nu11secur1ty

# device-spec   mount-point     fs-type      options                                          dump pass
LABEL=/         /               ext4         defaults                                            1 1
/dev/sda6       none            swap         defaults                                            0 0
none            /dev/pts        devpts       gid=5,mode=620                                      0 0
none            /proc           proc         defaults                                            0 0
none            /dev/shm        tmpfs        defaults                                            0 0

# Removable media

nu11secur1ty

#To create the logical volume, we will use:

lvcreate -L 3G -n lvstuff vgpool

The -L command designates the size of the logical volume, in this case 3 GB, and the -n command names the volume. Vgpool is referenced so that the lvcreate command knows what volume to get the space from.

#Format and Mount the Logical Volume One final step is to format the new logical volume with a file system.

nu11secur1ty

#How to View Current LVM Information The first thing you may need to do is check how your LVM is set up. The s and display commands work with physical volumes (pv), volume groups (vg), and logical volumes (lv) so it is a good place to start when trying to figure out the current settings.

The display command will format the information so it’s easier to understand than the s command. For each command you will see the name and path of the pv/vg and it should also give information about free and used space. The most important information will be the PV name and VG name. With those two pieces of information we can continue working on the LVM setup. #Creating a Logical Volume Logical volumes are the partitions that your operating system uses in LVM. To create a logical volume we first need to have a physical volume and volume group. Here are all of the steps necessary to create a new logical volume. #Create physical volume We will start from scratch with a brand new hard drive with no partitions or information on

nu11secur1ty

#Intro This guide explains how to set up an NFS server and an NFS client on Debian Wheezy. NFS stands for Network File System; through NFS, a client can access (read, write) a remote share on an NFS server as if it was on the local hard disk. In this Tutorial I will show you two different NFS exports, the export of a client directory that stores files as user nobody / nogroup without preserving filesystem permissions and a export of the /var/www directory which preserves permissions and ownerships of files, as required on a hosting server setup. #server:

NFS Server: server.example.com, IP address: 192.168.0.100
NFS Client: client.example.com, IP address: 192.168.0.101 

Installing NFS

nu11secur1ty

Installing gcc 4.8 and Linuxbrew on CentOS 6

The GCC distributed with CentOS 6 is 4.4.7, which is pretty outdated. I'd like to use gcc 4.8+. Also, when trying to install Linuxbrew you run into a dependency loop where Homebrew's gcc depends on zlib, which depends on gcc. Here's how I solved the problem.

Note: Requires sudo privileges.

Resources:

• http://superuser.com/a/676337/88393: Forum response on using CERN's open Scientific Linux distribution of RHEL's developer toolset.
• http://linux.web.cern.ch/linux/devtoolset/: CERN's developer toolset installation instructions.

nu11secur1ty

obj-m += rootkit.o

all:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

clean:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

nu11secur1ty

During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component.

Exploitation of this vulnerability will allow full access to the router device.

This analysis describes the bug and includes a way to get developer access to recent versions of Mikrotik RouterOS
using the /etc/devel-login file. This is done by forging a modified NPK file using a correct signature and logging
into the device with username ‘devel’ and the password of the administrator. This will drop into a busybox shell for
further researching the sshd vulnerability using gdb and strace tools that have been compiled for the Mikrotik busybox
platform.

nu11secur1ty

A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.

This issue affects versions prior to MySQL 5.1.48. 

A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.

A demonstration exploit request is provided [where "<special>" is "." or ".." or is a sequence that begins with "./" or "../"]:

ALTER DATABASE `#mysql50#<special>` UPGRADE DATA DIRECTORY NAME

nu11secur1ty

***
FARLiGHT ELiTE HACKERS LEGACY R3L3ASE
***

Attached is the MySQL Windows Remote Exploit (post-auth, udf
technique) including the previously released mass scanner.
The exploit is mirrored at the farlight website http://www.farlight.org.

Oracle MySQL on Windows Remote SYSTEM Level Exploit zeroday
All owned By Kingcope

nu11secur1ty

Using perl:
$ perl -ne 'print if $.>=3 and $.<=5;' /etc/passwd
  or 
$ perl -ne 'print if $.>=3; last if $.>5' /etc/passwd
(The second variant is, again, more efficient.)
---------------------------------------

Using sed:
$ sed -n '3,5p' /etc/passwd
 or