Posts Tagged “encoding”
While working on an upcoming article for QD I ran into an issue with the dnsenum.pl Perl script. I followed the process of installing the optional Perl modules and when I went back to test dnsenum it would no longer return any IP addresses. Instead of dnsenum returning actual IP addresses it was returning odd characters. It turns out there is some form of conflict between dnsenum.pl and the Net::DNS Perl module. Below I describe the dnsenum issue in more detail and provide a work around by manually downgrading the Net::DNS Perl module by hand.
Read the rest of this entry »
Tags: Address, backtrack, characters, DNS, dnsenum, encoding, error, IP, Linux, mail server, mx, name server, Net::DNS, perl, perl module, zone transfer
No Comments »
“You have X amount of Cross-Site Scripting vulnerabilities”. That is a phrase most web developers have heard at least one time, what is a Cross-Site Scripting vulnerability?
OWASP defines Cross-Site Scripting as:
“Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.”
Read the rest of this entry »
Tags: Cross-Site Scripting, double, encoding, fix, howto, problem, security, XSS
No Comments »
Posted by alex in Security
Many people still seem to not be aware of EXIF data and the information it provides anyone that wants to view it. EXIF data is attached to image files as well as other files and provides all sorts of details from file creation time to exact GPS coordinates. This is the type of data that was extracted from an image uploaded by Vice Magazine that gave away John McAfee’s location when he escaped Belize. On Backtrack Linux there are numerous tools to extract EXIF data including exiftool which is written in Perl and easy to use. Below we will describe exiftool, which is located in /pentest/misc/exiftool/ or /usr/bin, and provide examples to show how easy it is to use.
Read the rest of this entry »
Tags: .docx, 7.89, 9.12, altitude, backtrack, bt5, bt5r3, compression, coordinates, digital forensics analysis, encoding, exif, exiftool, forensics, gif, GPS, images, jpeg, jpg, latitude, Linux, longitude, macintosh, OSX, pentest, perl, pptx, shutter speed, software agent, xlsx
No Comments »
Posted by alex in Insights
If you are a system administrator you probably manage one or more email servers so things eventually will go wrong and need to be resolved as quickly as possible. It is beneficial to know how to troubleshoot email servers using telnet via a shell so you don’t have to rely on a GUI mail client. Below I describe how to login to an Exim email server using telnet, authenticate via SMTP authentication, and then send test emails. The below examples will be run from a terminal window on Linux however they should be very similar too running the commands from a Command Prompt on Windows 7 or any other operating systems using a terminal window or similar.
Read the rest of this entry »
Tags: 2.5, 220, 250, auth login, authentication succeeded, base64, convert, data, ehlo, email, encoding, exim, helo, mail, mail from, mail server, message, MIME, perl, port 25, rcpt to, SMTP, smtp authentication, subject, telnet
1 Comment »
|
Entries (RSS)