Search found 129 matches

by Chris
Sat Apr 18, 2015 4:44 pm
Forum: Windows
Topic: Download the LEGAL Windows 7 install disks
Replies: 1
Views: 99750

Re: Download the LEGAL Windows 7 install disks

You can download from official Microsoft site:
http://www.microsoft.com/en-us/software-recovery

Use your product key.

However it won't work for pre-installed laptops or desktops,
you need to ask this from the device manufacturer.
And this can be a problem.

There is a site that has copied the ...
by Chris
Thu Feb 05, 2015 6:51 pm
Forum: Linux
Topic: ALERT - ASCII-NUL chars not allowed within request variables
Replies: 1
Views: 32751

Re: ALERT - ASCII-NUL chars not allowed within request varia

This could be evidence of an attempted Poison NULL Byte Attack. PHP and Perl do not use NULL-terminated strings, but most underlying systems (anything C based) do.

This can lead to a certain class of attack where the attacker constructs a string that the programmer intended to be impossible. For ...
by Chris
Wed Nov 26, 2014 7:15 pm
Forum: Linux
Topic: backup iptables
Replies: 1
Views: 32346

Re: backup iptables

The easiest way to make a backup is
iptables-save > iptables.bak

The rules are now in iptables.bak

You can restore them with
iptables-restore < iptables.bak

The standard save-file depends on your system.
check /etc/conf.d/iptables for where they are saved.
on my PC (gentoo) it is /var/lib ...
by Chris
Mon Oct 20, 2014 6:25 pm
Forum: Linux
Topic: SOLVED: crontab not working
Replies: 2
Views: 42749

Re: crontab not working

Sound like your crontab program is not suid root

Code: Select all

 ls -l /usr/bin/crontab
 -rwsr-sr-x 1 root root 36512 Dec 3 11:28 /usr/bin/crontab
you can change it with:

Code: Select all

chmod u+s /usr/bin/crontab 
by Chris
Tue Sep 30, 2014 6:32 pm
Forum: Linux
Topic: How to patch bash for shell shock
Replies: 5
Views: 55367

Re: How to patch bash for shell shock

The latest set of patches should solve the vulnerability for bash.

You can test it by:

Code: Select all

foo='() { echo not patched; }' bash -c foo
Check you distro for updates.
Or manually recompile bash, with all patches.
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
by Chris
Mon Sep 29, 2014 6:57 pm
Forum: Linux
Topic: How to patch bash for shell shock
Replies: 5
Views: 55367

Re: How to patch bash for shell shock

I don't know yet about a real patch,
but in the mean time you can disable possible attack vectors ( CVE-2014-6271 ).
mod_cgi and mod_cgid modules in the Apache HTTP Server.
scripts executed by unspecified DHCP clients.

Most servers have a fixed ip-address, so you can safely disable the dhcp-client ...
by Chris
Sat Sep 27, 2014 7:21 pm
Forum: Linux
Topic: How to patch bash for shell shock
Replies: 5
Views: 55367

Re: How to patch bash for shell shock

Apparently even a patched system can still be exploited,
as environment variables are imported in bash by default.

read more here:
http://seclists.org/oss-sec/2014/q3/771

When we here of a update or solution we'll post it here.
by Chris
Sat Sep 27, 2014 1:07 am
Forum: Linux
Topic: How to patch bash for shell shock
Replies: 5
Views: 55367

Re: How to patch bash for shell shock

For those who still have no update for there system against shell shock,
upgrade to bash 4.3

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
tar zxvf bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches ...
by Chris
Sat Sep 27, 2014 1:05 am
Forum: Linux
Topic: How to patch bash for shell shock
Replies: 5
Views: 55367

Re: How to patch bash for shell shock

The first patch was incomplete. It didn't protect you from variations.

Do this test to be sure.
env X='() { (a)=>\' sh -c "echo date"; cat echo

if you see a date like:
Thu 25 Sep 2014 08:50:18 BST
you vulnerable.

A good response looks lie:
date
cat: echo: No such file or directory
by Chris
Fri Sep 26, 2014 2:35 pm
Forum: Linux
Topic: How to patch bash for shell shock
Replies: 5
Views: 55367

How to patch bash for shell shock

The Bash vulnerability, now dubbed by some as "Shellshock," has been reportedly found in use by an active exploit against Web servers.

Because of its wide distribution, the vulnerability could be as wide-ranging as the Heartbleed bug, though it may not be nearly as dangerous. The vulnerability ...