A while ago I had put together a quick script to check files in a web directory for possible web shells. I was in a training class and looking for my information on this last week and it seems I've lost it. As such, it's time to put it up again Read more…
One of the best parts of a Linux OS is that you can often patch on the fly without a need for reboot afterwards. The only thing that does definitively need a reboot is after a kernel patch. Sometimes, it isn't possible to issue the reboot right away, so the system Read more…
FindMyHash is a great utility for checking hashes across various sites for pre-determined hash values, accepting both single hashes and hash files with support for a large variety of hash types (MD4, MD5, SHA1, SHA256, RMD160, LM, NTLM, MYSQL, CISCO7 or JUNIPER). Unfortunately, the native tool doesn't currently offer the Read more…
The released script will take a given log directory, normally your website log directory, and search it for attempts to exploit the server using the recently released GNU Bourne Again Shell (bash) vulnerability also known as Shell Shock. Once it identifies these entries, it will output them into a separate Read more…
A few days ago I posted about a nasty vulnerability pertaining to GNU Bourne Again Shell, otherwise known as bash, The vulnerabilities still exist in unpatched systems and the scope of what could be affected is still expanding. The good news is a few vendors have provided updates clarifying that Read more…
UPDATED: 09/26/2014 – 01:14 EST – Added vulnerability validation code This exploit may have bigger holes than even the Bat Cave. CVE-2014-6271 (Credit to Stephane Chazelas for discovery) was publicly announced yesterday, September, 24th and some articles are already calling this bug a larger security hole than the recent Heartbleed SSL Read more…
So you’re facing a system or security audit and you need to quickly print a list of accounts for the auditor as well as their statuses. Depending on your setup, this could be a trivial task. In other cases, especially with a passwd instance that doesn’t support the -a option, Read more…