vmsplice exploit fix and patching on Debian

February 11, 2008 on 7:00 pm | In Linux, admin, exploitation, kernel, security | 8 Comments

Some vulnerabilities in the Linux kernel where publicly disclosed on the 8th of February 2008. These can be exploited by any user to gain elevated privileges. A “local root” exploit was published Sunday which allows an arbitrary user to escalate to root privileges.

Affected versions: >= 2.6.17
Fixed in version: 2.6.24.2
Continue reading vmsplice exploit fix and patching on Debian…

Using Firefox for debugging and penetration testing

January 23, 2008 on 9:30 pm | In anonymity, exploitation, intelligence, reconnaissance, security | No Comments

We all know Firefox is a great browser but what really sets it apart are its numerous extensions (or plugins).

With the right extensions, firefox can become much more than a web browser. But this isn’t about turning your firefox into a blogging platform or a social bookmarking application. It’s about turning your firefox into one of the best tools for web development, debugging and penetration testing web applications.
Continue reading Using Firefox for debugging and penetration testing…

Enumerating virtual hosts running on a server

January 23, 2008 on 9:12 pm | In intelligence, security | No Comments

To get a list of virtual hosts that run on a particular server (IP or domain), the following search engines are available:

  • Live search engine from Microsoft. Use the ‘ip:’ keyword. Example: ip:207.46.30.24
  • CRUSH rIP tool. Works only on domains (no IPs), only com, net and org domains and you need to answer a captcha. Nevertheless, it found results that live.com didn’t.

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^