Archivo del Autor: kernel
nmap : «Key Exchange (dh 1024) of lower strength than certificate key»
Holas! Quería compartir una vulnerabilidad que Nessus de momento pasa por alto. Por poner en contexto, cuando en un servidor ssl/tls remoto se identifica DES/3DES, se marca como vulnerable a “sweet32”, igual pasa con RC4 “Bar mitzvah”. (nessus way) … Sigue leyendo
nmap NSE 99,99%
Demasiado tiempo sin escribir una entrada en el blog, aunque me gustaría y de vez en cuando tengo ideas pero el día a día nos come a todos, aunque esta entrada me parecía breve e interesante. Seguramente os habrá ocurrido … Sigue leyendo
Análisis global sobre el fraude en las Telecomunicaciones
Esta publicación es un análisis global sobre fraude en las comunicaciones que realiza la Communications Fraud Control Association o CFCA. La CFCA comenzó en Febrero de 1985 en Roseland, New Jersey (EEUU) como un grupo de profesionales de la seguridad … Sigue leyendo
ShellShock Reverse Exploit PoC
Hi ! long time since my last post over here, I´ve been busy, but here it is : Stephane Chazelas discovered a vulnerability related in how environment variables are managed by bash, so if you are able to find a … Sigue leyendo
Nebula level10 – Exploiting access() syscall TOCTOU Race Condition
In this level, they provide the following C source code: #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host; if(argc < … Sigue leyendo
Nebula level 09 – Exploiting preg_replace in PHP
preg_replace is a PHP function that uses PCRE, deprecated in PHP version 5.5.0 ( yo should use preg_replace_callback instead), its main goal is, as its name suggests, string replacement, let´s see an example : <?php $string = ' Ugly level'; … Sigue leyendo
Easy monitoring bad guys in GNU\ Linux Servers with fsnoop
In this post I´m going to show an interesting tool for monitoring file access in GNU\Linux. It can be tricky for identifying unauthorized access to Web Servers, if all previous measures have been defeated, but in fact, we can use … Sigue leyendo
WPA/WPA2 WPS design flaws, easy way Part II
As described in the previous post [ I ], WPS has several flaws in it´s design, and I´ll try to explain them in this post, prior to just going for catching the WPA key only. The first flaw arises in … Sigue leyendo
WPA/WPA2 WPS design flaws, easy way Part I
Hi folks! in this post series I´ll try to analyze the entire process about how to retrieve WPA/WPA2 key when bruteforcing PSK was not successfull or takes a long long time. Attack surface arose in December 2011 when Tactical Network … Sigue leyendo
Nebula level08
El enunciado del nivel 8 dice lo siguiente : «World readable files strike again. Check what that user was up to, and use it to log into flag08 account.» Nos logueamos y vamos al directorio de este nivel, … Sigue leyendo