search for: pwned

...Vulnerability Details : First I shared in the Rsync folder to write the following documents [root at pentest rsync]# ls -lh total 8.0K -rw-r--r-- 1 root root 2 Oct 31 03:16 1.txt drwxr-xr-x 2 root root 4.0K Oct 31 05:17 truedir [root at pentest rsync]# cd truedir/ [root at pentest truedir]# ls pwned [root at pentest truedir]# cat pwned rsync test [root at pentest truedir]# Next I modify the server to send the file code,in the process of synchronizing,the path of file "pwned" can be blocked and changed into any path . file: flist.c line:394 static void send_file_entry(int f, co...

...e directed to the root directory . [root at pentest rsync]# ls -lh total 8.0K -rw-r--r-- 1 root root 2 Oct 31 03:16 1.txt lrwxrwxrwx 1 root root 6 Oct 31 05:09 fakedir -> /root/ drwxr-xr-x 2 root root 4.0K Oct 31 05:08 truedir Then enter the truedir folder, create a new file name "pwned". [root at pentest rsync]# cd truedir/ [root at pentest truedir]# ls [root at pentest truedir]# echo rsync test > pwned [root at pentest truedir]# ls -lh total 4.0K -rw-r--r-- 1 root root 11 Oct 31 05:17 pwned [root at pentest truedir]# Next I modify the server to send the file code,...

On 07/25/2015 11:45 AM, Jake Shipton wrote: > I think a better solution to suite both worlds would be to simply have a > boot flag on the installation media such as maybe > "passwordcheck=true/false" https://xkcd.com/1172/ It's practically a law that every time someone's workflow is broken, they request an option to change it. Personally, I'm against it. Putting

...nformation on why it sucks, c. the option to change it or continue anyway. > I don?t see why we can?t take some responsibility for this mess and try to build up some herd immunity. Because there is no such thing when it comes to computers. Computers with strong passphrases still sometimes get pwned, and at a much higher rate than vaccines not working. Please stop with this hideously bad analogy. Computers with NO passwords are often not ever getting pwned for their entire lifetime, and those computers, a.k.a. mobile devices, are used in public spaces, on public wifi, on public networks. Anyon...

...fully started s6-rc: info: service legacy-cont-init: starting cont-init: info: running /etc/cont-init.d/nut.sh [17:19:13] INFO: Setting mode to netserver... [17:19:13] INFO: Generating /etc/nut/upsd.users... [17:19:14] INFO: Configuring user: Raul [17:19:17] INFO: Password is NOT in the Have I Been Pwned database! Nice! [17:19:20] INFO: Configuring Device named EPYC... [17:19:21] INFO: Starting the UPS drivers... HIDParse: LogMax is less than LogMin. Vendor HID report descriptor may be incorrect; interpreting LogMax -1 as 65535 in ReportID: 0x0f Network UPS Tools - Generic HID driver 0.47 (2.8.0) H...

...not zero. As an example, I found and downloaded a spec sheet several years back for a ADVA FSP-II upstream equivalent to the Cisco Metro 1500 wavelength division multiplex platform. This PDF had an embedded Javascript exploit (yes, Adobe Reader does do Javascript) and that Windows machine was pwned in short order (and the user I was running as was not an administrator equivalent). I suspect that using Adobe Reader on CentOS could be just as dangerous (in terms of user data exfiltration and/or payload delivery for crypto-ransomware). Privilege escalation is not required for much mischief...

...hed password, and since a hashed password can't be checked, > it can't be rejected. Thus, any decision FESCO makes won't affect me at > all. One thing that people don't understand or don't want to address is that most KNOWN instances of a Linux machine being hacked/owned/pwned/taken over (substitute your word here) and then rooted happen because of weak passwords. It is certainly one's own right (at least in my country) to be completely and utterly stupid with your decision making ... but if you have any paying clients who have information on any machines you manage...

I''ve got my app running under cgi, but I keep getting pwned by fcgi. - app is installed at www.mydomain.com - web root is www.mydomain.com/public (this works w/ regular cgi) - /public has correct permissions - .htaccess: rewrite rule changed to use .fcgi - shebang on dispatch.fcgi and dispatch.rb is set to #!/usr/bin/ruby1.8 (also tried just ruby) -enviro...

Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself? -- *** E-Mail is NOT a SECURE channel *** James

Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself? -- *** E-Mail is NOT a SECURE channel *** James

...ne Synchronization based on KVM 12:00 12:30 Managing Resources on Over-committed Virtualization Hosts 12:30 13:30 - lunch - 13:30 14:00 A Walkthrough on some recent KVM performance improvements 14:00 14:30 Examing KVM as Nested Virtualization Friendly Guest 14:30 15:00 PCI direct device assignment: pwned! all your devices are belong to guest 15:00 15:30 - break - 15:30 16:00 Performance and Scalability of Server Consolidation using KVM 16:00 16:15 WinKVM: Windows kernel-based Virtual Machine 16:15 16:30 Nahanni: Inter-VM Shared Memory 16:30 16:45 Asynchronous Page Faults: AIX did it. 16:45 17:00 PC...

...ne Synchronization based on KVM 12:00 12:30 Managing Resources on Over-committed Virtualization Hosts 12:30 13:30 - lunch - 13:30 14:00 A Walkthrough on some recent KVM performance improvements 14:00 14:30 Examing KVM as Nested Virtualization Friendly Guest 14:30 15:00 PCI direct device assignment: pwned! all your devices are belong to guest 15:00 15:30 - break - 15:30 16:00 Performance and Scalability of Server Consolidation using KVM 16:00 16:15 WinKVM: Windows kernel-based Virtual Machine 16:15 16:30 Nahanni: Inter-VM Shared Memory 16:30 16:45 Asynchronous Page Faults: AIX did it. 16:45 17:00 PC...

...he vast majority of CentOS installs are racked up in datacenters, VPS hosts, etc. I am further assuming that most of those either have a public IP, or are SSH-accessible once you get past a LAN/WAN border firewall. A border gateway doesn?t help you with weak SSH passwords if a box on the LAN gets pwned and turned into an SSH password guesser. The effort to get stronger password minima into Fedora goes back at least four years: https://fedoraproject.org/wiki/Features/PasswordQualityChecking If it?s finally time to get it into Fedora, it?s *long* past time to get it into RHEL/CentOS, since tho...

On Wed, Jul 29, 2015 at 2:15 PM, Warren Young <wyml at etr-usa.com> wrote: > Just because one particular method of prophylaxis fails to protect against all threats doesn?t mean we should stop using it, or increase its strength. Actually it does.There is no more obvious head butting than with strong passwords vs usability. Strong login passwords and usability are diametrically opposed.

....d] 01-log-level.sh: executing... [cont-init.d] 01-log-level.sh: exited 0. [cont-init.d] nut.sh: executing... [09:06:37] INFO: Setting mode to netserver... [09:06:37] INFO: Generating /etc/nut/upsd.users... [09:06:37] INFO: Configuring user: nutty [09:06:38] INFO: Password is NOT in the Have I Been Pwned database! Nice! [09:06:39] INFO: Configuring Device named myups... [09:06:39] INFO: Starting the UPS drivers... Network UPS Tools - UPS driver controller 3.8.0-3396-gcdc7c4b5b1 Network UPS Tools - Generic HID driver 0.41 (3.8.0-3396-gcdc7c4b5b1) This TrippLite device (09ae:3024) is not (or perhaps...

On 1/9/19 10:24 AM, Akshar Kanak wrote: > Dear team > ? ? I am running a centos guest VM? which freezes for every few days . > The qemu-kvm on? shows 100% cpu utilization. > ? ? Ping to the guest might work or may not work .Please can you tell > me what approach can i take to debug it . > ? ? using "virsh dump" I can dump the core of the? guest vm but I am > not

...lly started s6-rc: info: service legacy-cont-init: starting cont-init: info: running /etc/cont-init.d/nut.sh [09:48:20] INFO: Setting mode to netserver... [09:48:20] INFO: Generating /etc/nut/upsd.users... [09:48:21] INFO: Configuring user: volber [09:48:21] INFO: Password is NOT in the Have I Been Pwned database! Nice! [09:48:23] INFO: Configuring Device named myups... [09:48:23] INFO: Starting the UPS drivers... This Ever device (0483:5740) is not (or perhaps not yet) supported by usbhid-ups. Please make sure you have an up-to-date version of NUT. If this does not fix the problem, try running the...

> On Jul 28, 2015, at 11:27, Warren Young <wyml at etr-usa.com> wrote: > > On Jul 25, 2015, at 6:22 PM, Bob Marcan wrote: >> >> 1FuckingPrettyRose >> "Sorry, you must use no fewer than 20 total characters." >> 1FuckingPrettyRoseShovedUpYourAssIfYouDon'tGiveMeAccessRightFuckingNow! >> "Sorry, you cannot use punctuation."

...a/Red Hat want to start turning it on by default, too, that?s great. > Equating this to ?vaccination? is a huge stretch. Why? If you are unvaccinated and catch some preventable communicable disease, you begin spreading it around, infecting others. This is exactly analogous to a box getting pwned, joining a botnet, and attempting to pwn other boxes. When almost everyone is vaccinated, you get an effect called herd immunity, which means that even those few who cannot be vaccinated for some valid medical reason are highly unlikely to ever contract the disease because it cannot spread properl...

On Tue, Jan 26, 2016 at 11:51:29AM +0000, Peter Duffy wrote: > I'm also still trying to figure out in what way systemd is supposed to > be "better". I've seen the following things claimed for it: Of the three things you list, hot-plug is certainly an important one. But, it's not the big deal. The big deal is that systemd is not just a fire-and-hope startup system, but