05 Jun

Exploit Pack: Pentesting-Tool


ExploitPack kommt mit einer übersichtlichen Benutzeroberfläche und bietet derzeit ca. 300 Exploits
Mit ExploitPack ist es möglich Systeme auf Sicherheitslücken zu untersuchen und in diese einzudringen.
Es stehen ca. 300 Exploits für Windows, Linux und Mac OS X zur Verfügung.
Und natürlich ist es möglich eigene Angriffs Module dafür zu entwerfen.

Noch kein Ersatz für Metasploit, jedoch sehr vielversprechend.
Platform: Linux, Windows, OS X – min. Java8 – GPLv3
Url: exploitpack.com

03 Jun

OWASP Zed Attack Proxy (ZAP)

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

With its automated scanner and powerful REST API, ZAP fits seamlessly into your continuous integration environment, allowing you to automate the finding of common issues while you’re still in development.

Source: OWASP

03 Jun

How to Fix iPhone / iPad / AppleWatch Crash Text Message Bug

iPhone´s and Apple Watches are vulnerable to get crashed when the phone receives a special crafted string of characters via text message, snapchat, and twitter.

Here’s a three-step process to combat the issue:

You can do this simple workaround in the meantime before Apple patches the bug in order to open your Messages app:

1. Ask Siri to „read unread messages.“
2. Use Siri to reply to the malicious message. After you reply, you’ll be able to open Messages again.
3. If the issue continues, tap and hold the malicious message, tap More, and delete the message from the thread.

Following these simple steps would let you successfully access your Messages again. However, this procedure will provide only a temporary fix for the iPhone crash text bug.

03 Jun

OMD – checkmk: CentOS – Repo based Installation

omd installation centos 6.4:

# install centos 6.4 and update
installation centos 6.4
yum update
yum upgrade

#install vmware tools
cd /
mkdir data
cd data/
cp /media/VMware\ Tools/VMwareTools-xxxxx.tar.gz ./
ls
tar -xvzf VMwareTools-xxxxx.tar.gz
rm VMwareTools-xxxx.tar.gz
cd vmware-tools-distrib/
./vmware-install.pl

shutdown -r now

#add omd repo
wget -O – http://labs.consol.de/OMD/rh6/stable/consol-labs.repo > /etc/yum.repos.d/omd.repo
yum search omd-

#add rpmforge repo
rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -K rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -i rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

#install fping
yum install fping

#install and enable repo priorities:
yum install yum-priorities -y
cat /etc/yum/pluginconf.d/priorities.conf

[main]
enabled = 1

#change repo priorities
vim /etc/yum.repos.d/CentOS-Base.repo

[root@nagios agents]# cat /etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever – Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
priority=1

#released updates
[updates]
name=CentOS-$releasever – Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
priority=1

#additional packages that may be useful
[extras]
name=CentOS-$releasever – Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
priority=1

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever – Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
priority=2

#contrib – packages by Centos Users
[contrib]
name=CentOS-$releasever – Contrib
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
priority=2

#install epel repo:

wget http://mirror.de.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm
rpm –import https://fedoraproject.org/static/0608B895.txt
rpm -i epel-release-6-8.noarch.rpm

# change epel repo priorities to 10
vim /etc/yum.repos.d/epel.repo

[root@nagios agents]# cat /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 6 – $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
priority=10

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 – $basearch – Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
priority=10

[epel-source]
name=Extra Packages for Enterprise Linux 6 – $basearch – Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
priority=10

#install omd
yum install omd-1.00.x86_64

03 Jun

Alfresco Community: 5.x Complete HowTo Installation Guide

Complete Alfresco Community 5.x HowTo Installation on Debian 7 including MySQL, SSL, Sharepoint SSL, CIFS Config, Data Import and User Import

Hardware suggestion: i tested with 250GB Files (Office Files, Pictures, Movies, …)
24GB+ 16GB is not enough your machine will swap
QuadCore CPU (8cores – 4 physical and 4 hyperthreading) i7

1.dns, reverse dns or host settings need to be done FIRST
2.download alfresco community edition and make it executeable
Download Alfreco from http://www.alfresco.com/products/community
chmod +x alfresco-community-5.0.c-installer-linux-x64.bin

3.download mysql connector from http://dev.mysql.com/downloads/connector/j/
(platform independet mysql-connector-java-5.1.34.tar.gz) you do NOT need a free oracle web account
just click no thanks just start my download
or use wget:
http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.34.tar.gz
unpack the driver:
tar -xvzf mysql-connector-java-5.1.34.tar.gz
3. install LIBS
Different Libs for image support (ImageMagick), SWFTools (Flash), etc

aptitude install mysql-server mysql-client ImageMagick GhostScript smbclient libjpeg62 libgif4 ffmpeg
(set mysql root) **YOURPASSWORD**
aptitude install libart-2.0-2
aptitude install swftools
4. Libre Office
aptitude install libreoffice
aptitude install install ttf-mscorefonts-installer fonts-droid
5. make sure u have smtp and imap server rdy and access to it.
6. MySQL
Prepare Database.
Connect to ur local mysql server:
mysql –host=localhost –user=root –password

Create the database and grant access:
CREATE DATABASE alfresco CHARACTER SET utf8 COLLATE utf8_bin;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX on alfresco .* to alfresco@localhost identified by ‚**YOURPASSWORD**‘;
quit
7. Alfresco installation **Atention** do not directly start alfresco at the end of the instalation“
./alfresco-community-5.0.c-installer-linux-x64.bin

Language Selection
Please select the installation language
[1] English – English
[2] French – Français
[3] Spanish – Español
[4] Italian – Italiano
[5] German – Deutsch
[6] Japanese – ???
[7] Dutch – Nederlands
[8] Russian – ???????
[9] Simplified Chinese – ????
[10] Norwegian – Norsk bokmål
[11] Brazilian Portuguese – Português Brasileiro
Please choose an option [1] : 1
—————————————————————————-
Welcome to the Alfresco Community Setup Wizard.
—————————————————————————-
Installation Type
[1] Easy – Installs servers with the default configuration
[2] Advanced – Configures server ports and service properties.: Also choose optional components to install.
Please choose an option [1] : 2
—————————————————————————-
Select the components you want to install; clear the components you do not want
to install. Click Next when you are ready to continue.
Java [Y/n] :
PostgreSQL [Y/n] :n
Alfresco : Y (Cannot be edited)
Solr1 [y/N] :
Solr4 [Y/n] :
SharePoint [Y/n] :
Web Quick Start [y/N] :
Google Docs Integration [Y/n] :
LibreOffice [Y/n] :
Is the selection above correct? [Y/n]:

—————————————————————————-
Installation Folder
Please choose a folder to install Alfresco Community
Select a folder [/opt/alfresco-5.0.c]: /opt/alfresco
—————————————————————————-
Database Configuration
JDBC URL: [jdbc:postgresql://localhost/alfresco]: jdbc:mysql://localhost/alfresco
JDBC Driver: [org.postgresql.Driver]: com.mysql.jdbc.Driver
Database name: [alfresco]:
Username: []: alfresco
Password: :
Verify: :
—————————————————————————-
Tomcat Port Configuration
Please enter the Tomcat configuration parameters you wish to use.
Web Server domain: [127.0.0.1]:
Tomcat Server Port: [8080]:
Tomcat Shutdown Port: [8005]:
Tomcat SSL Port [8443]:
Tomcat AJP Port: [8009]:
—————————————————————————-
Alfresco FTP Port
Please choose a port number to use for the integrated Alfresco FTP server.
Port: [21]:
—————————————————————————-
Alfresco RMI Port
Please choose a port number for Alfresco to use to execute remote commands.
Port: [50500]:
—————————————————————————-
Admin Password
Please give a password to use for the Alfresco administrator account.
Admin Password: :
Repeat Password: :
—————————————————————————-
Alfresco SharePoint Port
Please choose a port number for the SharePoint protocol.
Port: [7070]:
—————————————————————————-
Install as a service
You can optionally register Alfresco Community as a service. This way it will
automatically be started every time the machine is started.
Install Alfresco Community as a service? [Y/n]:
—————————————————————————-
LibreOffice Server Port
Please enter the port that the Libreoffice Server will listen to by default.
LibreOffice Server Port [8100]:

—————————————————————————-
Setup is now ready to begin installing Alfresco Community on your computer.
Do you want to continue? [Y/n]:
—————————————————————————-
Please wait while Setup installs Alfresco Community on your computer.
Installing
0% ______________ 50% ______________ 100%
Installing
0% ______________ 50% ______________ 100%
#########################################
—————————————————————————-
Setup has finished installing Alfresco Community on your computer.
View Readme File [Y/n]: n
Launch Alfresco Community Share [Y/n]: n

8. copy the mqsql driver
cp mysql-connector-java-5.1.34-bin.jar /opt/alfresco/tomcat/lib
9. start alfresco
service alfresco start
Using CATALINA_BASE: /opt/alfresco/tomcat
Using CATALINA_HOME: /opt/alfresco/tomcat
Using CATALINA_TMPDIR: /opt/alfresco/tomcat/temp
Using JRE_HOME: /opt/alfresco/java
Using CLASSPATH: /opt/alfresco/tomcat/bin/bootstrap.jar:/FS/alfresco/tomcat/bin/tomcat-juli.jar
Using CATALINA_PID: /opt/alfresco/tomcat/temp/catalina.pid
Tomcat started.
/opt/alfresco/tomcat/scripts/ctl.sh : tomcat started

10. check catalina.out log
tail -f /opt/alfresco/tomcat/logs/catalina.out

optional:
own cifs settings for changing the sharename from alfresco to your choice
1. stop alfresco
service alfresco stop
2. edit the alfresco-global.properties file
vi /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
add the following lines before the ### database connection properties ### and change your-volume-name

#mycifs settings
cifs.enabled=true
cifs.serverName=“Alfresco“
cifs.hostanounce=true
filesystem.name=YOUR-VOLUME-NAME

3. start alfresco
service alfresco start

Import Data: I use both ways (Import Tool and rsync) because i always get errors on special characters

optional bulkimport: (the way to preserve timestamps..)
1. mount the data to import on the alfresco host (ex. nfs, cifs, afp)
2. Importtool Url:
http://yourdomain:8080/alfresco/service/bulkfsimport
3. directorys
Import Dir: mounted filesystem
/mnt/mount

Target Space:
/Company Home/Sites/YOURSITE/documentLibrary

batch size:
a recomanded value is 100
number of threads:
2 * number of cores

Status:
http://yourdomain:8080/alfresco/service/bulkfsimport/status

LOG:
look for import errors:
tail -f /opt/alfresco/tomcat/catalina.out

optional bulkiport using rsync: (ATENTION! Timestamps will not be preserved)
im using an osx machine because i have to import from an afp volume
but u can use the rsync also directly on linux. the exclude is for dot files you can use it or not…
if you are trying to sync multiple times you maybe need the –delete flag.
rsync -av –size-only –ignore-times –no-links –exclude ‚.*‘ /Volumes/YOURDATA/ /Volumes/Alfresco/Sites/YOURSITE/documentLibrary/

optional: SSL securing alfresco with mod_jk and apache2 proxy:
1. aptitude install apache2
2. aptitude install libapache2-mod-jk
3. creating a certificte:
cd /etc/apache2
mkdir cert
cd cert
openssl req -x509 -newkey rsa:2048 -keyout vhost1.key -out vhost1.crt -days 3000

4. check the workers.properties file for worker name
cat /etc/libapache2-mod-jk/workers.properties
worker.list=ajp13_worker

5. modify /etc/apache2/sites-available/default-ssl
edit your cert and key location
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/apache2/cert/vhost1.crt
SSLCertificateKeyFile /etc/apache2/cert/vhost1.key

apend the following at the end right before
jkMount /* ajp13_worker

6. enable the ssl site
a2ensite default-ssl
a2enmod ssl
service apache2 restart
enter the private key pass phrase

7. change alfresco port in /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
#alfresco.port=8080
alfresco.port=443
#alfresco.protocol=http
alfresco.protocol=https

#share.port=8080
share.port=443
#share.protocol=http
share.protocol=https

optional enable sharepoint ssl protocol: using the solr4 predefiend certificate

** Silverlight Plugin have to be installed on your Client to work with the Sharepint Protocol. **

1. add the following in /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
right after the share.port entries:
#share.port=8080
share.port=443
#share.protocol=http
share.protocol=https

vti.server.port=7070
vti.server.protocol=https
vti.server.ssl.keystore=/FS/alfresco/alf_data/keystore/ssl.keystore
vti.server.ssl.password=**YOURPASSWORD**
vti.server.url.path.prefix=/alfresco
vti.server.external.host=IMPORTANT ADD YOUR FQDN here yourhost.yourdomain.com
vti.server.external.port=7070
vti.server.external.protocol=https
vti.server.external.contextPath=/alfresco

2. create the file /opt/alfresco/tomcat/shared/classes/alfresco/extension/vti-custom-context.xml
with the following content:

vti-cutom-context

optional import users:
1. create a excel file like the following

User Name First Name Last Name E-mail Address Password Company Job Title Location Telephone Mobile Skype IM Google User Name Address Address Line 2 Address Line 3 Post Code Telephone Fax Email
TestUser Mike Test testmail@mailserver.com

2. export the file as csv
open the csv file in an texteditor and replace every ; with , and save the file.

3. import the users:
login to your alfresco site as admin and navigate to the „Admin-Tools -> Users“ page.
upload csv file and your users should be created

4. set password of each user manual (i did not find out how to import the users with passwords)

03 Jun

Apple MAC: EFI-Lücke erlaubt Firmware-Modifikation

Eine EFI-Schwachstelle ermöglicht es einem Angreifer, die Firmware älterer Macs zu manipulieren und physischer Zugriff ist dafür angeblich nicht notwendig. (QUELLE)

Die Firmware bestimmter Macs lässt sich nach Angabe des Sicherheitsforschers Pedro Vilaca sehr einfach modifizieren – über diese Lücke sei beispielsweise das Einschleusen eines EFI-Rootkits möglich. Apples Implementierung des Ruhezustandes (ACPI-Modus S3) ist angeblich so unsicher, dass sich die Firmware nach dem „WakeUP“ des Macs verändern lasse, erklärt Vilaca.

Eigentlich sind die Flash-Speicherbereiche, in denen die für den Boot-Prozess verantwortlichen EFI-Funktionen residieren, und somit gegen Beschreiben geschützt. Allerdings verschwindet diese Schreibsperre, wenn das System in den Ruhezustand gebracht und dann wieder aufgeweckt wird. Im Unterschied zum Thunderstrike-Trick lässt sich die Firmware mit dieser Methode somit ganz ohne physischen Zugriff verändern. Ein einmal eingeschleuster Schädling müsse den Mac nur einmal in den Ruhezustand bringen und könne die Manipulation dann nach dem Aufwecken vornehmen. Damit sei die Installation eines EFI-Rootkits prinzipiell auch aus der Ferne möglich – er habe dies allerdings noch nicht überprüft, so der Sicherheitsforscher.

Betroffene Modelle
Laut Vilaca sind Macs ab Modellreihe Mitte/Ende 2014 nicht mehr anfällig: Apple habe die Firmware-Schwachstelle entweder durch Zufall behoben oder sei sich des Problems längst bewusst.