Deletium

Slowloris HTTP DoS: A new and dangerous exploit out there for the apache server.

“Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up.”

In essence you can send a Denial Of Service attack to website using one laptop over a proxy.

Here will be a way of preventing the slowloris attack on apache 2.2.3 server running on centos 5.3

cd tmp/

wget http://downloads.sourceforge.net/project/mod-qos/mod-qos/8.13/mod_qos-8.13-src.tar.gz?use_mirror=hivelocity

tar xvfz mod_qos-8.13-src.tar.gz

cd mod_qos-8.13/apache2

apxs -i -c mod_qos.c  (if you do not have apxs then you have to yum install httpd-devel and make sure you edit out the exclude updates to httpd in your yum.conf file)

Libraries have been installed in:
/usr/lib/httpd/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR’
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH’ environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH’ environment variable
during linking
- use the `-Wl,–rpath -Wl,LIBDIR’ linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf’
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
———————————————————————-
chmod 755 /usr/lib/httpd/modules/mod_qos.so

cd etc/httpd/conf

nano qos.conf

MaxClients 256

# disables keep-alive when 70% of the TCP connections are occupied:

QS_SrvMaxConnClose 180

# minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):

QS_SrvMinDataRate 150 1200

# and limit request header and body (carefull, that limits uploads and post requests too):

# LimitRequestFields 30

# QS_LimitRequestBody 102400

</IfModule>

save it

edit httpd.conf

and add

some feeds have mp3 files, txt files, pdfs you name it in their feeds and require you to check them every so often. Here is a script written in python that you can use to have your computer automatically read the feed and wget the files you want.

in your /bin directory use nano to write a new file call it fetch_mp3_blogdigger.py

call it what you want we will use this example to get mp3 files from the blogdigger rss feeds.

shown here http://www.blogdigger.com/media/mp3.xml

#!/usr/bin/env python
from urllib2 import urlopen
import re
import os
url=’http://www.blogdigger.com/media/mp3.xml’
content=urlopen(url).read()
contents=content.split()
pat=re.compile(’(http://packetstormsecurity.org/\S+?\.mp3)’)
groups=(pat.search(line) for line in content.split())
tuples=(g.groups() for g in groups if g)
for mp3, in tuples:
cmd=’wget %s’%mp3
print cmd
os.system(cmd)

Working on an MySQL database through command line may seem 1337 and all but it usually becomes lame after a few tried with it. Besides people like to visually see databases when working with it. Believe me I know. I always recommend MySQL with phpmyadmin to administer databases because phpmyadmin is webbased and web based applications use a lot less resources then executables. The only flaw with phpmyadmin is that running queries on it is considerably slower then say… MySQL Workbench.  However GUI tools for databases are often much more powerful and can do a lot more with little effort. That is where this method comes in. Now you can take your favorite MySQL Gui editor and edit your database remotely through just SSH tunneling.

Connecting to localhost’s port 3306 is easy. When it comes to configuring the remote database, many developers resort to SSH or web applications such as phpMyAdmin. SSH tunneling allows you to use your favorite desktop GUI to access your remote MySQL database.

Read the rest of this entry »

This is a cross scripting exploits against academic programs using the
YEKTAWEB Academic Web Tool
============== IUT-CERT ===============

 Title: Academic Web Tools CMS Multiple XSS
 Vendor: www.yektaweb.com
 Vulnerable Version: 1.5.7 and priors
 Type: XSS
 Fix: N/A
 Dork: AWT YEKTA

================  nsec.ir ============

Description:
------------------

YEKTAWEB Academic Web Tools is a Persian Content Management System

(CMS) for managing university affairs such as conferences, journals and etc.

The built-in filter of this package can not prevent XSS attack on some parameters.

Vulnerabilities:

------------------

 Read the rest of this entry »
				

Like I said I wanted a way to convert all my wmv files to flv files on my server

My previous method using FFMEG was not perfect so i developed another method using menconder
first go to your bin directory

/bin

then nano batchmencoderwmv

paste this code

Read the rest of this entry »

This tutorial will show you how to make a basic rain effect using actionscript 3.0. Because we are using 3.0 there is no need for a time line. This will all be done using only 1 frame!

First thing you need to do is draw your rain drop and convert it to a movie script. Name the rain drop “drop” and make it the instance of “drop”

drop

Good Now right click the symbol in the Library window and go to linkage

select Export for ActionScript and Export in first frame

Class: drop

Base class:  flash.display.MovieClip

Now in the frame right click go to actions..

Here is the actionscript

Read the rest of this entry »

Find below the details of a vulnerability in the HP Quality Center product (formely Mercury Quality Center).

Introduction
——————

Quality Center (QC) is a web-based QA testing and management tool. It is a product from HP when they took over Mercury Interactive last year.

The front-end of the application is composed of COM components that plug into the web browser. Quality Center provides a customization capability (called workflow) which allow the administrator to modify the default behavior. This workflow is driven by VBScript functions that are called whenever a particular event occurs on the client front-end.

In order to optimize the interaction speed of the application, a cache folder is created on the client machine. By default, this folder is located at %tmp%/TD_80. Whenever a user connects to a Quality Center project, 2 folders are created within the cache folder. One of these folders contain a copy of the workflow scripts used to customize the application. Indeed, those files are required on the client machine because the workflow is execute on the client, not on the server.

There exists 1 VBScript workflow file per feature. Those are:
* Login/Logout (common.tds)
* Defects module (defects.tds)
* Manual Test Execution (manrun.tds)
* Test Requirements module (req.tds)
* Test Lab module (testlab.tds)
* Test Plan module (testplan.tds)

The customization feature of Quality Center is often used for:
* Controlling password compliance (no blank password, more than 8 letters, etc.)
* Chained lists (when a value is selected in a field, another field gets updated with a list relevant to that value)
* Automatic updates to some QC components (Test, Test Set, Defect objects, hidden fields)
* Hidding information depending on the user’s group (used when a project is shared with different vendors)
* Others
Read the rest of this entry »

Many people think a quick format of your hard drive will erase their data and they will be fine. Well ofcourse this is not the case anybody with a basic computer know-how can recover your deleted data. I.E passwords, financial data, your sexual fetishes, the name of the girl you are having an affair with… the list is endless. So we will talk about how to properly delete data from your hard disk.

Understanding File Deletion

The first step to secure file deletion is understanding how file deletion works.  What happens in the case of file deletion is that when the user tells the computer to delete a file it marks the bytes that accompanied that file available for overwritting. The file is still there but only marked to be overwritten later.

Read the rest of this entry »

I wanted a way to convert all my wmv files on the server to flv files so I can make streaming media so I wrote this script to batch them all

cd /bin

nano batchffmpegwmv

ls *.wmv | while read file; do
echo $file
ffmpeg -i “$file” -y -f flv -ar 44100 -ab 256k “$file”\.flv
rename ’s/\.wmv\.flv/.flv/’ “file”
done

ECHO_ADV_103$2009

—————————————————————————————–
[ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability
—————————————————————————————–

Author       : K-159
Date         : February, 23 th 2009
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore=126
Critical Lvl : Medium
Impact       : Manipulation of data / Exposure of sensitive information
Where        : From Remote
—————————————————————————

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : taifajobs
version     : <= 1.0
Vendor      : http://sourceforge.net/projects/taifajobs
Description :

In job recruitment system job seekers and recruiters post their details.
The job seekers create an online resume on their profiles
and recruiters can add the organization’s information, post & manage job advertisements & applications.

—————————————————————————
Read the rest of this entry »