Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
The digital taxes on Facebook, Google and other technology firms has resumed in France.
#International
#International
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CENTOS SECURITY TIPS :
1) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.
Often, buffer overflow attacks can exploit these executables to run unauthorized code as root.
# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:
# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:
# chmod gs / path / to / binary_file
22. Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.
Run the find command below to get a list of files or directories without users and groups.
# find / -nouser -o -nogroup -exec ls -l {} \;
2) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.
Run the command below to display writable files other than symbolic links which are always writable to everyone.
# find / -path / proc -prune -o -perm -2! -type l βls
3) Create strong passwords
Create a password that is at least eight characters long.
Password must contain numbers, special characters and capital letters.
Use pwmake to generate a 128-bit password from / dev / urandom.
# pwmake 128
25. Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:
password required pam_pwquality.so retry = 3
By adding this line, you are entering a policy where the entered password cannot contain more than 3 characters in a monotone sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.
To force users to use a password of at least 8 characters, including all character classes, sequential character checking, add the following lines to /etc/security/pwquality.conf:
minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CENTOS SECURITY TIPS :
1) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.
Often, buffer overflow attacks can exploit these executables to run unauthorized code as root.
# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:
# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:
# chmod gs / path / to / binary_file
22. Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.
Run the find command below to get a list of files or directories without users and groups.
# find / -nouser -o -nogroup -exec ls -l {} \;
2) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.
Run the command below to display writable files other than symbolic links which are always writable to everyone.
# find / -path / proc -prune -o -perm -2! -type l βls
3) Create strong passwords
Create a password that is at least eight characters long.
Password must contain numbers, special characters and capital letters.
Use pwmake to generate a 128-bit password from / dev / urandom.
# pwmake 128
25. Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:
password required pam_pwquality.so retry = 3
By adding this line, you are entering a policy where the entered password cannot contain more than 3 characters in a monotone sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.
To force users to use a password of at least 8 characters, including all character classes, sequential character checking, add the following lines to /etc/security/pwquality.conf:
minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TAKE A LOOK:
Hack and creative and unusual things that can be done with the Windows API :
Disabled the close, maximimize and minimize buttons
Removed the drop down menu (View, Edit, Help)
Changed the width and height of the Window borders
Changed the title
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) download https://github.com/LazoCoder/Windows-Hacks
2) Make sure you have Visual Studio and .NET Framework 4.5.2.
3) Download the zip.
4) Unzip it.
5) Open WindowsHacks.sln in Visual Studio.
6) Press F5 to run it.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TAKE A LOOK:
Hack and creative and unusual things that can be done with the Windows API :
Disabled the close, maximimize and minimize buttons
Removed the drop down menu (View, Edit, Help)
Changed the width and height of the Window borders
Changed the title
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) download https://github.com/LazoCoder/Windows-Hacks
2) Make sure you have Visual Studio and .NET Framework 4.5.2.
3) Download the zip.
4) Unzip it.
5) Open WindowsHacks.sln in Visual Studio.
6) Press F5 to run it.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
Damn Small SQLi Scanner FREE :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½:
1) https://github.com/stamparm/DSSS
2) cd stamparm/DSSS
3) $ python3 dsss.py -h
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)
4) $ python3 dsss.py -u "http://testphp.vulnweb.com/artists.php?artist=1"
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)
5) scanning GET parameter 'artist'
(i) GET parameter 'artist' could be error SQLi vulnerable (MySQL)
(i) GET parameter 'artist' appears to be blind SQLi vulnerable (e.g.: 'http://t
estphp.vulnweb.com/artists.php?artist=1%20AND%2061%3E60')
scan results: possible vulnerabilities found
β β β Uππ»βΊπ«Δπ¬πβ β β β
Damn Small SQLi Scanner FREE :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½:
1) https://github.com/stamparm/DSSS
2) cd stamparm/DSSS
3) $ python3 dsss.py -h
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)
4) $ python3 dsss.py -u "http://testphp.vulnweb.com/artists.php?artist=1"
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)
5) scanning GET parameter 'artist'
(i) GET parameter 'artist' could be error SQLi vulnerable (MySQL)
(i) GET parameter 'artist' appears to be blind SQLi vulnerable (e.g.: 'http://t
estphp.vulnweb.com/artists.php?artist=1%20AND%2061%3E60')
scan results: possible vulnerabilities found
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - stamparm/DSSS: Damn Small SQLi Scanner
Damn Small SQLi Scanner. Contribute to stamparm/DSSS development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
