Archive for category Security
Script to distribute SSH Keys across many servers
Posted by admin in Hosting, Linux, Security, Shell Scripting on December 7th, 2009
Hello once again!
You may remember an earlier post that detailed how to implement SSH Key based authentication.
We believe it is important, when administering many (sometimes hundreds or thousands) of servers, to implement a strategy that can allow systems administrators to seamlessly run scripts, system checks or critical maintenance across all the servers.
SSH Key authentication allows for this potential. It is a very powerful strategy and should be maintained and implemented with security and efficiency as a top priority.
Distributing keys for all authorized systems administrators is something that would allow for the maintenance of this authentication system much easier — when an admin leaves or is dismissed, you need to be able to remove his or her’s keys from the “pool” quickly.
The idea behind this script is to have a centralized, highly secure and restricted key repository server. Each server in your environment would run this script to “pull” the updated key list from the central server. The script would run as a cron job and can run as often as you like. Ideally every 5-10 minutes would allow for quick key updates / distribution.
Here is the perl script :
#!/usr/bin/perl
#
# A script to sync ssh keys on UNIX servers automatically. This
# will not overwrite user installed ssh keys
# Star Dot Hosting : www.stardothosting.com
#
use strict;
use IPC::Open3;
use File::Copy;
use POSIX ":sys_wait_h";
# This is overkill but FreeBSD may install wget in
# /usr/local/bin in some cases.
$ENV{PATH} = "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin";
####################################################
use constant URL => 'http://keys.keyhostserver.com/ssh.keys.txt';
use constant WGET => 'wget -q -O - ';
use constant KEYS_FILE => '/root/.ssh/authorized_keys';
use constant RESTRICTED => 'http://keys.keyhostserver.com/restricted.txt';
####################################################
my ($url, $wget, $keys_file, $restricted, %restrict);
for (my $i=0;$i) {
chomp;
$restrict{$_}++;
}
}
$pid = open3(\*WTR, \*RTR, \*ERR, "$wget");
while () {
next unless $_ =~ / (\S+)\@company$/;
next if $restrict{$1};
$company_keys .= $_;
}
$user_keys = read_key_file();
# Sanity check
my @rows = split('\n', $company_keys);
if (scalar @rows < 5) {
print "Less than 5 company keys found, not installing keys..\n";
exit(1);
} elsif ($company_keys !~ /backup\@company\n/) {
print "No backup key found, exiting..\n";
exit(1);
}
open(TMP, ">$keys_file.$$.tmp") or die "Could not open tmp keys file: $!\n";
print TMP $company_keys;
print TMP $user_keys;
close(TMP);
# Sanity check
my (undef,undef,undef,undef,undef,undef,undef,$size,undef,undef,undef,undef,undef) = stat("$keys_file.$$.tmp");
if ($size < 5000) {
print "Keys file less than 5k, not writing";
exit(1);
}
move("$keys_file.$$.tmp", $keys_file);
sub read_key_file {
my $user_buf;
open(KEY_FILE, "< $keys_file") or die "Could not open ssh key file; $!\n";
while () {
next if $_ =~ /company$/;
$user_buf .= $_;
}
close(KEY_FILE);
return($user_buf);
}
sub sig_chld {
my $pid = waitpid(-1, WNOHANG);
}
sub usage {
print STDERR <<"EOS";
Usage: $0 -[kuh]
-k Keys file to write to (default: @{[KEYS_FILE]})
-u URL to download keys from (default: @{[URL]})
-h This screen
EOS
exit(1);
}
1;
__END__
Note that it downloads the public keys via http with wget. This can be easily modified to utilize https, if necessary, or perhaps even another protocol to make the transfer. HTTP Was chosen because the public keys are harmless and http is the easiest method. HTTPS would be desirable, however.
We hope this script helps you along the way towards making your life easier! 
Related Links:
Shell Script to Report On Hacking Attempts
It is always a good idea , when implementing open source firewall implementations (iptables, pf, etc), to build in as much reporting and verbosity as possible.
Having verbose reports on the state of your firewall, intrusion attempts and other information is key to ensuring the health and integrity of your network.
Somewhere along the line, we wrote a script to provide daily reports on intrusion attempts to penetrate our network — this usually happens when someone exceeds certain connection thresholds.
It may not be the most informative data, but the script can be modified to provide other important statistical information. It can also be modified to be used with other firewall implementations. I’m certain it wouldn’t be hard to convert this script to utilise iptables.
Below you will find the script itself — it can be set to run daily as a cronjob perhaps. Also note that the script tries to resolve a hostname for the IP address to at least provide some quick & easy information to the security administrators when determining coordinated attacks or attacks coming from compromised systems.
#!/bin/bash
# SDH PFCTL Daily Hack Table check
yesterday1=`date -v -1d +"%b"`
yesterday2=`date -v -1d +"%e"`
yesterday_display=`date -v -1d +"%b %d %Y"`
echo "" > /var/log/tablecheck.log
/sbin/pfctl -vvsTables > /var/log/pfctltables.log
echo "Firewall Table Audit: " $yesterday_display >> /var/log/tablecheck.log
echo -e "----------------------------------">> /var/log/tablecheck.log
echo -e "" >> /var/log/tablecheck.log
for obj0 in $(cat /var/log/pfctltables.log | grep "\-pa\-r\-" | awk -F "\t" '{printf "%s\n", $2}');
do
echo -e $obj0 "TABLE" >> /var/log/tablecheck.log
echo -e "--------------" >> /var/log/tablecheck.log
# this is because the date command outputs single digit non-aligned right, but pfctl doesnt display that way 
if [ "$yesterday2" -le 9 ]
then
/sbin/pfctl -t $obj0 -Tshow -vv | grep -A 4 -B 1 "$yesterday1 $yesterday2" >> /var/log/tablecheck.log 2>&1
else
/sbin/pfctl -t $obj0 -Tshow -vv | grep -A 4 -B 1 "$yesterday1 $yesterday2" >> /var/log/tablecheck.log 2>&1
fi
if [ "$?" -eq 1 ]
then
echo -e "No values found for yesterday" >> /var/log/tablecheck.log
echo -e "" >> /var/log/tablecheck.log
else
echo -e "Hostnames :" >> /var/log/tablecheck.log
for obj1 in $(/sbin/pfctl -t $obj0 -Tshow -vv | grep -B 1 "$yesterday1 $yesterday2" | grep -v "Cleared" | grep -v "\-\-");
do
iphostnm=`/usr/bin/nslookup $obj1 | grep -A1 "Non-authoritative answer" | grep "name" | awk -F "=" '{printf "%s\n", $2}'`
if [ "$?" -eq 0 ]
then
echo -e "$obj1 / $iphostnm" >> /var/log/tablecheck.log
else
echo -e "$obj1 / No host name found" >> /var/log/tablecheck.log
fi
done
echo -e "" >> /var/log/tablecheck.log
fi
done
cat /var/log/tablecheck.log | mail -s "Firewall Table Report" you@youremail.com
Enjoy!
Related Links:
Network Audit Bash Script Using Netbios and Nmap
Posted by admin in Security, Shell Scripting on July 18th, 2009
Working in a large office, it is sometimes necessary to use different network audit tools in order to properly assess the integrity and security of networks.
In order to quickly audit a network , I created this script to scan selected IPs, read from a configuration file, and compile a simple report to be emailed. The script can be modified to suit your needs, such as exporting the data to a database or perhaps an HTML report for a web based reporting site.
The script itself doesn’t do anything particularly special, however it has proven useful when you want to do a quick & dirty network audit.
There are other tools out there, such as OpenAudit, Nessus and Nmap that could do similar tasks. However, the important thing to remember here is that those tools (with the exception of open audit perhaps) can be incorporated into this script to perform regular scheduled audits.
This script could actually be updated to utilize nmap v5.0 — utilizing the new features plus ndiff could turn this script into a very powerful network analysis tool.
Hopefully some of you will find some use out of the script! Enjoy!
#!/bin/sh
# Basic Information Gathering
currentmonth=`date "+%Y-%m-%d"`
rm lindows.log
echo "Hostname Identification Audit: " $currentmonth >> lindows.log
echo -e "------------------------------------------" >> lindows.log
echo -e >> lindows.log
for obj0 in $(grep -v "^#" all_linux_windows_ips.txt);
do
# Check if windows
check=`nmap -e bge0 -p 3389 $obj0 | grep open`
if [ "$?" -eq 0 ]
then
windowshost=`nbtscan -v -s , $obj0 | head -n 1 | awk -F"," '{printf "%s", $2}'`
if [ -n "${windowshost:+x}" ]
then
echo -e "$windowshost\t: $obj0\t: WINDOWS" >> lindows.log
else
echo -e "NETBIOS UNKOWN\t: $obj0\t: WINDOWS" >> lindows.log
fi
else
# Check if linux or freebsd
ssh_get=`ssh -l ims $obj0 '(uname | sed 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' && hostname | sed 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/')'`
if [ "$?" -eq 0 ]
then
uname=`echo $ssh_get | awk -F" " '{printf "%s", $1}'`
hostname1=`echo $ssh_get | awk -F" " '{printf "%s", $2}'`
hostname2=`echo $hostname1 | awk -F"." '{printf "%s", $1}'`
echo -e "$hostname2\t: $obj0\t: $uname" >> lindows.log
else
echo -e "UNKNOWN ERROR\t: $obj0\t: PLEASE CHECK HOST" >> lindows.log
fi
fi
done
cat lindows.log | mail -s 'Windows/FreeBSD/Linux Host Audit' your@email.com
Note that the “all_windows_linux_ips.txt” is just a text file with the ip addresses of all hostnames on your network. It can be modified to simply utilize whole subnets to make it easier to perform the audit.
Related Links:
Testing for weak SSL ciphers for security audits
During security audits, such as a PCI-DSS compliance audit, it is very commonplace to test the cipher mechanism that a website / server uses and supports to ensure that weak / outdated cipher methods are not used.
Weak ciphers allow for an increased risk in encryption compromise, man-in-the-middle attacks and other related attack vectors.
Due to historic export restrictions of high grade cryptography, legacy and new web servers are often able and configured to handle weak cryptographic options.
Even if high grade ciphers are normally used and installed, some server misconfiguration could be used to force the use of a weaker cipher to gain access to the supposed secure communication channel.
Testing SSL / TLS cipher specifications and requirements for site
The http clear-text protocol is normally secured via an SSL or TLS tunnel, resulting in https traffic. In addition to providing encryption of data in transit, https allows the identification of servers (and, optionally, of clients) by means of digital certificates.
Historically, there have been limitations set in place by the U.S. government to allow cryptosystems to be exported only for key sizes of, at most, 40 bits, a key length which could be broken and would allow the decryption of communications. Since then, cryptographic export regulations have been relaxed (though some constraints still hold); however, it is important to check the SSL configuration being used to avoid putting in place cryptographic support which could be easily defeated. SSL-based services should not offer the possibility to choose weak ciphers.
Testing for weak ciphers : examples
In order to detect possible support of weak ciphers, the ports associated to SSL/TLS wrapped services must be identified. These typically include port 443, which is the standard https port; however, this may change because a) https services may be configured to run on non-standard ports, and b) there may be additional SSL/TLS wrapped services related to the web application. In general, a service discovery is required to identify such ports.
The nmap scanner, via the “–sV” scan option, is able to identify SSL services. Vulnerability Scanners, in addition to performing service discovery, may include checks against weak ciphers (for example, the Nessus scanner has the capability of checking SSL services on arbitrary ports, and will report weak ciphers).
Example 1. SSL service recognition via nmap.
[root@test]# nmap -F -sV localhost Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-07-27 14:41 CEST Interesting ports on localhost.localdomain (127.0.0.1): (The 1205 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 443/tcp open ssl OpenSSL 901/tcp open http Samba SWAT administration server 8080/tcp open http Apache httpd 2.0.54 ((Unix) mod_ssl/2.0.54 OpenSSL/0.9.7g PHP/4.3.11) 8081/tcp open http Apache Tomcat/Coyote JSP engine 1.0 Nmap run completed -- 1 IP address (1 host up) scanned in 27.881 seconds [root@test]#
Example 2. Identifying weak ciphers with Nessus. The following is an anonymized excerpt of a report generated by the Nessus scanner, corresponding to the identification of a server certificate allowing weak ciphers
https (443/tcp) Description Here is the SSLv2 server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=**, ST=******, L=******, O=******, OU=******, CN=****** Validity Not Before: Oct 17 07:12:16 2002 GMT Not After : Oct 16 07:12:16 2004 GMT Subject: C=**, ST=******, L=******, O=******, CN=****** Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:98:4f:24:16:cb:0f:74:e8:9c:55:ce:62:14:4e: 6b:84:c5:81:43:59:c1:2e:ac:ba:af:92:51:f3:0b: ad:e1:4b:22:ba:5a:9a:1e:0f:0b:fb:3d:5d:e6:fc: ef:b8:8c:dc:78:28:97:8b:f0:1f:17:9f:69:3f:0e: 72:51:24:1b:9c:3d:85:52:1d:df:da:5a:b8:2e:d2: 09:00:76:24:43:bc:08:67:6b:dd:6b:e9:d2:f5:67: e1:90:2a:b4:3b:b4:3c:b3:71:4e:88:08:74:b9:a8: 2d:c4:8c:65:93:08:e6:2f:fd:e0:fa:dc:6d:d7:a2: 3d:0a:75:26:cf:dc:47:74:29 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate Page 10 Network Vulnerability Assessment Report 25.05.2005 X509v3 Subject Key Identifier: 10:00:38:4C:45:F0:7C:E4:C6:A7:A4:E2:C9:F0:E4:2B:A8:F9:63:A8 X509v3 Authority Key Identifier: keyid:CE:E5:F9:41:7B:D9:0E:5E:5D:DF:5E:B9:F3:E6:4A:12:19:02:76:CE DirName:/C=**/ST=******/L=******/O=******/OU=******/CN=****** serial:00 Signature Algorithm: md5WithRSAEncryption 7b:14:bd:c7:3c:0c:01:8d:69:91:95:46:5c:e6:1e:25:9b:aa: 8b:f5:0d:de:e3:2e:82:1e:68:be:97:3b:39:4a:83:ae:fd:15: 2e:50:c8:a7:16:6e:c9:4e:76:cc:fd:69:ae:4f:12:b8:e7:01: b6:58:7e:39:d1:fa:8d:49:bd:ff:6b:a8:dd:ae:83:ed:bc:b2: 40:e3:a5:e0:fd:ae:3f:57:4d:ec:f3:21:34:b1:84:97:06:6f: f4:7d:f4:1c:84:cc:bb:1c:1c:e7:7a:7d:2d:e9:49:60:93:12: 0d:9f:05:8c:8e:f9:cf:e8:9f:fc:15:c0:6e:e2:fe:e5:07:81: 82:fc Here is the list of available SSLv2 ciphers: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 RC4-64-MD5 The SSLv2 server offers 5 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against a brute force attack Solution: disable those ciphers and upgrade your client software if necessary. See http://support.microsoft.com/default.aspx?scid=kben-us216482 or http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite This SSLv2 server also accepts SSLv3 connections. This SSLv2 server also accepts TLSv1 connections. Vulnerable hosts (list of vulnerable hosts follows)
Example 3. Manually audit weak SSL cipher levels with OpenSSL. The following will attempt to connect to Google.com with SSLv2.
[root@test]# openssl s_client -no_tls1 -no_ssl3 -connect www.google.com:443
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDYzCCAsygAwIBAgIQYFbAC3yUC8RFj9MS7lfBkzANBgkqhkiG9w0BAQQFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA2MDQyMTAxMDc0NVoXDTA3MDQyMTAxMDc0NVow
aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnd3dy5n
b29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/e2Vs8U33fRDk
5NNpNgkB1zKw4rqTozmfwty7eTEI8PVH1Bf6nthocQ9d9SgJAI2WOBP4grPj7MqO
dXMTFWGDfiTnwes16G7NZlyh6peT68r7ifrwSsVLisJp6pUf31M5Z3D88b+Yy4PE
D7BJaTxq6NNmP1vYUJeXsGSGrV6FUQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQQFAAOBgQADlTbBdVY6LD1nHWkhTadmzuWq2rWE0KO3
Ay+7EleYWPOo+EST315QLpU6pQgblgobGoI5x/fUg2U8WiYj1I1cbavhX2h1hda3
FJWnB3SiXaiuDTsGxQ267EwCVWD5bCrSWa64ilSJTgiUmzAv0a2W8YHXdG08+nYc
X/dVk5WRTw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5
EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5
RC4-64-MD5
---
SSL handshake has read 1023 bytes and written 333 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
Session-ID: 709F48E4D567C70A2E49886E4C697CDE
Session-ID-ctx:
Master-Key: 649E68F8CF936E69642286AC40A80F433602E3C36FD288C3
Key-Arg : E8CB6FEB9ECF3033
Start Time: 1156977226
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
closed
These tests usually provide a very in-depth and reliable method for ensuring weak and vulnerable ciphers are not used in order to comply with said audits.
Personally, I prefer the nessus audit scans. Usually the default “free” plugins are enough to complete these types of one-off audits. There are, however, commercial nessus plugins designed just for PCI-DSS compliance audits and are available for purchase from the nessus site.
Related Links:
Detect ARP poisoning on LAN
ARP Poisoning : Potential MITM attack
Occasionally during security audits it may be necessary to check your LAN for rogue machines. All the potential rogue machine in your LAN needs to do is poison your ARP cache so that the cache thinks that the attacker is the router or the destination machine. Then all packets to that machine will go through the rogue machine, and it will be, from the network’s standpoint, between the client and the server, even though technically it’s just sitting next to them. This is actually fairly simple to do, and is also fairly easy to detect as a result.
In this sample case, the rogue machine was in a different room but still on the same subnet. Through simple ARP poisoning it convinced the router that it was our server, and convinced the server that it was the router. It then had an enjoyable time functioning as both a password sniffer and a router for unsupported protocols.
By simply pinging all the local machines (nmap -sP 192.168.1.0/24 will do this quickly) and then checking the ARP table (arp -an) for duplicates, you can detect ARP poisoning quite quickly.
$ arp -an| awk '{print $4}'| sort | uniq -c | grep -v ' 1 '
5 F8:F0:11:15:34:51
88
Then I simply looked at the IP addresses used by that ethernet address in ‘arp -an’ output, ignoring those that were blatantly poisoned (such as the router) and looked up the remaining address in DNS to see which machine it was.
Below is a script I wrote to automate this process (perhaps in a cron job) , and send out an alert email if any ARP poisoning is detected.
ARP Poisoning Check Script
This can ideally run as a cronjob (i.e. 30 * * * *)
#!/bin/sh
# Star Dot Hosting
# detect arp poisoning on LAN
currentmonth=`date "+%Y-%m-%d %H:%M:%S"`
logpath="/var/log"
rm $logpath/arpwatch.log
echo "ARP Poisoning Audit: " $currentmonth >> $logpath/arpwatch.log
echo -e "-----------------------------------------" >> $logpath/arpwatch.log
echo -e >> $logpath/arpwatch.log
arp -an | awk '{print $4}' | sort | uniq -c | grep -v ' 1 '
if [ "$?" -eq 0 ]
then
arp -an | awk '{print $4}' | sort | uniq -c | grep -v ' 1 ' >> $logpath/arpwatch.log 2>&1
cat $logpath/arpwatch.log | mail -s 'Potential ARP Poisoning ALERT!' your@email.com
else
echo -e "No potential ARP poisoning instances found..." >> $logpath/arpwatch.log
fi
Simple!
Related Links:
Monitoring raw traffic on a Juniper Netscreen
Occasionally I will run into situations where the only way to definitively diagnose network related problems is to perform raw traffic dumps on a main internal / external interface.
The reasons for needing to perform this could be anything. I thought I’d share the quick and easy steps to perform in order to do a quick network traffic capture.
Be warned though, that it is easy to overflow the console buffer and subsequently crash your firewall if you don’t narrow the scope of your capture enough.
There exists a command on the juniper netscreen console that works the same way that tcpdump would, called “snoop”.
To view the current snoop settings :
snoop info
To monitor all traffic from a particular ip address going to a particular port :
snoop filter ip src-ip x.x.x.x dst-port 23
To monitor all traffic on the network going to a particular ip address :
snoop filter ip dst-ip x.x.x.x
The above commands only SET the filter. You have to turn the filter on and monitor the buffer to actually view the results. Note that you should ensure that the scope of your filters are quite narrow as there is the risk of overflowing the console buffer and crashing the firewall if you are monitoring a wide scope.
To view the filters and turn on snoop :
clear dbuf
snoop
get dbuf stream
Dont forget to clear the filters , dbuf stream and turn off snoop when your done :
snoop off
clear dbuf
snoop filter delete
That’s it!
Related Links:
-
-
You are currently browsing the archives for the Security category.
Security Focus- Vuln: Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability
- Vuln: Microsoft Excel Object Type Confusion Remote Code Execution Vulnerability
- Vuln: Microsoft Excel MDXSET Record Remote Heap Buffer Overflow Vulnerability
- Vuln: RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
- Bugtraq: ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
- Bugtraq: SQL injection vulnerability in wILD CMS
- Bugtraq: IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability
- Bugtraq: [security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands
- More rss feeds from SecurityFocus
- Latest Exploits
- ProdLer <= 2.0 (prodler.class.php sPath) RFI Vulnerability
- BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2
- Joomla com_mytube (user_id) Blind SQL Injection Exploit
- cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit
- Joomla com_jinc (newsid) Blind SQL Injection Vulnerability
- Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities
- Snort < 2.8.5 Unified1 Output Denial of Service Exploit
- CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability
- WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities
- Winplot (.wp2 File) Local Buffer Overflow Exploit
- Digg
- Battlestar Galactica To Get Its Own MMO
- UCI Scientists Develop a Retarded Rolling Video Game?
- How Much Money Are NCAA Players Missing Out On?
- Seatbelt Cutter And Window Smasher For Paranoid Drivers
- Infoporn: Cellphones and the Environment
- Soccer Player Dies In The Most Horrific Fashion Imaginable
- 6 Movie Monsters That Just Wouldn't Work
- Final, glistening Super Street Fighter IV character revealed
- Alignment According to The Big Lebowski [Chart]
- The Dirty Secrets of Beloved Videogame Characters
- Reddit
- I'm from UK; this is the best explanation of American politics I have seen (pic)
- For all you TF2 fans
- This is a photo of a single groove on a vinyl record, magnified by 1000x.
- 10,000 Turn Out In DC To Attack Insurance Co. Profits; Network News Ignores Them
- Owl is confused o.o
- You know what? Fuck Chuck Norris. I don't care if it's his birthday, the dude is an asshole.
- Zero Punctuation: Aliens vs Predator
- If we could transmit a single, 140 character message back to the year 2000, what should it be?
- The Ultimate Male Grooming and Maintenance Guide: The MANual [Infographic] (Compiled from the Reddit Community!)
- { is now "openstache" and } is now "closestache". Take note.
- Slashdot
- LHC Will Be Shut Down In 2011 Because of "Mistake"
- EU Parliament Rejects ACTA In a 663 To 13 Vote
- Study Shows TV Makes Kids Fat, Computers Don't
- Ex-Sun Chief Dishes Dirt On Gates, Jobs
- Professors Banning Laptops In the Lecture Hall
- Rock Band 3 Officially Announced For Holiday 2010
- Linux Takes Over E-Voting In Australian State
- Puzzle In xkcd Book Finally Cracked
- The Value of BASIC As a First Programming Language
- US Considers Some Free Wireless Broadband Service
Twitter
Please wait while my tweets load, Retry
