GNUCITIZEN

A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as “Important” by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]

In case you haven’t heard yet, HITBSecConf is hosting the first European Edition of their conference in Amsterdam during 1st-2nd July ’10. The history of the HITB conferences can be traced back to 2002, the year in which the first ever edition of HITB took place in Malaysia. Since then, HITB has grown to become the biggest technical computer security event in Asia and has extended their presence to the Middle East and now Europe. [...]

Some time ago, we released a proof-of-concept (PoC) that would crash CUPS when visiting a webpage containing a specially-crafted payload. The POC was tested on Ubuntu 8.04.1 LTS (hardy) and would crash the CUPS daemon which listens to localhost on port TCP/631 – even when the user would not currently be logged into CUPS.

The crash was only possible for the following reasons:

By default CUPS

This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here.

As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camera was available on the open ports found. [...]

After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release.

Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (www.bothunters.pl), Philipp Winter (7c0.org) and meathive (kinqpinz.info). Thanks guys, your feedback was highly valuable to me. [...]

This post is gonna be a quick one, since it’s nothing more than the result of me tiding up my pendrive files.

Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX. [...]

What is the best way to spend a quiet, weekend afternoon? – Jump off a perfectly working plane while 10,000 feet in the air.

On 5th of July 2009, the GNUCITIZEN team and friends came together to perform a skydiving gig. It has been two months since that day but memories are still as clear as yesterday.

Automated Web Application Security Testing tools are in the core of modern penetrating testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment.

These tools are not unfamiliar to modern day penetration testers. [...]

I’ve been meaning to talk about CONFidence and EUSecWest for quite a while, but May was such an intense month for me, that’s hardly left me with any time for other things. I eventually got caught up with other matters, which resulted in me publishing this post about 2 months late.

I’ve been researching, pentesting, and preparing two different presentations which I gave at CONFidence in Krakow, and EUSecWest in London.

pdp has also been busy presenting at AusCERT2009. [...]

I couldn’t find any public PoC/exploit for this phpMyAdmin vulnerability, despite it being a serious bug affecting a popular open-source project.

I think this vulnerability is a nice reminder that it’s still possible to perform remote command execution these days without relying on SQL injection (i.e.: xp_cmdshell) or a memory corruption bug (i.e.: heap overflow).

All the documentation you need is in the script comments. [...]