Monthly Archives: January 2013

PHP Shell

Sometimes it’s useful to have shell access to a web server with sh ell on the client machine. PHP Shell provides an interface to execute shell commands or browse the filesystem on your remote web server. The complete guide is … Continue ...

Posted in Alpine Linux | Leave a comment

NOWASP (Mutillidae)

NOWASP (Mutillidae) is a vulnerable web-application. Similar to DVWA it provides a target for web security tests. The operating system is Alpine Linux with Lighttpd. The first step is to setup Lighttpd With FastCGI. MySQL is needed to serve as &helli...

Posted in Alpine Linux, Security | Leave a comment

mock als virtuelle Maschine

Here are the required steps, first run in your host: xhost +localhost (GUI only) + enable network connections to your X server mock -r fedora-devel-x86_64 init mock -r fedora-devel-x86_64 install app_you_want_to_run cp -a /usr/share/X11/fonts /var/li...

Posted in Fedora | Leave a comment

Check your OpenVAS installation

If you think that something went wrong during the installation of OpenVAS or just want to check if everything is ok, then the openvas-check-setup script can help. [crayon-59954dc7ce3dd101261512/] Make it executable [crayon-59954dc7ce3e2468456300/] Be...

Posted in Security | Leave a comment

fedup

Beside the yum way to update a running Fedora system I used preupgrade a couple of times in the past. Yesterday I gave fedup a try. Well, the process went seamless. It’s only a bit annoying that fedup doesn’t give … Continue readin...

Posted in Fedora | Leave a comment

flunym0us

flunym0us is another vulnerability scanner for WordPress. flunym0us is similar to wpscan but includes test for moodle....

Posted in Alpine Linux, Fedora, Security | Leave a comment

Banner grabbing 3

nmap can do the same with the help of NSE. [crayon-59954dc7ce68f338693106/]  ...

Posted in Fedora Security Lab, Security | Leave a comment

Android Mini PC MK802

My latest toy to play around is an Android Mini PC MK802 from Rikomagic. I like the RaspberryPi but from my point of view the missing wireless capability is a big disadvantage of the Pi. A very cool feature of … Continue reading →...

Posted in General | Leave a comment

WordPress Pingback PortScanner

While playing around with wpscan I noticed in the output that there was another tool mentioned called WordPressPingbackPortScanner. First checkout the source file from github. [crayon-59954dc7ce898042476893/] Switch to directory which was created dur...

Posted in Security | 1 Comment

SQLol

SQLol is a SQL injection playground which allows you to exploit and detect SQL injection flaws. [crayon-59954dc7cecfe428014945/] Create a symlink in the web server and edit the configuration file to match your MySQL configuration. [crayon-59954dc7ced...

Posted in Alpine Linux, Security | Leave a comment

WPscan

WordPress is very a very common blogging platform and CMS nowadays. Bigger popularity attracts more bad guys and script kiddies to do evil stuff against your WordPress instance. To get yourself a clearer picture about your own site, wpscan can &helli...

Posted in Fedora, Fedora Security Lab, Security | 3 Comments

Bcfg2 1.3.0rc1

Today the first release candidate for Bcfg2 1.3.0 was released. Bcfg2 1.3.0rc1 is a release candidate, and should be representational of the final 1.3.0 release. The code is quite stable at this point, but this remains a release *candidate*, so &hell...

Posted in Configuration management | Leave a comment

Banner grabbing 2

Another option for banner grabbing is wbox. This post is just an addition to this one. wbox [crayon-59954dc7cf551265744162/]...

Posted in Alpine Linux, Fedora, Security | Leave a comment

node.js and Fedora, II

The sad times without node.js in Fedora were over…so far the only easy way to install node.js on a Fedora-based system was the usage of a third-party repos which was outdated. But now, thanks to Stephan, Matthias, and all other … Continu...

Posted in Fedora | Leave a comment

Banner grabbing

For the reconnaissance part or target server enumeration of a security audit banner grabbing is a technique to gain information about computer systems (which are defined in the test scope). As usual there are many ways to do it. Below … Contin...

Posted in Alpine Linux, Fedora, Security | 1 Comment