For anyone that has done a long source code audit is not about really finding the easy/low hanging fruit stuff that can be slow and sometimes a bit “frustrating”. I recently had a nice 660,000 lines of code source code audit to be done in less than 2 weeks, the language was Java, so the first thing that was to be done (they had already hit fortify and other tools with it) and were looking for a bit of more interesting stuff apparently. This raised some specific problems while working and finding the vulnerabilities and exploitability of them.
The apache stop menu item in Backtrack Linux accomplishes one goal which is to stop the Apache web server. The previous article for apache start would have been enough to explain the basics to anyone using Apache on Backtrack Linux but since my goal is to write an article for every menu item and every tool within Backtrack here is the one for apache stop.
We have had a couple requests to write a post about readpst which is included in the default path of Backtrack 5 and also located in the Backtrack menu underneath Forensics/Forensics Analysis Tools. The readpst application will read PST files which are also known as Microsoft Outlook Personal Folders and convert them to mbox, MH, or KMail formats. There are various other switches that can be used to output each email into a separate file, include attachments, modify contact formats, be recursive, etc. I will explain basic functionality below along with a couple of the formats and various switches.
I find myself on a regular basis looking for various debconf variables to set before installing packages on Ubuntu. This is typically to not have to type in the answers on the various configuration screens or because I want to script an install of some package. If the package has never been installed before on that specific server then the debconf variables will not display. You can always login to another server where the package is installed to see the variables but I am going to start posting information for common packages here so others can easily find them when searching.
Earlier while analyzing a Linux server it was pointed out to me that the Apache logs were filling up with constant connections requesting domains that were not configured on the server. To me it looked as if a load balancer somewhere was misconfigured and sending traffic to our IP address by mistake but I needed to open a ticket with the colocation provider to have them look into the issue further since the network in this case is not something I have any control over. Below is a quick Linux command that will output a list of IP addresses making port 80 connections to your server.