Questions tagged [exploit]
A sequence of commands or configuration data which can predictably utilize a vulnerability of a system.
67 questions
69 votes
8 answers
15k views
A previous IT worker probably left some backdoors. How can I eliminate them? [duplicate]
I started working for a company that fired a previous IT worker for leaking data. I can only say the following things: We use a Firebird DB with an application written by another company, Proxmox, ...
- 729
16 votes
4 answers
23k views
How do I patch RHEL 4 for the bash vulnerabilities in CVE-2014-6271 and CVE-2014-7169?
A mechanism for remote code execution through Bash has been widely reported yesterday and today (September 24, 2014.) http://seclists.org/oss-sec/2014/q3/650 Reported as CVE-2014-7169 or CVE-2014-6271 ...
- 273
14 votes
9 answers
9k views
SSH server zero-day exploit - Suggestions to protect ourselves
According to the Internet Storm Center, there seems to be a SSH zero-day exploit out there. There is some proof of concept code in here and some reference: http://secer.org/hacktools/0day-openssh-...
- 2,887
10 votes
1 answer
13k views
How to check if my Supermicro IPMI is compromised with plaintext admin password over the web?
I've some Supermicro servers with IPMI running, and as described in this blog (http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras) there's a critical vulnerability to ...
- 5,890
7 votes
4 answers
429 views
Could/Should you be held liable for server vulnerabilities? [closed]
Is there precedent in North America or elsewhere where a server administrator was held accountable for leaving a server vulnerable? For example, if there is a known exploit in IIS - Microsoft issue ...
- 71
7 votes
1 answer
3k views
Safest ciphers to use with the BEAST? (TLS 1.0 exploit) I've read that RC4 is immune
Now that the BEAST is public knowledge, TLS 1.0 is NOT safe to use (nor is SSL 3.0). I have seen reports that the RC4 cipher is unaffected (and is widely supported). Is that true? I know that TLS 1.1 ...
- 1,972
6 votes
8 answers
2k views
(200 ok) ACCEPTED - Is this a hacking attempt?
I assume this is some type of hacking attempt. I've try to Google it but all I get are sites that look like they have been exploited already. I'm seeing requests to one of my pages that looks like ...
- 337
5 votes
8 answers
958 views
Identifying changed files on *nix webserver
Looking for some (*nix) software which will build an index of "interesting" files on a server and notify when certain of those files contents are modified, or new files appear. Similar to rkhunter et ...
- 165
5 votes
2 answers
104 views
Find out unfixed exploits count based on application version
In our enviroment we are often required to run old outdated versions of different applications, and im wondering about the security implications on that. So im hoping there is a site that basicly ...
- 535
5 votes
3 answers
1k views
Weird set of shell commands in root's .bash_history
I have probably just detected that a user on a server of mine has rooted my server, but that's not what I'm asking. Has anyone ever seen command like these: echo _EoT_0.249348813417008_; id; echo ...
- 593
4 votes
4 answers
2k views
my server was rooted via h00lyshit exploit, any good advice?
So yesterday I found out that my server was rooted via the h00lyshit exploit. So far I deleted all the files that might be asociated with the exploit. I also deleted all the ssh keys in ~/.ssh/...
- 193
4 votes
1 answer
8k views
Apache - disable range requests - disadvantages?
As there is a working exploit against Apache's byte range implementation (CVE-2011-3192, see here), I'd like to disable it until official patches are shipped with my distros (Debian, Ubuntu). The ...
- 301
4 votes
2 answers
380 views
Is my Exim vulnerable to the recent remote exploit (CVE-2011-1764)?
CentOS using yum to update Exim. Exim is configured to not allow remote connections using the local_interfaces config option. My old version was 4.63-5.el5_5.2 and after using: yum update exim it ...
- 241
3 votes
5 answers
291 views
Scanning website for vulnerablities
I have found that the local school's website installed a Perl Calendar - this was years ago, it has not been used for ages, but Google has it indexed (which is how I found it) and it full of Viagra ...
- 187
3 votes
2 answers
8k views
Yum reports updated bash but binary still reports old version
I'm trying to update a CentOS 5 system in order to patch the bash vulnerability described in CVE-2014-6271 / RHSA-2014:1293-1, but am running into an issue. After seemingly-successfully updating bash ...
- 326
3 votes
2 answers
1k views
Securing Webservers
I was reading an article about a recent website (astalavista.com) that was hacked. The perpetrator wrote down how he did it: http://pastebin.com/f751e9f5b What can we learn from this to better secure ...
- 1,775
3 votes
2 answers
3k views
Giving other users write access to apache logs can result in root exploit - How does this work?
On http://httpd.apache.org/docs/2.2/logs.html Anyone who can write to the directory where Apache is writing a log file can almost certainly gain access to the uid that the server is started as, ...
3 votes
1 answer
984 views
What is a reverse proxy exploit?
On this question I found this particular part of code in an Apache configuration file: # rewrite rule to prevent proxy exploit RewriteCond %{REQUEST_URI} !^$ RewriteCond %{REQUEST_URI} !^/ ...
- 181
3 votes
1 answer
439 views
Mmio stale data patched on hypervisor but vulnerable inside kvm guest
My hypervisor tells me that Mmio stale data is patched: Vulnerability Mmio stale data: Mitigation; Clear CPU buffers; SMT disabled But when I check inside my kvm running linux 6.1.0-12-amd64, I ...
- 141
2 votes
2 answers
435 views
Is there any risks by using cat to read a value from a untrusted file
I need to get a variable value by reading from user uploaded text file. I am doing from a system's script: resourceVersion=`cat userFile.txt` mkdir $resourceVersion ... Can the content of this file ...
- 115
2 votes
4 answers
661 views
Website attacked with a hidden iframe (q5x.ru)
A website of mine has recently been infected with some sort of attack that involved injecting a hidden iframe, and it's source was from a site q5x.ru (do not link). A Google search didn't help me in ...
- 195
2 votes
1 answer
3k views
What is the EGG environment variable?
A user on our (openSuSE) linux systems attempted to run sudo, and triggered an alert. He has the environment variable EGG set - EGG=UH211åH1ÒH»ÿ/bin/shHÁSH211çH1ÀPWH211æ°;^O^Ej^A_j<X^O^EÉÃÿ This ...
- 337
2 votes
2 answers
2k views
How to protect my server from CVE-2019-10149 - Exim - patched or unpatched - How to reject mail to RCPT ${run
In reference to the recently publicized Exim vulnerability CVE-2019-10149, I am running supposedly patched Exim v. 4.90_1 (built June 4th, 2019) on Ubuntu 18.04.2 LTS. Although it is supposedly ...
- 281
2 votes
1 answer
154 views
DSquery on AD share leaking company infomation
Today i found DSquery on one of my smb shares at work. I ran it to query users and since my company uses IC numbers as the unique CN, i got to see all my colleagues ICs which is a breach of personal ...
- 121
2 votes
1 answer
974 views
what server functions are affected by the GHOST vulnerability? [closed]
CVE-2015-0235, aka "GHOST", is a buffer overflow in glibc. It specifically affects the gethostbyname functions, which are apparently obsolete but still in use. Obviously the best option is to update ...
- 161
2 votes
2 answers
1k views
Simple working example of a Man-in-the-Middle attack?
I'm trying to research and patch a TLS renegotiation exploit which makes a website vulnerable to Man-in-the-Middle attacks. However, I don't understand how the attack occurs exactly and feel like a ...
- 23
2 votes
1 answer
245 views
Linux 64b dangerous kernel exploit
Many of you know the recent and dangerous kernel exploit CVE-2010-3081. See /. What is the actual risk for a server? Do we have to patch urgently all systems? Or, since it seems only a local user ...
- 5,788
2 votes
1 answer
317 views
What is this possible Apache exploit, and am I affected?
I had this warning in my daily logwatch digest this morning: A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings ...
- 345
2 votes
2 answers
3k views
What happens if you have user collisions between a Linux system and an LDAP server?
I have an (Open)LDAP Server running on a Debian system inside my LAN, and multiple systems running Linux Mint, configured as LDAP Clients. Here is the content of my /etc/nsswitch.conf: passwd: ...
2 votes
1 answer
558 views
What sort of attack URL is this?
I set up a website with my own custom PHP code. It appears that people from places like Ukraine are trying to hack it. They're trying a bunch of odd accesses, seemingly to detect what PHP files I've ...
- 41
2 votes
1 answer
4k views
Applying memory limits to screen sessions
You can set memory usage limits for standard Linux applications in: /etc/security/limits.conf Unfortunately, I previously thought these limits only apply to user applications and not system services. ...
- 149
2 votes
1 answer
926 views
Samba - Is my server vulnerable to CVE-2008-1105?
I have a CentOS server that is running Samba and I want to verify the vulnerability addressed by CVE-2008-1105. What scenarios can I build in order to run the exploit that is mentioned in http://...
- 251
2 votes
2 answers
612 views
Exploit in translators.html of phpMyAdmin
Is there an exploit in the translators.html file of phpMyAdmin? The reason I ask is I have Bad Behavior installed on a server, and that server has a web app that the main index.php ends up handling ...
- 23
1 vote
3 answers
575 views
What exploit is this?
Our company site just went live and the very first entry in access.log looks like a tentative exploit :) Any idea on which one it could be? Here's the relevant line: 79.168.7.121 - - [28/Jan/2011:13:...
- 1,689
1 vote
2 answers
4k views
CentOS Vulnerabilities - Exploits/Payloads
I'm doing an academic work where I have to find vulnerabilities in CentOS and show how to take advantage of those same vulnerabilities. I'm no hacker and I'm finding this task to be of great ...
- 251
1 vote
2 answers
3k views
Ubuntu Server hack
I looked at netstat and I noticed that someone besides me is connected to the server by ssh. I looked after this because my user has the only one ssh access. I found this in an ftp user .bash_history ...
haxpanel
1 vote
1 answer
731 views
Plesk Qmail Queue Exploding From Possible Webform Attack
The qmail queue on my server (running Plesk on CentOS 5.2) balloons up to 120,000+ messages in the queue overnight. The messages in the queue are obviously spam. I've cleared them out over the last ...
- 163
1 vote
1 answer
1k views
CVE-2021-26855 exploited. Patched and running MSERT. What else can I do?
I'm running the Exchange server exploit checks recommended by Microsoft here: [MS Security Response Center - OnPremise Exchange Server Vulnerabilities Resource Center - updated March 16, 2021]2 ...
- 11
1 vote
0 answers
47 views
netstats shows my own server is hitting a server its not supposed to know about
On AWS I have a few dedicated servers that do image processing, and they seem to get high traffic and fail. When running netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n I ...
- 1,561
1 vote
0 answers
1k views
Understanding & Resolving Web Server Exploits
We recently had someone contact our company pointing out that we had numerous security threats that could be used to exploit our systems. They were nice enough to provide a list of these to which we ...
- 670
1 vote
1 answer
1k views
MySQL root password changed by someone or app self [duplicate]
I have a server that is accessible to the public, but i've been 3 times I was in the locker MySQL root password by someone else, who knows the password that's only me. I've checked on the server disk ...
user139209
1 vote
1 answer
862 views
exploit.so dmesg errors
A server (which has since been pulled offline and is scheduled to be wiped) was compromised through ssh brute force. No root/su/sudo access was gained but I started observing these errors (pasted ...
- 13
0 votes
1 answer
171 views
Protect against silent1.pl Perl Script
I operate a small shared hosting area. While I notice that people are unable/struggle to exploit with PHP I have found a small minority of people using Perl in order to obtain server information. So, ...
- 1,289
0 votes
1 answer
69 views
OpenSSL certificates
Since the recent surfacing of the heartbleed exploit, I have become curious as to how long openssl certificates are usually kept before they are regenerated? Is it days, weeks, months, years? I can't ...
- 1
0 votes
1 answer
134 views
Has my Apache server been exploited?
I recently got the following in my server logs: 70.190.xxx.xx - - [26/Sep/2010:19:03:17 -0500] "\xdcm5\xa1\x1a\xec\xa2\x7f\xc2\xab\x83<\xb5\xa3h\xb1^B\x88\x19K\xa5C\xcf\x15\x1a\xc1\x84\xe4\x8a]c\...
Jack
0 votes
1 answer
65 views
Is it common to be constantly harassed by hackers?
I have recently become the proud operator of a server that runs wordpress and other software. Today I took a closer look at the log files to see what's going on on my server. Actually, I just wanted ...
- 3
0 votes
1 answer
1k views
How to prevent DOS attack on xmlrpc.php
We've been having trouble recently with a DOS attack on our main website, which is run using Apache httpd 2.2.9 and Drupal 6.35. The attack is a post to Dupal's xmlrpc.php, which is a known exploit ...
- 194
0 votes
1 answer
2k views
Exploit PHP File Found in /tmp directory [duplicate]
I have been alerted to by our system that a PHP shell has been found in the /tmp directory. Firstly - I would like to know how it could have got here and why it would be here - is there any way PHP ...
- 1,289
0 votes
1 answer
2k views
Windows Task Scheduler Security Issue [closed]
Using the Windows Task Scheduler allows non-administrator users to gain access to administrative rights. Normally, Windows prevents execute applications which need to have more rights. A message ...
- 183
0 votes
2 answers
91 views
images security
How I can check all my images on server, they don't prepared with maulicious code ? I mean for example Gif PHP exploits and so on...
- 329