Archive | Linux Hacking


02 October 2014 | 2,654 views

OpenVPN Vulnerable To Shellshock Exploit

So last week the big news was about the cross platform exploit in BASH that we covered in our article – Everything You NEED To Know About Shellshock Bug In BASH. As mentioned in the comments, a certain combination of circumstances and configuration options can leave OpenVPN vulnerable to Shellshock. This could be a pretty [...]

Continue Reading


26 September 2014 | 3,855 views

Everything You NEED To Know About Shellshock Bug In BASH

Shellshock (CVE-2014-6271) the bug in BASH is causing havoc on the Internet this week, as far as I’m concerned it’s a bit overstated – seriously how many people are still using cgi scripts? None I hope. I do suspect though a lot of shared hosts might get owned by this as most commercial control panel [...]

Continue Reading


11 September 2014 | 2,706 views

Lynis v1.6.0 Released For Download – Linux Security Auditing Tool

Lynis is an open source linux security auditing tool. The primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional! It’s a great tool for [...]

Continue Reading


07 April 2014 | 2,104 views

Sysdig – Linux System Troubleshooting Tool

Sysdig is open source, Linux System Troubleshooting Tool: capture system state and activity from a running Linux instance, then save, filter and analyze. Think of it as strace + tcpdump + lsof + awesome sauce. With a little Lua cherry on top. Sysdig was born from a team’s constant frustration. System level troubleshooting is just [...]

Continue Reading


14 February 2014 | 1,948 views

Azazel – Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hides remote [...]

Continue Reading


09 December 2013 | 1,319 views

Linux.Darlloz Worm Targets x86 Linux PCs & Embedded Devices

So this is not a particularly technical source article, but it looks fairly interesting and I haven’t heard of this Linux.Darlloz worm before, so it might be new to some of you too. Seems like it’s going after old php-cgi installs, which are very common on embedded systems (routers/pos systems/stbs etc). The vulnerability being used [...]

Continue Reading


12 June 2012 | 17,174 views

MySQL 1 Liner Hack Gives Root Access Without Password

The latest news that has hit the streets is the occurence of the easiest hack ever, if you have local shell access (any user privelege level) and you can connect to MySQL – you can get root access to MySQL within a few seconds. I tried this yesterday on one of my servers on Ubuntu [...]

Continue Reading


18 April 2012 | 3,868 views

NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account

We wrote about this tool originally last year – NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials – and a new version just came out! NfSpy has just been updated to support NFSv3, a more efficient and widespread protocol than the previous NFSv2. NfSpy is a FUSE filesystem written in Python that automatically changes [...]

Continue Reading


14 October 2011 | 14,340 views

CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE aims to guarantee are the following: an [...]

Continue Reading


26 July 2011 | 11,341 views

NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials

NfSpy is a FUSE filesystem written in Python that automatically changes UID and GID to give you full access to any file on an NFS share. Use it to mount an NFS export and act as the owner of every file and directory. Vulnerability Exploited NFS before version 4 is reliant upon host trust relationships [...]

Continue Reading