nu11secur1ty

STEPS :

Start apache2

~ # apache2ctl start

. Set payload and create custom windows executable. Command:

nu11secur1ty

Why some (major) HTTPS websites cannot easily intercepted

This Wiki page is intended to answer a question, that is raised with increasing frequency.

The issue

Ettercap has three possiblities to try to sneak into HTTPS secured websites

1. HTTPS interception (should dedicate a Wiki page for that as well)
2. HTTPS stripping (sslstrip plugin)
3. DNS spoofing and redirection to an own webserver

The problem is, that with some (and especially the famous ones) none of those techniques work except if one condition can be satisfied:

nu11secur1ty

#Intro This guide explains how to set up an NFS server and an NFS client on Debian Wheezy. NFS stands for Network File System; through NFS, a client can access (read, write) a remote share on an NFS server as if it was on the local hard disk. In this Tutorial I will show you two different NFS exports, the export of a client directory that stores files as user nobody / nogroup without preserving filesystem permissions and a export of the /var/www directory which preserves permissions and ownerships of files, as required on a hosting server setup. #server:

NFS Server: server.example.com, IP address: 192.168.0.100
NFS Client: client.example.com, IP address: 192.168.0.101 

Installing NFS

nu11secur1ty

<?
//CSP only works in modern browsers Chrome 25+, Firefox 23+, Safari 7+
$headerCSP = "Content-Security-Policy:".
        "connect-src 'self' ;". // XMLHttpRequest (AJAX request), WebSocket or EventSource.
        "default-src 'self';". // Default policy for loading html elements
        "frame-ancestors 'self' ;". //allow parent framing - this one blocks click jacking and ui redress
        "frame-src 'none';". // vaid sources for frames
        "media-src 'self' *.example.com;". // vaid sources for media (audio and video html tags src)
        "object-src 'none'; ". // valid object embed and applet tags src
        "report-uri https://example.com/violationReportForCSP.php;". //A URL that will get raw json data in post that lets you know what was violated and blocked

nu11secur1ty

Installing ELK (CentOS (6 - NOTE: with your own modified) ,7)

Introduction

In this tutorial, we will go over the installation of the Elasticsearch ELK Stack on CentOS 7—that is, Elasticsearch 2.1.x, Logstash 2.1.x, and Kibana 4.3.x. We will also show you how to configure it to gather and visualize the syslogs of your systems in a centralized location, using Filebeat 1.0.x. Logstash is an open source tool for collecting, parsing, and storing logs for future use. Kibana is a web interface that can be used to search and view the logs that Logstash has indexed. Both of these tools are based on Elasticsearch, which is used for storing logs.

Centralized logging can be very useful when attempting to identify problems with your servers or applications, as it allows you to search through all of your logs in a single place. It is also useful because it allows you to identify issues that span multiple servers by correlating their logs during a specific time frame.

It is possible to use Logstash to gather logs of al

nu11secur1ty

Environment

Red Hat Enterprise Linux 7 Issue

How to set up yum repository to use locally-mounted DVD with Red Hat Enterprise Linux (RHEL) 7
Would like to upgrade server from RHEL 7.x to RHEL 7.y
Have a secure environment that will never be connected to the internet, but still needs to be updated
Way to update the packages on server, with no satellite server and servers disconnected from internet

nu11secur1ty

Hackers-and-Crackers

Професионалистите, свързани с информационната сигурност се разделят на ХАКЕРИ (hackers) и КРАКЕРИ (crackers). И едните и другите се занимават с решаването на една и съща задача - търсене на уязвимостта в информационната система, разликата е в гледната им точка към проблема.

---

Хакер

nu11secur1ty

git cheat-sheet

The git command-line utility has plenty of inconsistencies http://steveko.wordpress.com/2012/02/24/10-things-i-hate-about-git/

A GUI like http://sourcetreeapp.com is often helpful, but staying on the command line usually quicker. This is a list of the commands I use most frequently, listed by funcional category:

current state

git status list which (unstaged) files have changed

nu11secur1ty

A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.

This issue affects versions prior to MySQL 5.1.48. 

A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.

A demonstration exploit request is provided [where "<special>" is "." or ".." or is a sequence that begins with "./" or "../"]:

ALTER DATABASE `#mysql50#<special>` UPGRADE DATA DIRECTORY NAME

nu11secur1ty

# !/bin/bash

# Step 1. Install pyenv

git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n  eval "$(pyenv init -)"\nfi' >> ~/.bashrc

# Step 2. Install missing headers for all the Python modules to be built