0x554E4958415759 - Page 4 of 6

RedHat Packaging Security with yum

Author: Ahmad

Date: June 29, 2015

Categories: Linux

RedHat comes with a mitigated package called RHSA (RedHat security advisory) This RHSA comes with a unique id like CVE Contain the date of fix and these type packages come for the applications that shipped from RedHat Example RHSA-2015:0291 For listing available updates for application

yum updateinfo list openssl

FEDORA-2015-0512  security openssl-1:1.0.1k-1.fc21.x86_64
FEDORA-2015-4303  security openssl-1:1.0.1k-6.fc21.x86_64
FEDORA-2015-10108 security openssl-1:1.0.1k-10.fc21.x86_64

yum updateinfo list openssl

FEDORA-2015-0512 security openssl-1:1.0.1k-1.fc21.x86_64

FEDORA-2015-4303 security openssl-1:1.0.1k-6.fc21.x86_64

FEDORA-2015-10108 security openssl-1:1.0.1k-10.fc21.x86_64

For quick installation to security batches

nmap cheat sheet

Author: Ahmad

Date: February 3, 2015

Categories: Security

nmap scan sheet cheat 😀 Host Discovery

nmap -PE <range>
nmap -PP <range>
nmap -PM <range>

nmap -PE <range>

nmap -PP <range>

nmap -PM <range>

arp scan

nmap -PR <range>

1	nmap -PR <range>

Stealth Scan

nmap -sS <range>

1	nmap -sS <range>

Idle Scan

nmap -sI zombie <range>

1	nmap -sI zombie <range>

Version Scan

nmap -sV <range>

1	nmap -sV <range>

Convert VirtualBox HardDisk To VMware

Author: Ahmad

Date: January 12, 2015

Categories: Linux

hello in this article we will simply convert vhd file (VirtualBox disk image) to VMware disk our VirtualBox disk is “systemdisk.vhd” we will use qemu emulator to convert the disk our target app to do the convert is qemu-img

qemu-img convert -f vpc -O vmdk systemdisk.vhd systemdisk.vmdk

1	qemu-img convert -f vpc -O vmdk systemdisk.vhd systemdisk.vmdk

port forward & pivoting with meterpreter

Author: Ahmad

Date: January 8, 2015

Categories: Security, tech

Let’s assume u attacked machine with 2 nic cards our IP is 10.0.0.5 first, one ip is 10.0.0.10 that you reach it from and in ifconfig shows, the machine has a different IP 10.0.2.30 you can scan the network 10.0.2.x via meterpreter arp_scan

meterpreter > run arp_scan -r 10.0.2.1-255

1	meterpreter > run arp_scan -r 10.0.2.1-255

we can connect to the RDP server of the machine 10.0.2.30 […]

IPTABLES redirect all ports to one port

Author: Ahmad

Date: January 8, 2015

Categories: Firewall, Linux

hello this iptables rule to redirect all incoming traffic from all ports to one port example 80 on ip 192.168.1.10

iptables -A PREROUTE -t nat -i eth0 -p tcp  --dport 1:65535 -j DNAT --to-destination 192.168.1.10:80

1	iptables -A PREROUTE -t nat -i eth0 -p tcp --dport 1:65535 -j DNAT --to-destination 192.168.1.10:80

enjoy

MetaSploit Payload to Executable EXE

Author: Ahmad

Date: January 8, 2015

Categories: Security

# msfvenom
No options
Usage: /opt/metasploit/apps/pro/msf3/msfvenom [options] <var=val>

Options:
    -p, --payload    <payload>       Payload to use. Specify a '-' or stdin to use custom payloads
    -l, --list       [module_type]   List a module type example: payloads, encoders, nops, all
    -n, --nopsled    <length>        Prepend a nopsled of [length] size on to the payload
    -f, --format     <format>        Output format (use --help-formats for a list)
    -e, --encoder    [encoder]       The encoder to use
    -a, --arch       <architecture>  The architecture to use
        --platform   <platform>      The platform of the payload
    -s, --space      <length>        The maximum size of the resulting payload
    -b, --bad-chars  <list>          The list of characters to avoid example: '\x00\xff'
    -i, --iterations <count>         The number of times to encode the payload
    -c, --add-code   <path>          Specify an additional win32 shellcode file to include
    -x, --template   <path>          Specify a custom executable file to use as a template
    -k, --keep                       Preserve the template behavior and inject the payload as a new thread
    -o, --options                    List the payload's standard options
    -h, --help                       Show this message
        --help-formats               List available formats

# msfvenom

No options

Usage: /opt/metasploit/apps/pro/msf3/msfvenom [options] <var=val>

Options:

-p, --payload <payload> Payload to use. Specify a '-' or stdin to use custom payloads

-l, --list [module_type] List a module type example: payloads, encoders, nops, all

-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload

-f, --format <format> Output format (use --help-formats for a list)

-e, --encoder [encoder] The encoder to use

-a, --arch <architecture> The architecture to use

--platform <platform> The platform of the payload

-s, --space <length> The maximum size of the resulting payload

-b, --bad-chars <list> The list of characters to avoid example: '\x00\xff'

-i, --iterations <count> The number of times to encode the payload

-c, --add-code <path> Specify an additional win32 shellcode file to include

-x, --template <path> Specify a custom executable file to use as a template

-k, --keep Preserve the template behavior and inject the payload as a new thread

-o, --options List the payload's standard options

-h, --help Show this message

--help-formats List available formats

RedHat / Centos Repository you must have

Author: Ahmad

Date: December 14, 2014

Categories: Linux

RedHat and centos come with the default repo so you have to install additional repos to get all your software from yum epel ius remi rpmfroge

rpm -ivh http://dl.iuscommunity.org/pub/ius/stable/RedHat/7/x86_64/ius-release-1.0-13.ius.el7.noarch.rpm
rpm -ivh http://dl.iuscommunity.org/pub/ius/stable/RedHat/7/x86_64/ius-release-1.0-13.ius.el7.noarch.rpm
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

rpm -ivh http://dl.iuscommunity.org/pub/ius/stable/RedHat/7/x86_64/ius-release-1.0-13.ius.el7.noarch.rpm

rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

enjoy this list for 64bit system centos 7 u can customise the links as you got the link

MySQL force delete rows

Author: Ahmad

Date: December 13, 2014

Categories: Databases

MySQL check if there is a relation between rows before deleting it it will raise an error can’t delete or update a parent row we need to till mysql to stop this check

SET FOREIGN_KEY_CHECKS = 0

1	SET FOREIGN_KEY_CHECKS = 0

to reactivate it

SET FOREIGN_KEY_CHECKS =1

1	SET FOREIGN_KEY_CHECKS =1

enjoy

SMASH THE STACK LEVEL6

Author: Ahmad

Date: December 5, 2014

Categories: Security, tech

Smash The Stack Level 6

level6@io:/levels$ ./level06 a b
Hi a

1 2	level6@io:/levels$ ./level06 a b Hi a

this app take 2 argument 1 – username 2- password it takes it then say hi also, it checks ur env language and change the msg

level6@io:/levels$ export LANG=fr
level6@io:/levels$ ./level06 a b
Bienvenue a

level6@io:/levels$ export LANG=de
level6@io:/levels$ ./level06 a b
Willkommen a
level6@io:/levels$

level6@io:/levels$ export LANG=fr

level6@io:/levels$ ./level06 a b

Bienvenue a

level6@io:/levels$ export LANG=de

level6@io:/levels$ ./level06 a b

Willkommen a

level6@io:/levels$

let’s make some love with gdb btw without change ur language, it will not overwrite the EIP

Get Environment Variable memory Address

Author: Ahmad

Date: December 4, 2014

Categories: Security

some time u put the shellcode inside the environment and u will need the address of it to build ur payload here is a simple C code to get the address

  1 #include <stdio.h>
  2 #include <stdlib.h>
  3
  4 int main(int argc, char *argv[])
  5 {
  6     char *nix = getenv("NIX");
  7     printf("%p\n", nix);
  8     return 0;
  9 }

1 #include <stdio.h>

2 #include <stdlib.h>

4 int main(int argc, char *argv[])

5 {

6 char *nix = getenv("NIX");

7 printf("%p\n", nix);

8 return 0;

9 }