himanshu's blog

Encrypting shell scripts

Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output). There is a program called "shc" that can be used to add an extra layer of security to those shell scripts. SHC will encrypt shell scripts using RC4 and make an executable binary out of the shell script and run it as a normal shell script. This utility is great for programs that require a password to either encrypt, decrypt, or require a password that can be passed to a command line argument.

Nepali Meta Search Engine : www.metalnepal.com

Quoting the site : ..."metanepal.com is Nepal's first metasearch engine. metanepal uses innovative metasearch technology to search the Internet's top search engines, including Google, msn, kanoodle and nepal specific search engines such as explorenepal.com"

Also by the way they also provide a "News Search" feature. Even though this search engine parses the results of different search engines, it still is a valuable tool for web searchers looking esp. at Nepali sites.

speedy NMAP scans

Nmap (http://www.insecure.org/nmap) is the most popular network scanner widely used and misused. Most people tend to ignore the various "switches (options)" and only use the default parameters. It is possible to prioritize SPEED or STEALTH in nmap scans but i'll mainly be talking about maximizing SPEED.

I'll demonstrate this by scanning localhost i.e. my own computer via loopback address. ( via a non root user :

[d00m@localhost d00m]$ nmap -v
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-11-21 23:44 EST
Host localhost.localdomain ( appears to be up ... good.

All AV, Trojan,Spy ware scanner,Nested file bypass by hUnter

This is the discovery by hUnter of www.nepsecure.tk :

A malicious code can reside in a computer (with users privilage) bypassing "manual scans" of any
Antivirus, Trojan & Spy ware scanners by simply issuing this command to itself.

cacls hUNT.exe /T /C /P dumb_user:R

Click here for more info

XSS in major Nepali websites (discovered by www.nepsecure.tk)

XSS or C-ross S-ite S-cripting is a means of successfully injecting HTML/javascript etc and is mostly client side i.e. browser

Nepali websites have time and time again found to be ignorant about security. Closeupzone.com (website of Closeup tooth paste / event management) and m2win.com (website of Mayos Instant Noodles) have been the latest victims of the talented group of Nepali hackers www.nepsecure.tk.

The proof of concept demonstrates the Xss vulnerabilities in these sites. closeupzone.com does seem to try to filter HTML tags but it is possible to bypass the filter so this is a particularly interesting one. I personally can't comment about the ethics of these Nepali security gurus but it would be a applaudible act to point it out to the concerned authorities.

Top 10 ways to crash PHP

Programming errors are of many kinds but the consequences can range from harmless to downright dangerous.
Top 10 ways to crash PHP
is an interesting article that deals with such a topic for PHP.

UN-deleting files in Linux

I decided to investigate how easy it was to recover deleted files in Linux and came to the conclusion that using secure file deletion utilities is a must for safely deleting data. When files are removed in linux they are only un-linked but their inodes (addresses in the disk where the file is actually present) is not removed. This concept will be quite handy while recovering deleted files. Now i won't discuss specialized software but rather stick to utilities commonly present in linux distros. In this case it's the "debugfs" utility. Run "debugfs /dev/hda13" and then at the "debugfs" prompt use the command "lsdel"

Multiple Antivirus DoS During Processing of Malformed Compressed Archives

While scanning compressed files, several Antivirus, Trojan and Spyware scanners might suffer from a denial of service condition while attempting to extract an archive that contains intentionally malformed content in it.

Details Vulnerable Systems:
* Norton Antivirus 2002
* Norton Antivirus 2003
* McAfee VirusScan 6
* Network Associates (McAfee) VirusScan Enterprise 7.1
* Windows XP default ZIP manager (report's wrong size of compress ZIP files.)
* F-Prot 4.4.2 for Linux
* Panda Antivirus
* Linux uvscan scan engine 4.3.20 (McAfee)

It is possible to construct an archive containing a file or files that will cause a denial of service condition when a scanner attempts to extract the contents of the archive. Usually files within archives are completely extracted before scanned, which gives rise to this vulnerability.

New Kernel Crash-Exploit discovered !!

The Linux kernel bug allows a simple C program to crash the kernel, effectively locking the whole system. The security hole affects both 2.4.2x and 2.6.x kernels on the x86 and x86_64 architectures.

The flaw was by accident discovered by Stian Skjelstad when he was doing some code tests while on vacation. He was quite surprised when he discovered that the code he was trying froze his machine. He reported it to the Linux-kernel mailing list and the gcc bugzilla 2004-06-09.

Click here for details

Amsn : MSN messenger for linux

Amsn is a clone of the original MSN Messenger, having the same look and feel.

This project is a modified and multilanguage version of Compu's Messenger (CCMSN).It's a Tcl/Tk script as was CCMSN and Tcl/Tk must be installed to run it. This means it is multiplatform and can run on any OS having Tcl/Tk installed (Linux, Windows, Macintosh).

Visit Amsn's homepage

It is currently fairly complete with features such as :

# Sound for Events
# Look and Feel similar to original MSN Messenger
# Multilanguage (Around 40 languages currently supported)