PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit
An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.
Read MoreAn interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.
Read MorePenetration Testing with BackTrack v3.0 now available and better than ever!
Read MorePenetration Testing with BackTrack updates
Read MoreBackTrack 4 Downloads are still going strong with over 30,000 registered downloads up to now. We are currently working on updating our new course materials based on BackTrack 4. We expect the new version to be available soon.
As always, alumni students will be able to upgrade their version of PWB. The upgrade fee will (as usual) be the difference between the current price and new one. No, we don’t have pricing information at this point!
Read MoreTaken from the new BackTrack Site :
BackTrack 4 Final is out and along with this release come some exciting news, updates, and developments. BackTrack 4 has been a long and steady road, with the release of abeta last year, we decided to hold off on releasing BackTrack 4 Final until it was perfected in every way shape and form.
With this release includes a new kernel, a larger and expanded toolset repository,
Read MoreLots of new updates in the exploit-db arena. Barabas whipped up a quick browser search bar plugin.
We got a massive CVE / OSVDB entry update from Steve Tornio which was added to our DB. Our “perfect” exploit template now has links to the exploit code, vulnerable app , CVE and OSVDB entries. See this example. You can now search for exploits via CVE or OSVDB.
We’ve added a new column to the database –
Read MoreThe Exploit Database is up and running…survived day 1 . On a last moment fluke, we registered the domain https://www.exploit-db.com/, which is now also up and running.
We’ve improved the search functions on the site, and imported the “papers” and “shellcode” sections from Milw0rm. We’ve been getting our first submissions and are processing them almost in real time. We’ve set up an IRC channel on freenode #exploitdb,
Read MoreAfter a short and intense setup, we are ready to present the Offsec Exploit Archive. We’ve recreated the milw0rm database, updated it and are now accepting submissions. The purpose of the site is to provide researchers and security enthusiasts a repository of exploits, and when possible, the relevant affected software. We’ve started the party by posting a few new exploits of our own – namely a Novell eDirectory 8.8 SP5 iConsole Buffer overflow exploit and a HP Power Manager Administration Universal Buffer Overflow Exploit.
Read MoreFor the past couple of weeks we have been watching escalating DOS attacks against our web server, specifically against the Metasploit Unleashed Wiki. Today as we were watching our apache logs, we noticed unusual requests. A quick analysis showed that our web server was compromised through a vulnerability in the wiki software we use for the free Metasploit course. The compromise occurred on Nov 6th,and went unnoticed for around 28 hours.
A php shell was uploaded to the wiki through an obscure vulnerability,
Read MoreThe Framework that we all know and love is about to take a massive leap into the future. The MSF crew as well as the MSF itself has been placed under Rapid 7’s corporate umbrella.
The framework will continue to be free, running under the BSD license. We expect to see major improvements in the MSF due to this shift. With corporate backing there will be more resources and time to improve the MSF.
Read More5M7X has completed his DECT write-up, and it rocks. As DECT phone manufacturers rarely give any indication about their phone encryption capabilities, the only reliable way to check the security of your phone is to test it yourself.
Read More
BIG FAT HAIRY NOTE: IT IS ILLEGAL TO RECORD PHONE CONVERSATIONS IN MANY COUNTRIES. For a list of state privacy laws in the US, click here and here.
Thanks to 5m7x, dedected is soon to be added to the BackTrack repositories. In our internal tests, the standard AT&T cordless phone was found not to use encryption. The recording quality was phenomenal – you can find a copy of this recording here.
Read MoreWe have pushed a new kernel to the repository and updated several drivers. The upgrade process is a bit convoluted, but has been streamlined for the future. For now, run these commands from your backtrack box to update to the latest kernel and drivers:
apt-get update
apt-get install -d linux-image
cd /var/cache/apt/archives/
dpkg -i –force all linux-image-2.6.30.5_2.6.30.5-10.00.Custom_i386.deb
apt-get dist-upgrade
apt-get install madwifi-drivers
apt-get install r8187-drivers
After a reboot,
Read MoreThe latest Linux Kernel ‘sock_sendpage()’ NULL Pointer Dereference Vulnerability did not spare BackTrack 4 either. We’ve taken this opportunity to upgrade the BackTrack 4 kernel and include the required security patch.
The patched kernel source and image can be downloaded here :
BackTrack 4 Kernel Image (2.6.30.4)
BackTrack 4 Kernel Source (2.6.30.4)
*Links removed*
The repositories will be updated soon, to include additional drivers compiled against this kernel.
Read MoreSocial Engineer your way to a free course!
DC718 and Telephreak are bringing Social Engineering back to Defcon.
Offensive Security has linked together with DC718, Telephreak, the contest/event Goons Pyr0 and Russr and www.social-engineer.org to have the best of the best to judge and help mold this contest into the display of the serious threat that still exists with this attack vector. For more information,
Read MoreTwo weeks later..