Archive for April, 2008
PoC of Denial of Service in SSH Daemons
This is a proof of concept of a DOS in misconfigured SSH daemons (which is default in some distros), an example is the OpenSSH (any version, any plataform) with no definition of MaxStartups in sshd_config, to read about problem, see my post on:
http://archive.netbsd.se/?ml=secureshell&a=2006-08&t=2257506
or
http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2006-08/msg00030.html
Well, with this DOS, you can block any user to login on remote machine, a big problem for some admins which are isolated from machine =)
To use the PoC:
~# python poc.py –help
Screenshot
Download PoC: SSHD PoC
Requirements: Python 2.3+ / Linux or Windows
Yours,
- Perone
No commentsA MSN Python BOT
Hello, the screenshot says everything:
To install:
~# apt-get install python-msn
~# ./mon.py or python mon.py
Enter your account and enjoy.
The source is a mess, but it’s just a PoC; the idea is to use this bot to show linux alerts.
Yours,
- Perone
No commentsMagento+Joomla! (status update II)
Good morning everyone,
I’m releasing the first public version of the Magento/Joomla! integration using JFusion 1.0.5e. This plugin has been designed for work with Joomla! 1.5.2 and Magento 1.0. I hope you can help me testing and improving it.
I’ve set up a testing matrix with some test cases, you can access it through Google Docs and help me fill the “gray” boxes ;P.
To test, use the following instructions:
- Download JFusion 1.0.5e, install, configure and publish everything that should be published. (if you need help, read the docs at http://www.jfusion.org )
- Download my new plugin
- Remove the default Magento plugin (under “Integration Config”: select “magento” and remove)
- Click on “upload” under the “Integration Config” screen to upload the new version of magento.tar.gz, click on “Install” and smile.
- Go back to “Integration config”, edit the new “magento” plugin according to your STORE configuration.
- Test and give some feedback: bigodines #at@ joomla.com.br
please help me fill the test matrix!!
Cheers
-bigodines
Magento+Joomla! (status update)
This morning I managed to authenticate against magento’s database (using salted and non-salted passwords). So, the testable version of the plugin is ready. I have found a small bug during the re-login (after logout) which I still didn’t find a generic workaround.
People whiling to test, please contact me. (I need TECHNICAL testers that can setup everything and track [eventual] errors without assistance). Just drop a comment or mail me: bigodines #at# joomla.com.br
-bigo
No commentsMagento 1.0 is out!
Hello guys!
I have some news for all those wanting Magento 1.0 and Joomla! 1.5.2 integration. I started working on it today.
I manage to hijack the magento session, the only missing part is to automatically identify the authentication method and generate the hash to authenticate against magento’s database (if you missed the new feature: magento now allows SHA1 and MD5). Then I’ll pack a new version of Magento plugin for JFusion so you can use it with our favorite Joomla! extension 
Now, the bad news (which aren’t THAT bad). We are rewriting most of JFusion’s framework, and old plugins should stop working. That said, I’m not sure if its worth to create a Magento 1.0 plugin for the current version of JFusion (1.0.5
Oh, and I will need people to test in different environments. I hope I can count on you to help me (I will provide a Test-Matrix so we avoid redundant testing :P).
Gotta take some rest now. Stay tunned (I recommend you to subscribe to the RSS as I haven’t been able to update this blog very often lately…).
-bigo
No comments
