While running a configure script to eventually compile an application during testing on CentOS Linux I received an error stating that libexpat and/or libbsdxml could not be found. On CentOS you will only need to install libexpat-devel as shown in the below example following the output of the configure error and how we located what package installed libexpat via yum.
Not sure if Fortinet makes it impossible to find the FortiClient SSL VPN application for Mac OSX on purpose or not but it appears to be free for the simple client version so I wanted to provide a location to download the client easily. On Windows you can bring up Internet Explorer and make a SSL VPN connection easily but since IE is not available on OSX it is necessary to have the stand alone FortiClient SSL VPN application. Be careful if you are going to download the Fortinet FortiClient elsewhere as if it is anything other than the simple SSL VPN client it is really bloated.
Well, I run with psymera a CTF game and we are constantly adding new VMWare machines and new tests just to keep on playing and not get bored. As part of a internal training where I work I started to create some videos on how to use SQLMap (I promise to upload here shortly in a big rant about it) so I started on what everyone does: update your version.
And something interesting happened, sqlmap enumeration broke (gorgeous) but it didn’t look much like it, it baffled me at first, so much that I had to do all by hand and asked psymera if he changed something, he said no.
So this is the info of the updated sqlmap version to that date:
- root@fsckOSX:/pentest/database/sqlmap# svn info
- Path: .
- URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
- Repository Root: https://svn.sqlmap.org/sqlmap
- Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
- Revision: 4380
- Node Kind: directory
- Schedule: normal
- Last Changed Author: stamparm
- Last Changed Rev: 4380
- Last Changed Date: 2011-09-19 12:08:08 -0700 (Mon, 19 Sep 2011)
the SVN rev is 4380, latest at Sep 19th, here is the example of a run against the vulnerable web server with this revision.
So earlier today I noticed a discrepancy in traffic to question-defense.com and because of a previous incident I knew exactly where to look. Sure enough a similar attack had been performed which we are coining Search Engine Click Jacking. In this case we are sure that a single files permissions were left open and the attackers were able to write PHP into the file which caused traffic being referred to our site from many of the major search engines to be redirected to tenderloin.osa.pl. Our site is built using WordPress however any site built in PHP with incorrect permissions on any files are vulnerable to this type of attack. Below is more information about the attack, how to search for the attack, and a simple bash script that will remove the infected code from PHP files on your web site.