Hack The Sec-Leading Resource Of Linux Tutorial: Vulnerability

Adobe Flash Out-of-Bounds Read in Getting TextField Width Exploit (0DAY)

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<span style="color: #0b5394; font-size: large;"><u>Adobe Flash Out-of-Bounds Read in Getting TextField Width Exploit (0DAY)</u></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHW9OqlkWVHdBF-nhyphenhyphencS_1cPDo-uZXXfs-rlvgu6vpZIf0pWdx3I1Pt5TZaDUGAbDqt2_Ho_3ltCP3xoBsH_SuJdKEWjAeYll_FwATWJw_f3CiDaVqN604C7a17dEOAjpBYX1Px32TELbZ/s1600/AdobeFlashoday.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="282" data-original-width="629" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHW9OqlkWVHdBF-nhyphenhyphencS_1cPDo-uZXXfs-rlvgu6vpZIf0pWdx3I1Pt5TZaDUGAbDqt2_Ho_3ltCP3xoBsH_SuJdKEWjAeYll_FwATWJw_f3CiDaVqN604C7a17dEOAjpBYX1Px32TELbZ/s1600/AdobeFlashoday.jpg" /></a></div>
<div style="text-align: center;">
<span style="color: #0b5394; font-size: large;"><u><br /></u></span></div>
<table class="exploit_list" style="background-color: rgb(239, 239, 239) !important; border-radius: 3px !important; border-spacing: 1px; border: 1px solid rgb(221, 221, 221) !important; box-sizing: border-box; color: #666666; font-family: "Open Sans", sans-serif; font-size: 14px; margin: 10px 0px; padding: 1px !important; width: 583px;"><tbody style="box-sizing: border-box;">
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><br /></td><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Author</strong>: Google Security Research</td><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Published</strong>: 2017-05-17</td></tr>
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">CVE</strong>: CVE-2017-3064</td><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Type</strong>: Dos</td><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Platform</strong>: Multiple</td></tr>
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Aliases</strong>: N/A</td><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Advisory/Source</strong>: <a class="external" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1211" rel="nofollow" style="background-color: transparent; box-sizing: border-box; color: #337ab7; outline: 0px; text-decoration-line: none; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity, transform;" target="_blank">Link</a></td><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Tags</strong>: Out Of Bounds</td></tr>
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><br /></td><td style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Exploit</strong>: <a href="https://www.exploit-db.com/download/42019" style="background-color: transparent; box-sizing: border-box; color: #337ab7; outline: 0px; text-decoration-line: none; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity, transform;"><img alt="Download Exploit Code" border="0" src="https://www.exploit-db.com/wp-content/plugins/edb/ifc/edb-download.png" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: middle;" title="Download Exploit Code" /> Download </a></td><td colspan="2" style="border-bottom: 1px solid rgb(232, 232, 232); border-left-color: rgb(232, 232, 232); border-right-color: rgb(232, 232, 232); border-top-color: rgb(232, 232, 232); box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Vulnerable App</strong>: N/A</td></tr>
</tbody></table>
<br /><div class="line number1 index0 alt2" style="background: none white !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: #666666; direction: ltr !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 14px; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px 1em !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; white-space: pre-wrap !important; width: auto !important;">
<code class="text plain" style="background: none !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; direction: ltr !important; display: inline !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">Source: <a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1211" style="background: none !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; direction: ltr !important; float: none !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px !important; position: static !important; right: auto !important; text-decoration-line: none; top: auto !important; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity, transform; vertical-align: baseline !important; width: auto !important;">https://bugs.chromium.org/p/project-zero/issues/detail?id=1211</a></code></div>
<div class="line number2 index1 alt1" style="background: none white !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: #666666; direction: ltr !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 14px; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px 1em !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; white-space: pre-wrap !important; width: auto !important;">
 </div>
<div class="line number3 index2 alt2" style="background: none white !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: #666666; direction: ltr !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 14px; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px 1em !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; white-space: pre-wrap !important; width: auto !important;">
<code class="text plain" style="background: none !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; direction: ltr !important; display: inline !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">The attached swf causes an out-of-bounds read in getting the width of a TextField.</code></div>
<div class="line number4 index3 alt1" style="background: none white !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: #666666; direction: ltr !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 14px; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px 1em !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; white-space: pre-wrap !important; width: auto !important;">
 </div>
<div class="line number5 index4 alt2" style="background: none white !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: #666666; direction: ltr !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 14px; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px 1em !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; white-space: pre-wrap !important; width: auto !important;">
 </div>
<div class="line number6 index5 alt1" style="background: none white !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: #666666; direction: ltr !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 14px; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px 1em !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; white-space: pre-wrap !important; width: auto !important;">
<code class="text plain" style="background: none !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; direction: ltr !important; display: inline !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">Proof of Concept:</code></div>
<div class="line number7 index6 alt2" style="background: none white !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: #666666; direction: ltr !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 14px; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px 1em !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; white-space: pre-wrap !important; width: auto !important;">
<code class="text plain" style="background: none !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; direction: ltr !important; display: inline !important; float: none !important; font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;"><a href="https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42019.zip" style="background: none !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; direction: ltr !important; float: none !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; outline: 0px !important; padding: 0px !important; position: static !important; right: auto !important; text-decoration-line: none; top: auto !important; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity, transform; vertical-align: baseline !important; width: auto !important;">https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42019.zip</a></code></div>
</div>

Adobe Flash Out-of-Bounds Read in Getting TextField Width Exploit (0DAY)

Adobe Flash Out-of-Bounds Read in Getting TextField Width Exploit (0DAY) Author : Google Security Research Published : 2017-05-17 C...

Apache Struts Dynamic Method Invocation Remote Code Execution

Apache Struts Dynamic Method Invocation Remote Code Execution

Apache Struts Dynamic Method Invocation Remote Code Execution CVE: 2016-3081 Author: metasploit Download Exploit: Source

Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection CVE: 2014-4977 Author: metasploit Download Exploit: Source

How to install OpenVas in Centos 6/7 and Fedora 23/24

<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="color: red; font-family: verdana, geneva, sans-serif; font-size: large;"><span style="line-height: 26px;"><b><u>Install OpenVas in Centos 6/7 and Fedora 23/24</u></b></span></span><br />
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">OpenVAS (Open Vulnerability Assessment System,the name of the fork originally known as GNessUs) is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.</span></span><br />
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">All OpenVAS products are Free Software. Most components are licensed under the GPL.</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgt4XDZZrKy47zsbXI1ZEdj8GCh69Mke8hyphenhyphenEvhu4VtC5W1uKkabhsipVM7ki3rew5RlK2uxjwWzWCnRm7eo06UI78OiC9JlcOHPc__oFD-RmM2A1ig1FeQIgCgr5FsB0LfK1LO6CpTwzi6S/s1600/OpenVAS4-Structure_hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgt4XDZZrKy47zsbXI1ZEdj8GCh69Mke8hyphenhyphenEvhu4VtC5W1uKkabhsipVM7ki3rew5RlK2uxjwWzWCnRm7eo06UI78OiC9JlcOHPc__oFD-RmM2A1ig1FeQIgCgr5FsB0LfK1LO6CpTwzi6S/s1600/OpenVAS4-Structure_hackthesec.co.in.png" /></a></div>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">OpenVas began, under the name of GNessUs, as a fork of the previously open source Nessus scanning tool after Tenable Network Security changed it to a proprietary (closed source) license in October 2005. OpenVAS was originally proposed by pentesters at Portcullis Computer Security and then announced by Tim Brown on Slashdot.</span></span><br />
<br />
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">OpenVAS is a member project of Software in the Public Interest.</span></span><br />
<span style="color: #0b5394; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;"><b><u>INSTALLATION</u></b></span></span><br />
<span style="font-family: verdana, geneva, sans-serif; font-size: 15px; line-height: 26px;">First you need </span><span style="color: #222222; font-family: verdana, geneva, sans-serif; font-size: 15px; line-height: 26px;">Install required packages Bellow</span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: Courier New, Courier, monospace;"><span style="font-size: 15px; line-height: 15.6px;">yum install wget bzip2 texlive net-tools alien</span></span></pre>
<span style="font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">After that need to add atomic repository to install openvas as follows</span></span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: Courier New, Courier, monospace;"><span style="font-size: 15px; line-height: 15.6px;">wget -q -O - http://www.atomicorp.com/installers/atomic |sh</span></span></pre>
<span style="font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;"><span style="color: #222222;">Now Disable The </span><b><span style="color: red;">SELINUX</span></b></span></span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: Courier New, Courier, monospace;"><span style="font-size: 15px; line-height: 15.6px;">Edit /etc/selinux/config </span></span></pre>
<pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;"># This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted</pre>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">Now install Openvas by using following command in terminal by using yum</span></span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: Courier New, Courier, monospace;"><span style="font-size: 15px; line-height: 15.6px;">yum -y install openvas</span></span></pre>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">Now Edit the openvas config file and add or uncomment the following lines</span></span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: Courier New, Courier, monospace;"><span style="font-size: 15px; line-height: 15.6px;">edit /etc/redis.conf</span></span></pre>
<pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;">unixsocket /tmp/redis.sock
unixsocketperm 700</pre>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">Restart Redis</span></span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: Courier New, Courier, monospace;"><span style="font-size: 15px; line-height: 15.6px;">systemctl enable redis && systemctl restart redis</span></span></pre>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">Once All done then start the setup process by using  the command <b>openvas-setup</b>. This is going to take some time. You will be prompted for some information shortly</span></span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: Courier New, Courier, monospace;"><span style="font-size: 15px; line-height: 15.6px;">openvas-setup</span></span></pre>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">It downloads the latest databases once it completed, enter the Administrator password</span></span><br />
<pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;">Step 2: Configure GSAD
The Greenbone Security Assistant is a Web Based front end
for managing scans. By default it is configured to only allow
connections from localhost.

Allow connections from any IP? [Default: yes] 
Allow connections from any IP? [Default: yes] Redirecting to /bin/systemctl restart
  gsad.service

Step 3: Choose the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT's manually, and manage roles.

Enter administrator username [Default: admin] : Enter Administrator Password:
Verify Administrator Password:
Empty password not allowed.

Enter Administrator Password:
Verify Administrator Password:
Redirecting to /bin/systemctl start redis.service

Setup complete, you can now access GSAD at:
https://192.168.2.56:9392</pre>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">once completed, you are able to login.Before that, we're just going to disable firewalld service</span></span><span style="color: #222222; font-family: verdana, geneva, sans-serif; font-size: 15px; line-height: 26px;">. my case i have centos 7 it's depend on os version</span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: 'Courier New', Courier, monospace; font-size: 15px; line-height: 15.6px;">systemctl stop firewalld
systemctl mask firewalld</span><span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px; white-space: normal;">
</span></span></pre>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">Or </span></span><span style="color: #222222; font-family: verdana, geneva, sans-serif; font-size: 15px; line-height: 26px;">You can exception for tcp 9392</span><br />
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: white; font-family: Courier New, Courier, monospace;"><span style="font-size: 15px; line-height: 15.6px;">firewall-cmd --permanent --zone=public --add-port=9392/tcp
firewall-cmd --reload</span></span></pre>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;"><br /></span></span>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">Now Go to your web browser, type the url as https://192.168.2.56:9392(In my case my ip address is 192.168.2.56) default username is admin and enter the password entered during setup, and you should be able to login.</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSczFKT-um6AclB_AuWMs1-1whexF0uSOqHcTOGX-HDQdikKe6A7CERS8oAIXT3uBi3BZaX4ranoMc_4uLFXU4NY8Ecgy2gqE0Vkpcd41xZO9sbgpl0dhaY09SsZ6MB_5jqhiPX2Vtsqg5/s1600/security-alert-for-openvas_hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSczFKT-um6AclB_AuWMs1-1whexF0uSOqHcTOGX-HDQdikKe6A7CERS8oAIXT3uBi3BZaX4ranoMc_4uLFXU4NY8Ecgy2gqE0Vkpcd41xZO9sbgpl0dhaY09SsZ6MB_5jqhiPX2Vtsqg5/s1600/security-alert-for-openvas_hackthesec.co.in.png" /></a></div>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">After that you will see a login panel check the screenshot bellow</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNmKfuYDy50xhNm6MiA1kCUKVEWStPTifR-HQ2UclhSaNysQyJXV8fW4uU2_mFD2yhxi1Tvw_MexFi7rUPXXKxaN8mdvanL74m0Iqhm1yRHTp74Bac0F8xFJovwjmCjT-8CD048Cl7LQi-/s1600/openvas-webinterface-hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNmKfuYDy50xhNm6MiA1kCUKVEWStPTifR-HQ2UclhSaNysQyJXV8fW4uU2_mFD2yhxi1Tvw_MexFi7rUPXXKxaN8mdvanL74m0Iqhm1yRHTp74Bac0F8xFJovwjmCjT-8CD048Cl7LQi-/s1600/openvas-webinterface-hackthesec.co.in.png" /></a></div>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">To start a scan, enter an IP in the start scan area.</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikNNbd_UUq8606k5ij7SghA-cDfHC4hmxasUL0D2bJ1s_LHJPFuk678j2OQFr_0qxOi4fhk31Fc-I6FsvvePIJ7xOKSs3CTh1Y-OlvNo4I0nsmpKaC4kuIO5jccNAAe3OzrWfwgzsjreL8/s1600/quick-scan-hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikNNbd_UUq8606k5ij7SghA-cDfHC4hmxasUL0D2bJ1s_LHJPFuk678j2OQFr_0qxOi4fhk31Fc-I6FsvvePIJ7xOKSs3CTh1Y-OlvNo4I0nsmpKaC4kuIO5jccNAAe3OzrWfwgzsjreL8/s1600/quick-scan-hackthesec.co.in.png" /></a></div>
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">You can also configure the report format by going into Configuration section.</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWJBatKxWYrb4Y8ZJlmTXxqXBrFo_W79L1x2BPn3HXcfCuh7LK9G8JBF0xVg48JwUpjB_rebHtsDHSSxTwhEfoGEWrqLG4Uz5LDGbaW_NnB96qv_cnRx_wn4aBX9s_ZEZXX8AWnjpEk4Qb/s1600/report-format-hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWJBatKxWYrb4Y8ZJlmTXxqXBrFo_W79L1x2BPn3HXcfCuh7LK9G8JBF0xVg48JwUpjB_rebHtsDHSSxTwhEfoGEWrqLG4Uz5LDGbaW_NnB96qv_cnRx_wn4aBX9s_ZEZXX8AWnjpEk4Qb/s1600/report-format-hackthesec.co.in.png" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">Installation Done</span></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;">Thanks</span></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="color: #222222; font-family: verdana, geneva, sans-serif;"><span style="font-size: 15px; line-height: 26px;"><a href="http://www.hackthesec.co.in/">www.hackthesec.co.in</a></span></span></div>
</div>

How to install OpenVas in Centos 6/7 and Fedora 23/24

Install OpenVas in Centos 6/7 and Fedora 23/24 OpenVAS (Open Vulnerability Assessment System,the name of the fork originally known as GNes...

Linux x64 - Bind Shell Shellcode Generator

Linux x64 - Bind Shell Shellcode Generator

Linux x64 - Bind Shell Shellcode Generator Author: Ajith Kp Download Exploit: Source

Linux/x86_64 - bindshell (PORT: 5600) - 81 bytes Exploit

Linux/x86_64 - bindshell (PORT: 5600) - 81 bytes Exploit

Linux/x86_64 - bindshell (PORT: 5600) - 81 bytes Author: Ajith Kp Download Exploit: Source

Linux/x86_64 - Read /etc/passwd - 65 bytes Exploit

Linux/x86_64 - Read /etc/passwd - 65 bytes Exploit

Linux/x86_64 - Read /etc/passwd - 65 bytes Author: Ajith Kp Download Exploit: Source HackTheSec.co.in

Linux/x86_x64 - execve(/bin/sh) - 26 bytes

Linux/x86_x64 - execve(/bin/sh) - 26 bytes

Linux/x86_x64 - execve(/bin/sh) - 26 bytes Download Exploit: Source Author: Ajith Kp www.hackthesec.co.in

Linux/x86_x64 - execve(/bin/sh) - 25 bytes

Linux/x86_x64 - execve(/bin/sh) - 25 bytes

Linux/x86_x64 - execve(/bin/sh) - 25 bytes Download Exploit: Source Author: Ajith Kp www.hackthesec.co.in

Linux/x86_x64 - execve(/bin/bash) - 33 bytes

Linux/x86_x64 - execve(/bin/bash) - 33 bytes

Linux/x86_x64 - execve(/bin/bash) - 33 bytes Download Exploit: Source Author: Ajith Kp www.hackthesec.co.in

RHEL 7.1 Kernel - iowarrior driver Crash PoC

RHEL 7.1 Kernel - iowarrior driver Crash PoC

RHEL 7.1 Kernel - iowarrior driver Crash PoC CVE: 2016-2188 Author: OpenSource Security Download Exploit: Source www.hackth...

RHEL 7.1 Kernel - snd-usb-audio Crash PoC

RHEL 7.1 Kernel - snd-usb-audio Crash PoC

RHEL 7.1 Kernel - snd-usb-audio Crash PoC CVE: 2016-2184 Author: OpenSource Security Download Exploit: Source www.hackthese...

Wireshark - vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow

<div dir="ltr" style="text-align: left;" trbidi="on">
<h1 style="background-color: white; box-sizing: border-box; font-family: 'Noto Sans', sans-serif; font-size: 38px; font-stretch: normal; font-weight: 300; line-height: 1.4; margin: 0px; text-align: center;">
<span style="color: #073763;">Wireshark - vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow</span></h1>
<div>
<span style="color: #073763;"><br /></span></div>
<div>
<span style="color: #073763; font-family: Georgia, Times New Roman, serif; font-size: large;"><b>Wireshark </b>is a Free and Open packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues</span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_MAG4F1Kon2P9SxmYif94a3gt6GvVRH5vtUv22pgkSxn-t6Nz_9ruaqeTAPS9WcWT-MDboXJ26Fu_IAgpUHrjDV1ZSdPw-2222mIL4pyLSTJT3tF-62eUjafIS-iBK76aeJ49WoIhE84N/s1600/wireshark-www.hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_MAG4F1Kon2P9SxmYif94a3gt6GvVRH5vtUv22pgkSxn-t6Nz_9ruaqeTAPS9WcWT-MDboXJ26Fu_IAgpUHrjDV1ZSdPw-2222mIL4pyLSTJT3tF-62eUjafIS-iBK76aeJ49WoIhE84N/s1600/wireshark-www.hackthesec.co.in.png" /></a></div>
<div>
<br /></div>
<div>
<table class="exploit_list" style="background-color: rgb(239, 239, 239) !important; border-radius: 3px !important; border-spacing: 1px; border: 1px solid rgb(221, 221, 221) !important; box-sizing: border-box; color: #666666; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 10px; margin-top: 10px; padding: 1px !important; width: 679px;"><tbody style="box-sizing: border-box;">
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="box-sizing: border-box; padding: 5px 10px; text-align: center;"><span style="color: black;"><strong style="box-sizing: border-box;">Author:</strong> Google Security Research</span></td><td style="box-sizing: border-box; padding: 5px 10px; text-align: center;"><br /></td><td style="box-sizing: border-box; padding: 5px 10px; text-align: center;"><br /></td></tr>
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="box-sizing: border-box; padding: 5px 10px;"><div style="text-align: center;">
<strong style="box-sizing: border-box; color: black;">Download Exploit:</strong><span style="color: black;"> </span><a href="https://www.exploit-db.com/download/39490" style="background-color: transparent; box-sizing: border-box; outline: 0px; text-decoration: none; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity;"><span class="fa fa-file-code-o" style="box-sizing: border-box; display: inline-block; font-family: "fontawesome"; font-size: inherit; font-stretch: normal; line-height: 1;"></span> Source</a><span style="color: black;"> </span><span class="fa fa-file-o" style="box-sizing: border-box; color: black; display: inline-block; font-family: "fontawesome"; font-size: inherit; font-stretch: normal; line-height: 1;"></span><span style="color: black;"> </span></div>
<br />
<br />
<a href="http://www.hackthesec.co.in/" target="_blank">www.hackthesec.co.in</a><br />
<span style="color: black;">hackthesec</span><br />
<a href="http://www.hackthesec.co.in/search/label/LATEST%20EXPLOIT" target="_blank">hackthesec exploit</a></td><td colspan="2" style="box-sizing: border-box; padding: 5px 10px;"><br /></td></tr>
</tbody></table>
</div>
</div>

Wireshark - vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow

Wireshark - vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow Wireshark is a Free and Open packet analyzer. It is used for network troub...

glibc - getaddrinfo Stack-Based Buffer Overflow

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="l-titlebar imgsize_cover size_large color_default" style="box-shadow: rgba(0, 0, 0, 0.0784314) 0px -2px 0px -1px inset; box-sizing: border-box; color: #666666; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 24px; padding-left: 40px; padding-right: 40px; padding-top: 90px; position: relative; text-align: center; transition: padding 0.3s; z-index: 1;">
<div class="l-titlebar-h i-cf" style="box-sizing: border-box; margin: 0px auto; max-width: 1140px; padding-bottom: 50px; padding-top: 50px; position: relative; z-index: 1;">
<h1 style="box-sizing: border-box; color: #555555; font-family: 'Noto Sans', sans-serif; font-size: 38px; font-stretch: normal; font-weight: 300; line-height: 1.4; margin: 0px;">
glibc - getaddrinfo Stack-Based Buffer Overflow</h1>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_QWryo78k5KmTZ3w4a1QCJw9Q7fjBHyUzNYrVVTvrClx8VSEc9A1IgrbnOc9LOkp1dplQdQmAAQ6-vSe2beOok5DFxhxOHc0F8VlJ0tUwRJvrySppNj7TV8IpfmbwPPBfD3T58b1zfShW/s1600/buffer-overflow_www.hackthesec.co.in.bmp" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_QWryo78k5KmTZ3w4a1QCJw9Q7fjBHyUzNYrVVTvrClx8VSEc9A1IgrbnOc9LOkp1dplQdQmAAQ6-vSe2beOok5DFxhxOHc0F8VlJ0tUwRJvrySppNj7TV8IpfmbwPPBfD3T58b1zfShW/s640/buffer-overflow_www.hackthesec.co.in.bmp" width="640" /></a></div>
<div>
<table class="exploit_list" style="background-color: rgb(239, 239, 239) !important; border-radius: 3px !important; border-spacing: 1px; border: 1px solid rgb(221, 221, 221) !important; box-sizing: border-box; color: #666666; font-size: 14px; line-height: 24px; margin-bottom: 10px; margin-top: 10px; padding: 1px !important; width: 679px;"><tbody style="box-sizing: border-box;">
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="box-sizing: border-box; padding: 5px 10px;"><b>Author: Google Security Research</b><span class="fa fa-check-circle-o" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; display: inline-block; font-family: FontAwesome; font-size: inherit; font-stretch: normal; line-height: 1; text-rendering: auto;"></span></td><td style="box-sizing: border-box; padding: 5px 10px;"><br /></td><td style="box-sizing: border-box; padding: 5px 10px;"></td></tr>
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Download Exploit:</strong> <a href="https://www.exploit-db.com/download/39454" style="background-color: transparent; box-sizing: border-box; color: #337ab7; outline: 0px; text-decoration: none; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity;"><span class="fa fa-file-code-o" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; display: inline-block; font-family: FontAwesome; font-size: inherit; font-stretch: normal; line-height: 1; text-rendering: auto;"></span> Source</a> </td><td colspan="2" style="box-sizing: border-box; padding: 5px 10px;"><br /></td></tr>
</tbody></table>
<a href="http://www.hackthesec.co.in/" target="_blank">www.hackthesec.co.in</a><br /><a href="http://www.twitter.com/hackthesecurity">www.twitter.com/hackthesecurity</a></div>
</div>
</div>
</div>

glibc - getaddrinfo Stack-Based Buffer Overflow

glibc - getaddrinfo Stack-Based Buffer Overflow Author: Google Security Research Download Exploit: Source www.hackthesec.co...

Deepin Linux 15 - lastore-daemon Privilege Escalation Exploit

Deepin Linux 15 - lastore-daemon Privilege Escalation Exploit

Deepin Linux 15 - lastore-daemon Privilege Escalation Author: King's Way Download Exploit: Source www.hackthesec.co.in...

Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion

<div dir="ltr" style="text-align: left;" trbidi="on">
<h1 style="background-color: white; box-sizing: border-box; color: #555555; font-family: 'Noto Sans', sans-serif; font-size: 38px; font-stretch: normal; font-weight: 300; line-height: 1.4; margin: 0px; text-align: center;">
Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion</h1>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq2QiFxP9h_BSgmFUz6wbQR2W5Io6SkHuBbAGDPiF91LjeAseDKggHRdID9fI_zwy4vAvSbUToGJhbGSgg9MeZU29YMe0LdHfPUVDrtLKbidwGZhw88-YkdXl2tVVGUPWfCzgR7i4xPRYT/s1600/Ramui_web_hosting_script_www.hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="424" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq2QiFxP9h_BSgmFUz6wbQR2W5Io6SkHuBbAGDPiF91LjeAseDKggHRdID9fI_zwy4vAvSbUToGJhbGSgg9MeZU29YMe0LdHfPUVDrtLKbidwGZhw88-YkdXl2tVVGUPWfCzgR7i4xPRYT/s640/Ramui_web_hosting_script_www.hackthesec.co.in.png" width="640" /></a></div>
<div>
<br /></div>
<div>
<strong style="background-color: white; font-family: Verdana, Geneva, sans-serif; line-height: 19.2px;"><a class="titlex" href="http://www.hackthesec.co.in/2016/01/ramui-forum-script-90-sql-injection.html" style="display: block; font-family: 'Open Sans', serif, sans-serif; font-stretch: normal; line-height: 1.4em; margin: 5px 0px 0px; max-height: 36px; overflow: hidden; text-decoration: none;"><br /></a></strong></div>
<div>
<table class="exploit_list" style="background-color: rgb(239, 239, 239) !important; border-radius: 3px !important; border-spacing: 1px; border: 1px solid rgb(221, 221, 221) !important; box-sizing: border-box; color: #666666; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 10px; margin-top: 10px; padding: 1px !important; width: 552px;"><tbody style="box-sizing: border-box;">
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">EDB-ID:</strong> 39355</td><td style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">CVE:</strong> N/A</td><td style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">OSVDB-ID:</strong> N/A</td></tr>
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">EDB Verified:</strong> <span class="fa fa-times" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; display: inline-block; font-family: FontAwesome; font-size: inherit; font-stretch: normal; line-height: 1; text-rendering: auto;"></span></td><td style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Author:</strong> <a href="https://www.exploit-db.com/author/?a=768" style="background-color: transparent; box-sizing: border-box; color: #337ab7; outline: 0px; text-decoration: none; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity;">bd0rk</a></td><td style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Published:</strong> 2016-01-28</td></tr>
<tr style="background-color: rgb(248, 248, 248) !important; box-sizing: border-box;"><td style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Download Exploit:</strong> <a href="https://www.exploit-db.com/download/39355" style="background-color: transparent; box-sizing: border-box; color: #337ab7; outline: 0px; text-decoration: none; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity;"><span class="fa fa-file-code-o" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; display: inline-block; font-family: FontAwesome; font-size: inherit; font-stretch: normal; line-height: 1; text-rendering: auto;"></span> Source</a> <span class="fa fa-file-o" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; display: inline-block; font-family: FontAwesome; font-size: inherit; font-stretch: normal; line-height: 1; text-rendering: auto;"></span> </td><td colspan="2" style="box-sizing: border-box; padding: 5px 10px;"><strong style="box-sizing: border-box;">Download Vulnerable App:</strong> <a href="https://www.exploit-db.com/apps/6abea7ec2c8e0031acdfdbbd622ea45e-ramui-web-hosting-directory-script-v4.tar.gz" style="background-color: transparent; box-sizing: border-box; color: #337ab7; outline: 0px; text-decoration: none; transition-duration: 0.3s; transition-property: background-color, box-shadow, border, color, opacity;"><span class="fa fa-download" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; display: inline-block; font-family: FontAwesome; font-size: inherit; font-stretch: normal; line-height: 1; text-rendering: auto;"></span></a></td></tr>
</tbody></table>
<br /><strong style="background-color: white; font-family: Verdana, Geneva, sans-serif; line-height: 19.2px;"><a class="titlex" href="http://www.hackthesec.co.in/2016/01/ramui-forum-script-90-sql-injection.html" style="display: block; font-family: 'Open Sans', serif, sans-serif; font-stretch: normal; line-height: 1.4em; margin: 5px 0px 0px; max-height: 36px; overflow: hidden; text-decoration: none;"></a><ul style="text-align: left;"><a class="titlex" href="http://www.hackthesec.co.in/2016/01/ramui-forum-script-90-sql-injection.html" style="display: block; font-family: 'Open Sans', serif, sans-serif; font-stretch: normal; line-height: 1.4em; margin: 5px 0px 0px; max-height: 36px; overflow: hidden; text-decoration: none;"></a>
<li><a class="titlex" href="http://www.hackthesec.co.in/2016/01/ramui-forum-script-90-sql-injection.html" style="display: block; font-family: 'Open Sans', serif, sans-serif; font-stretch: normal; line-height: 1.4em; margin: 5px 0px 0px; max-height: 36px; overflow: hidden; text-decoration: none;"><strong style="font-family: Verdana, Geneva, sans-serif; line-height: 19.2px;"></strong></a><strong style="font-family: Verdana, Geneva, sans-serif; line-height: 19.2px;"><a class="titlex" href="http://www.hackthesec.co.in/2016/01/ramui-forum-script-90-sql-injection.html" style="display: inline !important; font-family: 'Open Sans', serif, sans-serif; font-stretch: normal; line-height: 1.4em; margin: 5px 0px 0px; max-height: 36px; overflow: hidden; text-decoration: none;"><span style="color: red; font-size: large;">Ramui Forum Script 9.0 - SQL Injection Exploit</span></a></strong></li>
</ul>
</strong><br /><br /><pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); color: white; font-family: 'roboto slab'; font-size: 12px; line-height: 1.3em; margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"><span style="color: #999999;">Hack The Security</span>
<a href="https://www.twitter.com/hackthesecurity" style="color: #999999; text-decoration: none;" target="_blank">Hack The Security Twitter</a>
<a href="https://www.facebook.com/htsecu" style="color: #999999; text-decoration: none;" target="_blank">Hack The Security Facebook</a></pre>
</div>
</div>

Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion

Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion EDB-ID: 39355 CVE: N/A OSVDB-ID: N/A EDB Verified: Author:...

Wordpress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection

Wordpress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection

Wordpress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection Unauthenticated SQL injection Author...

Linux x86 - Egg-hunter (13 bytes)

Linux x86 - Egg-hunter (13 bytes)

Linux x86 - Egg-hunter (13 bytes) EDB-ID: 39204 CVE: N/A OSVDB-ID: N/A EDB Verified: Author: Dennis 'dhn' Herrman...

Linux/x86 execve "/bin/sh" - shellcode 24 byte

Linux/x86 execve "/bin/sh" - shellcode 24 byte

Linux/x86 execve "/bin/sh" - shellcode 24 byte EDB-ID: 39160 CVE: N/A OSVDB-ID: N/A EDB Verified: Author: Dennis ...

Critical iOS Flaw allowed Hackers to Steal Cookies from Devices

<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="color: #0b5394; font-family: Verdana, sans-serif; font-size: large;"><b>Critical iOS Flaw allowed Hackers to Steal Cookies from Devices</b></span><br />
<div style="background-color: white; border: 0px; color: #222222; font-family: 'Open Sans', arial, Helvetica, sans-serif; font-size: 16px; font-stretch: inherit; line-height: 31px; margin: 0px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Apple has patched a critical vulnerability in its iOS operating system that allowed criminal hackers to impersonate end users' identities by granting read/write access to website's unencrypted authentication cookies.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhud3SRZemHpKuHpD4FwUnupZozWBMDZmVVcxFPoCfLaqutDaT1ZepZdXqOOVIfiNWgX0MhD_Dl81mEhYGwsO1xuyjN4O-MQBWorhEayB3p4uPnVARNV4q-JdN_G3-Do3DDQjsIyd04jfI/s1600/iOS-Cookie-Theft_www.hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhud3SRZemHpKuHpD4FwUnupZozWBMDZmVVcxFPoCfLaqutDaT1ZepZdXqOOVIfiNWgX0MhD_Dl81mEhYGwsO1xuyjN4O-MQBWorhEayB3p4uPnVARNV4q-JdN_G3-Do3DDQjsIyd04jfI/s640/iOS-Cookie-Theft_www.hackthesec.co.in.png" width="640" /></a></div>
<div style="background-color: white; border: 0px; color: #222222; font-family: 'Open Sans', arial, Helvetica, sans-serif; font-size: 16px; font-stretch: inherit; line-height: 31px; margin: 0px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<br /></div>
<div style="background-color: white; border: 0px; color: #222222; font-family: 'Open Sans', arial, Helvetica, sans-serif; font-size: 16px; font-stretch: inherit; line-height: 31px; margin: 0px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<div style="background-color: white; border: 0px; color: #222222; font-family: 'Open Sans', arial, Helvetica, sans-serif; font-size: 16px; font-stretch: inherit; line-height: 31px; margin: 0px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
The vulnerability was fixed with the release of iOS 9.2.1 on Tuesday, almost three years after it was first discovered and reported to Apple.</div>
<div style="background-color: white; border: 0px; color: #222222; font-family: 'Open Sans', arial, Helvetica, sans-serif; font-size: 16px; font-stretch: inherit; line-height: 31px; margin: 0px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
The vulnerability, dubbed "<b style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Captive Portal</b>" bug, was initially discovered by <i style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Adi Sharabani</i> and <i style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Yair Amit </i>from online security company Skycure and privately reported to Apple in June 2013.</div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<h3 style="border: 0px; font-size: 1.4em; font-stretch: inherit; line-height: 35px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
Here's How the Vulnerability Worked</h3>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
The vulnerability caused due to the way iOS handles <b style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Cookie Stores </b>at <b style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Captive Portals</b>, generally a login page that requires users to authenticate themselves before connecting to the free or paid public Wi-Fi hotspots when they are first joining.</div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
So, when a user with a vulnerable iPhone or iPad connects to a captive-enabled network (<i style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">sample page shown in the screenshot below</i>) – typically at coffee shops, hotels, and airports – a login window is displayed showing terms and conditions over a standard, unencrypted HTTP connection.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfoMzsRHFZuLEk-j4M3N2oLMoaB2Ro5EDrFngIVUnFZVCsa1wsiEnlJTinxxIKa-7F9xVQmzCEV0L0ujJPasZSttHK0DSEeqzT9ZNLLzkkffUMg7NbE-fPm3odJwVX9Kgksu_CFT5wzNk/s1600/hotel-wifi_www.hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfoMzsRHFZuLEk-j4M3N2oLMoaB2Ro5EDrFngIVUnFZVCsa1wsiEnlJTinxxIKa-7F9xVQmzCEV0L0ujJPasZSttHK0DSEeqzT9ZNLLzkkffUMg7NbE-fPm3odJwVX9Kgksu_CFT5wzNk/s640/hotel-wifi_www.hackthesec.co.in.png" width="640" /></a></div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br /></div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
Once accepted, the affected user is able to browse the Internet normally, but the embedded browser shares its unencrypted cookie store with the Safari browser.</div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
According to a <a href="https://www.skycure.com/blog/shared-cookie-stores-bug-fixed-in-ios-9-2-1/" rel="nofollow" style="border: 0px; color: #1177b8; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">blog post</a> published by Skycure on Wednesday, this shared resource allowed hackers to create their own fake captive portal and associate it with the Wi-Fi network, enabling them to steal virtually any unencrypted cookie stored on the device when an affected iOS device is connected.</div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<h3 style="border: 0px; font-size: 1.4em; font-stretch: inherit; line-height: 35px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
Here's the List of Attacks a Hacker can Perform</h3>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
According to researchers, this captive portal vulnerability allows an attacker to:</div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
</div>
<ul style="border: 0px; font-stretch: inherit; margin: 20px 20px 20px 35px; outline: 0px; padding: 0px 0px 0px 5px; vertical-align: baseline;">
<li style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Perform an <b style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><u style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Impersonation Attack</u></b> – Attackers could steal users' unencrypted (HTTP) cookies associated with a website of their choice, allowing them to impersonate the victim's identity on the particular website.</li>
<li style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Perform a <b style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><u style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Session Fixation Attack</u></b> – This means, logging the victim into an attacker-controlled account (because of the shared Cookie Store). When the victims browse to the affected site via the Safari mobile browser, they'll be logged into the hacker's account instead of their own.</li>
<li style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Perform a <b style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><u style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Cache-Poisoning Attack</u></b> on the websites of the attacker's choice (by returning an HTTP response with caching headers). In this way, the attacker could execute malicious JavaScript every time the victim connects to that website in the future via the Safari mobile browser.</li>
</ul>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<h3 style="border: 0px; font-size: 1.4em; font-stretch: inherit; line-height: 35px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
Patch Your Device Right Now!</h3>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
The flaw affected iPhone 4S and iPad 2 devices and later. However, the vulnerability has been resolved with the release of <a href="https://support.apple.com/en-us/HT205732" rel="nofollow" style="border: 0px; color: #1177b8; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">iOS 9.2.1</a> in which there is an isolated cookie store for captive portals that will keep hackers at bay.</div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
Skycure says that this is the longest time ever taken by Apple to fix a bug, but the patch was much more complicated than it would be for a typical bug. Though, the company says it has no reports of exploits in the wild.</div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br style="content: ' '; display: block; margin: 20px 0px 0px; outline: 0px; padding: 0px;" /></div>
<div style="border: 0px; font-stretch: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
So, in order to keep yourself safe from such attacks, <a href="https://support.apple.com/en-us/HT205732" rel="nofollow" style="border: 0px; color: #1177b8; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">download iOS 9.2.1</a> as an over-the-air update from the Settings menu on your iOS device right now.</div>
</div>
</div>
</div>