Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Pillus

Pages: [1] 2
1
Scripting languages / Re: IMDB Movie Scraper
« on: March 01, 2015, 09:19:25 am »
May i come with a quick suggestion, if you are to do anything with torrents for movie titles the much much better choice is to use the YTS API. YTS delivers all the new and cool stuff, all full HD, and everything has subtitles.

YTS > Kickass :3

API For reference:
https://yts.re/api

2
Members introduction / Re: Yet Another Introduction Post
« on: April 09, 2014, 06:47:11 pm »
Looks like your posts do indeed date back to 2011 and here's your old intro: https://evilzone.org/members-introduction/yet-another-introduction-post/

Welcome back!

Wow, didn't even think i had an old intro back then xD thanks man

3
Found it on the Webs / Re: For all yo quitters out there
« on: April 09, 2014, 04:07:12 pm »
Why no love for Rocky? :(

4
Members introduction / Yet Another Introduction Post
« on: April 09, 2014, 03:50:52 pm »
Man, all these introduction posts, been a long time since i'we written one.

Well i'm Pillus, i'm and old guy, was around here since forever ago, and many other places, i'm not really gonna write a lot here, you can find me on irc anytime you want.
As of now i work as a Security Consultant and a Pentester, and i stumbled across EZ again after quite a long time away (hence my profile posts date back to 2010/11 or something.

That's about all i cba to write here, i save up my energy to write high quality posts instead, those are way more usefull.

Peace Out

//Pillus

5
General discussion / Re: Evilzone Booze, Code and lulz jam
« on: April 09, 2014, 03:46:52 pm »
I might be joining in as well, if you can fit Factionwars timezone, it fits mine as well. I'l be hanging around on irc again anyway :)

6
Aaaand here is the nmap NSE script, which makes it even easier :)
http://seclists.org/nmap-dev/2014/q2/att-27/ssl-heartbleed.nse

7
Tutorials / Re: Custom Kernel+Grsec+PaX HOWTO
« on: April 05, 2011, 10:05:32 pm »
huh, not much of a tutorial just read the manual for grsec lol. Same thing...

You go do that then? :) Nothing stopping you from doing that. Everything can be achived with learning and reading documentations, so why do we have tutorials? :P

8
Tutorials / Re: Linux (Web)server security
« on: April 05, 2011, 10:04:14 pm »
Looks really good, which makes me wonder, why aren't there more websites or servers with those configurations?
I mean, service and OS fingerprint is something actually important, if it's so easy to block, why not do it?

Because most people either don't have the skill, or just don't give a damn, and you always have to sacrifice either functionality or security :p

9
Tutorials / Re: Linux (Web)server security
« on: March 31, 2011, 10:54:58 am »
Thanks for the quick answer, I didn't know there were security measures against such scans, always thought nmap was 100% certain to succeed with certain scans.
Tell me when you've tested NULL scans :)

I really need to update this guide, gonna do it later.

No need for me to start up portscan with CSF when we use PSAD in the guide. But as it seems, you CSF also blocks NULL packets.

When not using CSF, just PSAD, we can add this to iptables to fix :)

Code: [Select]
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP # NULL packets

10
Hacking and Security / Re: Portscan/open port(s) - Whats next?
« on: March 31, 2011, 09:44:27 am »
That's why things like ASLR/DEP and PAX was developed :) Not saying you should not think about code flaws because your protected, i mean there is alot more that can be done as well (like RBAC access control) and soo on.

To bad most people don't even know how to add a second layer of security to their systems.

11
Tutorials / Re: Linux (Web)server security
« on: March 31, 2011, 09:42:02 am »
I know it-s not finished, but just to be sure, this won't in any way protect you from FIN,XMAS, NUL scans or so am I right?
After all, when you receive such requests you are forced to send a RST packet.
Just to clarify, there might be an option for it, although I don't think there is.

I know about XMAS and FIN, and CSF will in most times catch those. An XMAS packet (SYN,ACK,RST, FIN,URG,PSH) Should never be on a network anyway and csf automaticly drops those.

When it comes to NUL i don't know (those are the packets without flags right?) That i haven't tested yet, and it's a good question, i will come back after i tested it and add it to the guide if needed.


How about adding mod_security2 and fail2ban for server self support...
I prefer put those 2 in every server...  ;)
And sometimes with shorewall for an easy "coffe"mix...  :P

Fail2ban isn't needed since LFD (that is built into csf) has just the same features and is also intergrated into the firewall, makes it alot easier to follow with logs and automaticly ban rules in the firewall.

Mod_security is on the "todo" list.

And why need 2 firewalls? :P That's like shooting yourself in the foot with a shotgun :)


12
Tutorials / Re: Custom Kernel+Grsec+PaX HOWTO
« on: March 29, 2011, 01:05:28 pm »
For those who doesn't know what the trampoline calls is, i just add this as well, normaly not needed anyway but:

Code: [Select]
There are some programs and libraries that for one reason or another attempt to execute special small code
snippets from non-executable memory pages. Most notable examples are the signal handler return code
generated by the kernel itself and the GCC trampolines.

If you enabled CONFIG_GRKERNSEC_PAX_PAGEEXEC or CONFIG_GRKERNSEC_PAX_SEGMEXEC then such
programs will no longer work under your kernel.

As a remedy you can say Y here and use the 'chpax' or 'paxctl' utilities to enable trampoline emulation for
the affected programs yet still have the protection provided by the non-executable pages.

On parisc and ppc you MUST enable this option and EMUSIGRT as well, otherwise your system will not even boot.

Alternatively you can say N here and use the 'chpax' or 'paxctl' utilities to disable
CONFIG_GRKERNSEC_PAX_PAGEEXEC and CONFIG_GRKERNSEC_PAX_SEGMEXEC for the affected files.

NOTE: enabling this feature *may* open up a loophole in the protection provided by non-executable pages
that an attacker could abuse. Therefore the best solution is to not have any files on your system that would require this option.
 This can be achieved by not using libc5 (which relies on the kernel signal handler return code) and
not using or rewriting programs that make use of the nested function implementation of GCC.
Skilled users can just fix GCC itself so that it implements nested function calls in a way that does not interfere with PaX.

13
Tutorials / Custom Kernel+Grsec+PaX HOWTO
« on: March 29, 2011, 12:51:56 pm »
   
Adding a tutorial from one of the ChaseNET admins, with his permission ofcourse :)


--------

Copyright (c) 2010 Declan Williams.
    Permission is granted to copy, distribute and/or modify this document
    under the terms of the GNU Free Documentation License, Version 1.2
    or any later version published by the Free Software Foundation;
    with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
    A copy of the license is included here http://www.gnu.org/licenses/fdl-1.3.html

Custom Kernel+Grsec+PaX HOWTO

First, draw up hardware lists to make sure you build in all the required support into the kernel.
I recommend disabling LKM to help prevent kernel level rootkits.
I also recommend putting PaX on the highest settings, and enabling the features to stop writing to /proc/kmsg and other areas nasties abuse.
Also, use a hardened toolchain throughout installation of applications on your machine,Though you will have to compile your applications.
 Recommendations: Gentoo Hardened Project.
 
 Recommended Grsecurity settings:
 
Code: [Select]
Security Options ->
   Grsecurity ->
      Security Level (High)
Address Space Protection
[*] Deny writing to /dev/kmem, /dev/mem, and /dev/port //kmem can be used to insert rootkits
[*] Disable Privileged I/O //Enable if you use X11 etc, disable for servers.
[*] Removed addresses from /proc/<pid>/[smaps|maps|stat] //Speaks for itself
[*] Deter exploit bruteforcing //You definitely want this one
[*] Hide kernel symbols //Again, no reason for legit to see this
      Role Based Access Control ->
[ ] Disable RBAC System //This is fantastic, do NOT disable it,use it
[*] Hide kernel processes //No legit reason to see these in production.
        (3) Maximum tries before password lockout
          (3600) Time to wait after max password tries, in seconds //That's an hour, pick as appropriate
Filesystem Protections
[*] Proc restrictions //Proc has lots of useful info, to attackers too.
[*] Restrict /proc to user only //Makes sure the user can only see their own processes, and hids network info(like binded ports(can use to identify daemons to exploit))
[*] Allow special group //Certain GID that can see it all, choose wisely
[*] Additional Restrictions //Adds more restrictions, prevents users from seeing slabinfo and devinfo
[*] Linking Restrictions //Prevents /tmp race condition 'sploits, stops users from following symlinks from other users in world-write+t dirs, useful stuff
[*] FIFO Restrictions //Similar to above except FIFO pipes now, again nice to stop
[*] Runtime Read-only Mount Protection //Adds sysctl option to prevent new rw mounts, remounting rw, write on block devs, CHOOSE IF THIS APPLIES TO YOU
[*] Chroot Jail Restrictions //You want ALL of these, hardens your chroots by defeating common bypass methods completely.
...
      Kernel Auditing ->
          [*] Log execs within chroot //Just in case they're doing the naughty.
[*] Ptrace logging //Shouldn't be done on a production system, useful to attackers, you want to know this
          [*] /proc/<pid>/ipaddr support //Tells you the IP the process was executed by, again useful to know
[*] Denied RWX MMAP/MPROT logging //Tells you if something tripped PAX_MPROTECT
Executable Protections
[*] Enforce RLIMIT_NPROC on execs //If the user is limited, it'll be checked also during execve(), usually it's just fork()
[*] DMESG Restrictions //Stops non-super reading the last 4kb of messages in the kernel buffer.
[*] Deter ptrace-based process snooping //Monitoring tools that use ptrace will be mitigated if they try to do it to an already running process
[*] Trusted Path Execution(TPE) //Good stuff, can stop users running stuff in their own directories etc depending on the following selections
[ ] Partially restrict all non-root //Doesn't usually apply, check first if you prefer that option.
[*] Invert GID option //Now it applies to everyone except given GID, choose wisely
      Network Protections ->
[*] Larger entropy pools //Makes things more random and therefore decreases predictability(very important in network security)
[*] TCP/UDP blackhole and LAST_ACK DoS prevention //Prevents resets and destination-unreachable being sent back to unbinded ports.
          [*] Socket restrictions ->
            [*] Deny any sockets to group ->
               [no-net GID] GID to deny all sockets for

Recommended PaX settings:
 
Code: [Select]
Security options ->
   PaX ->
      Non-executable pages ->
         [ ] Emulate trampolines //can break shit, but also poses a risk if enabled.
         [*] Disallow ELF text relocations
      Miscellaneous hardening features ->
         [*] Sanitize all freed memory //Erases pages when not used, stops sensitive info remaining in memory long enough to be stolen

From there, you will also want to remove the /dev/kmem device in character devices, remove any functionality and drivers you do not need, then go into kernel hacking and remove all debugging options available.
 
 
 Make sure you have kernel.org's public key:
 
Code: [Select]
% gpg --keyserver wwwkeys.pgp.net --recv-keys 0x517D0F0E
% wget http://www.grsecurity.net/spender-gpg-key.asc
% gpg --import spender-gpg-key.asc

 Download latest release(bz2+bz2.sign files):
 
Code: [Select]
% lynx http://www.kernel.org/pub/linux/kernel/v2.6/
% gpg --verify linux-2.6.*.bz2.sign linux-2.6.*.bz2
% tar xvjpf ./linux-2.6.*

 Move the folder:
 
Code: [Select]
% sudo mv -R ./linux-2.6.*/ /usr/src/
 Create new Symlink:
 
Code: [Select]
% sudo ln -s /usr/src/linux-2.6.<version here>/ /usr/src/linux
 Get the grsec patch and sign for your kernel:
 
Code: [Select]
% lynx http://grsecurity.net/download.php
 Verify the patch:
 
Code: [Select]
% gpg --verify ./grsecurity*.patch.sig ./grsecurity*.patch
 Move the patch:
 
Code: [Select]
% sudo mv ./grsecurity*.patch /usr/src/linux
 Change dir:
 
Code: [Select]
% cd /usr/src/linux
 Patch the kernel:
 
Code: [Select]
% patch -p1<./grsecurity*.patch
 Escalate privs:
 
Code: [Select]
% sudo -i

You're going to want to harden your flags for this.
Code: [Select]
$ export CFLAGS="-O2 -pipe -fomit-frame-pointer -DFORTIFY_SOURCE_2 -fstack-protector -fPIE -fPIC"
$ export CXXFLAGS="${CFLAGS}"
$ export LDFLAGS="-z relro -pie"

 Make the config file:
 Ncurses:
 
Code: [Select]
$ make menuconfig
 GTK:
 
Code: [Select]
$ make gconfig
 QT:
 
Code: [Select]
$ make xconfig
 After doing so, and saving, make the kernel:
 
Code: [Select]
$ make
 If using lkm, then make the modules:
 
Code: [Select]
$ make modules_install
 Then install the kernel:
 
Code: [Select]
$ make install
 Modify your GRUB configuration as required:
 
Code: [Select]
$ vi /boot/grub/menu.lst
 Reboot
 
Code: [Select]
$ reboot
 If all is well, download gradm and the .sig, else repeat the steps previously shown from menuconfig onwards.
 
Code: [Select]
% lynx http://grsecurity.net/test.php
% gpg --verify ./gradm*.gz.sig ./gradm*.gz
% tar xvf ./gradm*.gz

 Then we make it:
 
Code: [Select]
% cd ./gradm2
% make
% sudo make install

 Then download paxutils:
 
Code: [Select]
% wget http://mirror.bytemark.co.uk/gentoo/distfiles/pax-utils-0.2.tar.bz2
% tar xvjpf ./pax-utils*.bz2
% cd ./pax-utils*/
% make
% sudo make install

 Then we cleanup
 
Code: [Select]
% cd ../
% rm -rf ./gradm2/
% rm -rf ./pax-utils*/
% rm -rf ./linux-2.6*/
% rm ./grsec*
% rm ./gradm*
% rm ./linux-2.6.*
% rm ./pax-utils*.bz2
% cd /usr/src/linux
% sudo make clean
% cd

From here it's recommended to make sure all your userland is compiled with the hardened flags and stripped of all debugging information etc,
and that you set up RBAC using the links below.

To check for any badly compilec processes(no RELRO, stack canary etc), then check out this brilliant script http://tk-blog.blogspot.com/2009/02/checksec.html
 
 All done, for further resources in regards to PAX, GRSecurity etc, checkout the gentoo hardened project:
 http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
 http://www.gentoo.org/proj/en/hardened/grsecurity.xml
 
 Hope this has been somewhat useful, la revedere.
 Canis.
-------


14
Hacking and Security / Re: MySQL.com hacked via... SQL injection vuln
« on: March 29, 2011, 10:55:33 am »
Oh i smell thy irony! >_<

15
Feedback / Re: What would you like to see?
« on: March 28, 2011, 05:05:12 pm »
Just post a new comment once done, something like "Updated.". But such a button could be an idea.

I smell misuse off that button :p like pressing Update all the time :)

Pages: [1] 2


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.