Wednesday, November 24, 2010

How to Clone a Virtual Box image

To clone a Virtual Box image do the following:

1. Copy the VM disk using following command
    VBoxManage clonevdi SourceDisk.VDI TargetDisk.VDI
2. Go To File -> Virtual Media Manager -> Add -> add the newly created disk (TargetDisk.vdi)
3. Create a New VM from Machine -> New,
   Type the new VM name,
   Allocate Memory,
   Virtual Hard Disk, Use Existing Hard Disk
   Select the  Hard Disk you added in step 2.
   Finish

   Copying the Virtual Machine HDD to other location will not work. You have to explicitly use the VBoxManage command in order to create a clone image.

Thursday, April 1, 2010

Recover your Internet User Password using Firefox

Most of the time when you subscribe to broadband/internet services, a technician comes to your home and sets up the router/wifi for you. Than after you never think about this password or you dont even need to.

The moment you want to replace the router with your favorite one, you just cannot find the username/password that your provider gave you at the time of subscribing for internet.

Follow the below steps to recover the password from any broadband router, gateway 
Below steps are for Aztech DSL605 ADSL router.

1. Open the gateway administrator page in firefox.
2. Go to Advanced, WAN and select your exisitng WAN connection


3. The moment you navigate to this page, firefox will pop-up with option for "Remember Password"
4. Select "Remember Password"
5. Goto  Tools, Options, Security, Saved Password
6. You will see all the passwords including the one for your WAN conneciton

Sunday, March 14, 2010

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

Problem
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

Solution

$mysql -u root -p

GRANT ALL PRIVILEGES ON *.* TO user@ip-address IDENTIFIED BY 'password';
commit;

Sunday, March 7, 2010

Could not load host key: /etc/ssh/ssh_host_key

 Error starting ssh
root@slax:/etc# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_rsa_key

Solution:

ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''

Re-start SSH

Wednesday, March 3, 2010

Connecting to windows share from Ubuntu using smbclient

How to connect windows share from Ubuntu

smbclinet -U username%password //hostname/c$ or //hostname/ipc$
Ensure that File and Print Sharing is enabled on windows.

Open Source and Free Web Scanners


Cal9000: CAL9000 is a collection of web application security testing tools that complement the feature set of current web proxies and automated scanners. CAL9000 gives you the flexibility and functionality you need for more effective manual testing efforts. Works best when used with Firefox or Internet Explorer. CAL9000 is written in Javascript, so you have full access to the source code.
Grendel-Scan: Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.

Nikto: Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nnikto: A console app to perform forced browsing checks against a web server. The application uses a simple algorithm and various techniques to prevent/reduce false positives.

Ratproxy: A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.

W3af: w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives, please click over the Project Objectives item in the main menu. This project is currently hosted at SourceForge , for further information, you may also want to visit w3af SourceForge project page.
Wapiti: Wapiti currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections. Wapiti uses the Python programming language.Wapiti allows you to audit the security of your web applications. Wapiti performs "black-box" scans and does not study the source code of the application but scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Friday, February 26, 2010

Synaptic Manager Error - avast4server

Synaptic Manager not starting with an error "The package avast4server needs to be reinstalled, but I can't find an archive for it."

Solution
dpkg --remove --force-remove-reinstreq avast4server