an android device. For this tutorial you need: Rooted android device Linux installer (Can be found on Google play) Zarchiver (Can be found on Google play) Busybox (Can be found on Google play) Android-VNC (Can be found on Google play) Terminal Emulator (Can be found on Google play) All of the programs mentioned above are free. Ok, now let's start, The first thing you need to do is install Busybox from Google play:
- Read more at: http://www.securitygeeks.net/2013/03/how-to-install-backtrack-in-android.html
Hello guys, today I'm going to show you the easiest way to install backtrack on an android device. For this tutorial you need: Rooted android device Linux installer (Can be found on Google play) Zarchiver (Can be found on Google play) Busybox (Can be found on Google play) Android-VNC (Can be found on Google play) Terminal Emulator (Can be found on Google play) All of the programs mentioned above are free. Ok, now let's start, The first thing you need to do is install Busybox from Google play:
- Read more at: http://www.securitygeeks.net/2013/03/how-to-install-backtrack-in-android.html
Hello guys, today I'm going to show you the easiest way to install backtrack on an android device. For this tutorial you need: Rooted android device Linux installer (Can be found on Google play) Zarchiver (Can be found on Google play) Busybox (Can be found on Google play) Android-VNC (Can be found on Google play) Terminal Emulator (Can be found on Google play) All of the programs mentioned above are free. Ok, now let's start, The first thing you need to do is install Busybox from Google play:
- Read more at: http://www.securitygeeks.net/2013/03/how-to-install-backtrack-in-android.html
Hello guys, today I'm going to show you the easiest way to install backtrack on an android device. For this tutorial you need: Rooted android device Linux installer (Can be found on Google play) Zarchiver (Can be found on Google play) Busybox (Can be found on Google play) Android-VNC (Can be found on Google play) Terminal Emulator (Can be found on Google play) All of the programs mentioned above are free. Ok, now let's start, The first thing you need to do is install Busybox from Google play:
- Read more at: http://www.securitygeeks.net/2013/03/how-to-install-backtrack-in-android.html

Hello guys, today I'm going to show you the easiest way to install backtrack on an android device. For this tutorial you need: Rooted android device Linux installer (Can be found on Google play) Zarchiver (Can be found on Google play) Busybox (Can be found on Google play) Android-VNC (Can be found on Google play) Terminal Emulator (Can be found on Google play) All of the programs mentioned above are free. Ok, now let's start, The first thing you need to do is install Busybox from Google play:
- Read more at: http://www.securitygeeks.net/2013/03/how-to-install-backtrack-in-android.html
Read more »

Kali Linux Custom ARM Image ( DOWNLOAD LINKS )


 DOWNLOAD
 Kali Linux Custom ARM Image:

Kali Linux 1.0.6a Raspberry Pi image ( Download Image or Download Torrent )
Kali Linux 1.0.6 BeagleBone Black image ( Download Image or Download Torrent )
Kali Linux 1.0.6 HP Chromebook image ( Download Image or Download Torrent ) 
Kali Linux 1.0.6 Cubieboard 2 image ( Download Image or Download Torrent )
Kali Linux 1.0.6 CuBox image ( Download Image or Download Torrent )
Kali Linux 1.0.6 EfikaMX image ( Download Image or Download Torrent )
Kali Linux 1.0.6 Odroid U2 image ( Download Image or Download Torrent )
Kali Linux 1.0.6 Odroid XU image ( Download Image or Download Torrent )
Kali Linux 1.0.6a Samsung Chromebook image ( Download Image or Download Torrent )
Kali Linux 1.0.6 Utilite Pro image ( Download Image or Download Torrent )
Kali Linux 1.0.6 Galaxy Note 10.1 image ( Download Image or Download Torrent )
Kali Linux 1.0.6 SS808 image ( Download Image or Download Torrent )
Read more »

Monday, June 30, 2014

Linux Shell Scripting Cookbook, 2nd Edition

The shell remains one of the most powerful tools on a computer system - yet a large number of users are unaware of how much one can accomplish with it. Using a combination of simple commands, we will see how to solve complex problems in day to day computer usage.

Linux Shell Scripting Cookbook, 2nd Edition will take you through useful real-world recipes designed to make your daily life easy when working with the shell. The book shows the reader how to effectively use the shell to accomplish complex tasks with ease.

The book discusses basics of using the shell, general commands and proceeds to show the reader how to use them to perform complex tasks with ease.

Publisher: Packt Publishing
By: Shantanu Tushar, Sarath Lakshman
ISBN: 978-1-78216-274-2
Year: 2013
Pages: 384
Language: English
File size: 4 MB
File format: PDF


DOWNLOAD LINK:
http://adf.ly/pz5Gk


Read more »

Sunday, June 29, 2014

Kali Linux Cookbook

Over 70 recipes to help you master Kali Linux for effective penetration security testing

Overview
Recipes designed to educate you extensively on the penetration testing principles and Kali Linux tools
Learning to use Kali Linux tools, such as Metasploit, Wire Shark, and many more through in-depth and structured instructions
Teaching you in an easy-to-follow style, full of examples, illustrations, and tips that will suit experts and novices alike

In Detail:

In this age, where online information is at its most vulnerable, knowing how to execute the same attacks that hackers use to break into your system or network helps you plug the loopholes before it's too late and can save you countless hours and money. Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution.

Discover a variety of popular tools of penetration testing, such as information gathering, vulnerability identification, exploitation, privilege escalation, and covering your tracks.

Packed with practical recipes, this useful guide begins by covering the installation of Kali Linux and setting up a virtual environment to perform your tests. You will then learn how to eavesdrop and intercept traffic on wireless networks, bypass intrusion detection systems, and attack web applications, as well as checking for open ports, performing data forensics, and much more. The book follows the logical approach of a penetration test from start to finish with many screenshots and illustrations that help to explain each tool in detail. The Kali Linux Cookbook will serve as an excellent source of information for the security professional and novice alike!

What you will learn from this book
Install and setup Kali Linux on multiple platforms
Customize Kali Linux to your individual needs
Locate vulnerabilities with Nessus and OpenVAS
Exploit vulnerabilities you've found with Metasploit
Learn multiple solutions to escalate privileges on a compromised machine
Understand how to use Kali Linux in all phases of a penetration test
Crack WEP/WPA/WPA2 encryption
Simulate an actual penetration test using Kali Linux

Approach

A practical, cookbook style with numerous chapters and recipes explaining the penetration testing. The cookbook-style recipes allow you to go directly to your topic of interest if you are an expert using this book as a reference, or to follow topics throughout a chapter to gain in-depth knowledge if you are a beginner.

Who this book is written for

This book is ideal for anyone who wants to get up to speed with Kali Linux. It would also be an ideal book to use as a reference for seasoned penetration testers.

DOWNLOAD LINK:
http://adf.ly/pxM6C
 
Read more »

Saturday, June 28, 2014

Web Penetration Testing with Kali Linux

Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities.

Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications.

Publisher:Packt Publishing
By:Joseph Muniz, Aamir Lakhani
ISBN:978-1-78216-316-9
Year:2013
Pages:342
Language:English
File size:21.2 MB
File format:PDF             

 FREE DOWNLOAD E-BOOK [ PDF ]:
http://adf.ly/pwHGf
Read more »

Sunday, January 12, 2014

PHP 5.5.8 Officially Released

PHP, an HTML-embedded scripting language with syntax borrowed from C, Java, and Perl, with a couple of unique PHP-specific features thrown in, has been updated to version 5.5.8.

PHP 5.x includes a new OOP model based on the Zend Engine 2.0, a new extension for improved MySQL support, built-in native support for SQLite, and much more.

According to the changelog, the validation of class names has been added in the autoload process, invalid C code has been fixed in zend_strtod.c, and passing DOMDocumentFragment to DOMDocument::saveHTML() no longer produces invalid markup.

Also, an integer overflow in exif_read_data() has been fixed, freetype-config is now used for determining freetype2 dir(s), and the stack smashing protection no longer kills the PDO/ODBC queries.

You can check out the official changelog in the readme file incorporated in the source package for more details about this release. Download PHP 5.5.8 right now from Softpedia.
Read more »