Feb 03 2024

HACKING DEBIAN, UBUNTU, REDHAT& FEDORA SERVERS USING A SINGLE VULNERABILITY IN 2024

Category: Hacking,Linux Security,Security vulnerabilitiesdisc7 @ 11:47 am

The recent discovery of a significant flaw in the GNU C Library (glibc), a fundamental component of major Linux distributions, has raised serious security concerns. This flaw grants attackers root access, posing a critical threat to the security of Linux systems.

  • Vulnerability in GNU C Library (glibc): The GNU C Library, commonly known as glibc, is an essential part of Linux distributions. It provides the core libraries for the system, including those used for file handling, mathematical computations, and system calls.
  • Root Access Granted: The flaw discovered in glibc allows attackers to gain full root access to Linux machines. Root access means having complete control over the system, enabling an attacker to perform any action, including installing software, accessing all files, and modifying system configurations.

CVE ID: CVE-2023-6246

  • Description: This vulnerability is related to a dynamic memory buffer overflow and is classified as a Local Privilege Escalation (LPE) issue. It was found in glibc’s __vsyslog_internal() function, which is called by the widely-used syslog and vsyslog functions.
  • Impact: The flaw allows unprivileged attackers to gain root access on various major Linux distributions in their default configurations. This level of access can enable attackers to take complete control over the affected system.
  • Severity: Given its potential for granting root access, this vulnerability is considered highly severe.

HOW THE FLAW WORKS

  • Local Privilege Escalation: The vulnerability is a local privilege escalation (LPE) issue. This means that an attacker who already has access to the system (even with limited privileges) can exploit this flaw to gain root-level access.
  • Exploitation Requirements: To exploit this flaw, attackers need a Set-User-ID (SUID) binary. SUID is a special type of file permission that allows users to execute a program with the permissions of the file owner, which in many cases is the root user.

IMPACT AND SEVERITY

  • Widespread Impact: Given the ubiquitous use of glibc in Linux distributions, the impact of this vulnerability is widespread, affecting a vast number of systems and applications.
  • High Severity: The flaw is considered high severity due to its potential to grant attackers complete control over the affected systems.

MITIGATION AND RESPONSE

  • Disabling SUID Binaries: One suggested mitigation is to disable SUID binaries using “no new privileges” mode, which can be implemented with tools like systemd or bwrap.
  • Patch and Update: Users and administrators are urged to apply patches and updates provided by their Linux distribution as soon as they become available. Staying updated is crucial in preventing the exploitation of this vulnerability.

The discovery of the glibc flaw that grants root access to major Linux distributions is a stark reminder of the importance of system security and the need for constant vigilance. Users and administrators must take immediate action to mitigate the risk by applying patches and employing security best practices. As Linux continues to be a backbone for many systems and networks, ensuring its security is paramount for the integrity of countless applications and services.

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: HACKING DEBIAN, REDHAT& FEDORA, UBUNTU


Dec 27 2023

EXPERTS ANALYZED ATTACKS AGAINST POORLY MANAGED LINUX SSH SERVERS

Category: Cyber Attack,Linux Securitydisc7 @ 8:07 am

Researchers warn of attacks against poorly managed Linux SSH servers that mainly aim at installing DDoS bot and CoinMiner.

Researchers at AhnLab Security Emergency Response Center (ASEC) are warning about attacks targeting poorly managed Linux SSH servers, primarily focused on installing DDoS bots and CoinMiners.

In the reconnaissance phase, the threat actors perform IP scanning to look for servers with the SSH service, or port 22 activated, then launch a brute force or dictionary attack to obtain the ID and password.

Threat actors can also install malware to scan, perform brute force attacks, and sell breached IP and account credentials on the dark web.

Common malware used in attacks against poorly managed Linux SSH servers include ShellBot [1][2]Tsunami [3], ChinaZ DDoS Bot [4], and XMRig CoinMiner [5]

Linux SSH servers

Once successfully logged in, the threat actor first executed the following command to check the total number of CPU cores.

> grep -c ^processor /proc/cpuinfo

“The execution of this command signifies that the threat actor has obtained the account credentials. Afterward, the threat actor logged in again using the same account credentials and downloaded a compressed file.” reads the analysis published by ASEC. “The compressed file contains a port scanner and an SSH dictionary attack tool. Additionally, commands accidentally typed by the threat actor can be seen, such as “cd /ev/network” and “unaem 0a”.”

These researchers believe that the tools employed in the attacks are based on the ones that have been created by the PRG old Team. Each threat actor created its custom version of the tools by modifying them.

Linux SSH servers

The researchers recommend administrators should use strong passwords that are difficult to guess and change them periodically. These measures should protect the Linux SSH servers from brute force attacks and dictionary attacks. The experts also recommend updating to the latest patch to prevent attacks exploiting known vulnerabilities.

“Administrators should also use security programs such as firewalls for servers that are accessible from the outside to restrict access from threat actors. Finally, caution must be practiced by updating V3 to the latest version to block malware infection in advance.” concludes the report.

Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: SSH SERVERS


Dec 18 2023

8220 Hacker Group Attacking Windows & Linux Web Servers

Category: Cyber Attack,Hacking,Linux Security,Windows Securitydisc7 @ 1:40 pm

The 8220 hacker group, which was first identified in 2017 by Cisco Talos, is exploiting both Windows and Linux web servers with crypto-jacking malware. One of their recent activities involved the exploitation of Oracle WebLogic vulnerability (CVE-2017-3506) and Log4Shell (CVE-2021-44228).

However, the history of this threat group had several exploited vulnerabilities such as Confluence, Log4j, Drupal, Hadoop YARN, and Apache Struts2 applications. Their TTPs are evolved with different publicly released exploits.

8220 Hacker Group

In addition to this, the group was also discovered to be exploiting (CVE-2020-14883), a Remote code execution vulnerability in Oracle WebLogic Server. This exploitation chain is combined with another authentication bypass vulnerability (CVE-2020-14882) in the Oracle WebLogic server.

The exploitation methods of these two vulnerabilities are publicly available, making it relatively easy for the threat actor to modify and exploit them for malicious purposes. 

Two different exploit chains were discovered, and one of them enables the loading of an XML file used for further phases of execution of commands on the OS, whereas the other one executes Java code without the use of an XML file.

Infection Chains

The first infection chain uses different XML files that depend on the target OS. In the case of Linux, the downloading of other files is performed via cURL, wget, lwp-download, and python urllib along with a custom bash function that encodes it to base64.

Custom bash function (Source: Imperva)

The method injects a Java code which also initially evaluates the OS and executes the same command strings executed in the first method. Once the download and execution process takes place, the compromised hosts are infected with AgentTesla, rhajk, and nasqa malware variants.

complete report has been published, which provides detailed information about the exploitation, command used, encoding, and other information.

Indicators Of Compromise

URL

URL

Source IPs

Source IPs
Malicious File Hashes

Common Windows, Linux and Web Server Systems Hacking Techniques

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Windows & Linux Web Servers


Nov 09 2023

HACKERS’ NEW FAVORITE: CVE-2023-4911 TARGETING DEBIAN, UBUNTU AND FEDRORA SERVERS IN THE CLOUD

Category: Linux Securitydisc7 @ 7:51 am

CVE-2023-4911 is a serious security vulnerability within the GNU C Library (glibc), specifically in the dynamic loader ld.so, associated with the processing of the GLIBC_TUNABLES environment variable. This vulnerability has been exploited in cloud attacks, particularly by a group using the Kinsing malware for cryptojacking operations.

The flaw is a buffer overflow that can be exploited by a local attacker using specially crafted GLIBC_TUNABLES environment variables when launching binaries with Set-UID (SUID) permissions, which could potentially allow the execution of code with elevated privileges. The Qualys Threat Research Unit has been credited with discovering this vulnerability.

This vulnerability has been given a severity score of 7.8, which classifies it as high severity. Exploitation of this flaw could enable an attacker to gain root permission on a Linux system that is running a vulnerable version of GLIBC, specifically version 2.34 or similar.

The issue has been noted to impact major Linux distributions, and organizations that use Linux systems, especially in cloud environments, are advised to patch this vulnerability promptly to mitigate the risks associated with it.

Exploit

To exploit CVE-2023-4911, threat actors would typically follow a sequence of steps that hinge on local access to a vulnerable system. The exploitation process can generally be broken down into the following stages:

  1. Initial Access: First, the attacker needs local access to a system that runs a vulnerable version of the GNU C Library, specifically where ld.so is affected by the buffer overflow. This access could be obtained through various means, such as compromising a low-privileged user account.
  2. Crafting Malicious Input: The attacker crafts a malicious GLIBC_TUNABLES environment variable. This variable is meant to be used for tuning performance and behavior aspects of the GNU C Library, but when crafted maliciously, it can trigger a buffer overflow.
  3. Exploiting the Buffer Overflow: By triggering the buffer overflow, the attacker aims to overwrite certain areas of memory. This could be the stack, the heap, or other memory locations, depending on how the dynamic loader (ld.so) is handling the environment variable.
  4. Injecting Code or Redirecting Execution: The overwritten memory could include the injection of malicious code, or it might alter the execution flow of the process to jump to code that the attacker controls. Typically, this would be shellcode—a small piece of code that launches a shell or another control mechanism.
  5. Elevating Privileges: If the process being exploited has SUID permissions, it runs with the privileges of the owner of the file, often root. By exploiting such a process, the attacker can execute their code with elevated privileges, effectively gaining root access to the system.

Here’s a hypothetical example:

  • Alice is a system administrator for a cloud service provider that uses Linux servers.
  • Bob is a threat actor who has managed to gain access to a low-privileged account on one of the Linux servers due to a weak password.
  • The server runs a version of GLIBC that is vulnerable to CVE-2023-4911.
  • Bob writes a malicious GLIBC_TUNABLES variable and uses it in conjunction with a vulnerable application that has SUID set to run as root.
  • When the application runs, the malicious variable causes a buffer overflow in ld.so, which Bob exploits to redirect the application’s execution flow to his shellcode.
  • Bob’s shellcode is executed with root privileges, giving him full control over the server.
  • Now with root access, Bob could install persistent backdoors, exfiltrate data, or use the compromised server for further attacks.

It’s important to note that exploitation of CVE-2023-4911, like many vulnerabilities, requires specific conditions to be met and often sophisticated knowledge of software internals, memory layout, and exploitation techniques. The exact details of the exploit can vary based on the system’s configuration, the attacker’s goals, and the environment variables involved.

The Aqua Nautilus team documented an attack by the Kinsing malware that exploited CVE-2023-4911 to elevate permissions on a compromised machine. Here’s how they described the exploitation process:

  1. Initial Access: The attackers gained initial access by exploiting a PHPUnit vulnerability (CVE-2017-9841), allowing them to download and execute a Perl script to open a reverse shell on the compromised machin.
  2. Manual Testing: The Kinsing attackers manually tested shell commands on the compromised systems. These commands included gathering system information, starting an interactive shell session, and creating a directory in /tmp.
  3. Downloading Exploits: They downloaded a script named gnu-acme.py, which was an exploit for the Looney Tunables vulnerability (CVE-2023-4911), allowing for local privilege escalation by exploiting a buffer overflow in the handling of the GLIBC_TUNABLES environment variable by ld.so.
  4. Executing Additional Exploits: After this, they fetched and executed an obfuscated PHP exploit, which, upon de-obfuscation, turned out to be a JavaScript designed for further exploitative activities. This resulted in a web shell backdoor that allowed them to maintain unauthorized access to the server.

This attack demonstrates the attackers’ sophisticated capabilities in chaining vulnerabilities to penetrate cloud environments, gain unauthorized access, and elevate privileges within the system.

Kinsing aims to gather CSP credentials, potentially exposing sensitive data, like AWS instance identity, which poses risks in cloud environments.

Here below, we have mentioned all the types of credentials and data that could be exposed:-

  • Temporary Security Credentials
  • IAM Role Credentials
  • Instance Identity Tokens

Mitigation

To mitigate an attack exploiting CVE-2023-4911, you should take the following steps:

  1. Patch the Vulnerability: Update the GNU C Library (glibc) to the latest version that includes a fix for CVE-2023-4911.
  2. Limit Access: Restrict local access to essential personnel and services, minimizing the number of users who can potentially exploit the vulnerability.
  3. Monitor for Suspicious Activity: Implement monitoring tools to detect unusual activity, such as unexpected changes to environment variables or unauthorized processes trying to gain elevated privileges.
  4. Harden Your Environment: Follow best practices for system hardening, such as disabling unnecessary services, closing open ports, and using tools like SELinux or AppArmor for enhanced security.
  5. Regular Security Audits: Conduct regular security audits to identify and remediate misconfigurations or unnecessary privileges that could be exploited.
  6. Use Security Tools: Employ security solutions such as intrusion detection systems, firewalls, and anti-malware tools that can detect and prevent exploitation attempts.
  7. Educate Staff: Train staff to recognize phishing attempts and other forms of social engineering that could lead to local access being compromised.
  8. Incident Response Plan: Have an incident response plan in place that includes procedures for dealing with suspected breaches, including how to contain and eradicate threats.
  9. Backup Regularly: Maintain regular backups of critical data to ensure that you can restore systems to a secure state if necessary.

By following these steps, you can significantly reduce the risk of exploitation and mitigate potential damage from attacks like those involving CVE-2023-4911.

Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: DEBIAN, Mastering Linux Security and Hardening, UBUNTU AND FEDRORA


Oct 09 2023

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

Category: Linux Security,Pen Testdisc7 @ 2:14 pm

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools.

It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEMincident responseintrusion detection and more should raise the profile of those defensive tools.

For now, Kali is primarily known for its roughly 600 open source pentesting tools, allowing pentesters to easily install a full range of offensive security tools.

In this article, we’ll focus primarily on how to use this powerful OS to run a pentest and mistakes to avoid. We’ll give you an overview of what can be achieved with Kali Linux using a short selection of pre-installed tools. While this guide serves as an introduction to common pentesting phases, with practical examples that highlight best practices, it’s not a substitution for a complete professional pentesting methodology.

Table of Contents

Kali Linux Hacking: A Complete Step by Step Guide to Learn the Fundamentals of Cyber Security, Hacking, and Penetration Testing. Includes Valuable Basic Networking Concepts.

Hacking with Kali Linux: A Step By Step Guide To Ethical Hacking, Hacking Tools, Protect Your Family And Business From Cyber Attacks Using The Basics Of Cybersecurity

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Kali Linux


Oct 05 2023

HACKING DEBIAN 12, 13, UBUNTU 22.04, 23.04 & FEDORA 37, 38 SERVERS USING A SINGLE VULNERABILITY

Category: Linux Securitydisc7 @ 9:21 am

The team at Qualys Threat Research Unit has unveiled a fresh vulnerability within the Linux operating system, allowing local attackers to escalate their access level to root privileges. This escalation is made possible by exploiting a buffer overflow weakness located in the GNU C Library’s ld.so dynamic loader. Assigned the identification CVE-2023-4911 and nicknamed “Looney Tunables,” this vulnerability is recognized as high-risk with a CVSS score of 7.8, signifying its high severity.

“Looney Tunables” allows bad actors to exploit a buffer overflow within the ld.so dynamic loader of the GNU C Library (glibc). This exploitation path provides local attackers with a mechanism to elevate their privileges to root level, thereby gaining unparalleled access and control over the system. Given that root privileges allow complete control over a system, attackers can execute a variety of malicious activities, from accessing sensitive information to altering system settings and functionalities, underscoring the critical nature of this security flaw.

The GNU C Library, or glibc, is fundamentally integral to the operation of a majority of systems based on the Linux kernel. This crucial library facilitates numerous system calls, from elementary functions like openmalloc, and printf to more complex ones such as exit, serving as the operational backbone for these systems. As such, glibc plays a pivotal role in the functionality and performance of Linux-based systems, making any vulnerability within this library particularly concerning for system administrators and users alike.

Within glibc, the ld.so dynamic loader is an element of paramount importance. This component is tasked with the significant responsibility of initializing and running programs on Linux systems that rely on glibc for their operation. Its role is crucial as it ensures the smooth execution of various applications and services on a Linux system, making it an indispensable part of the operating environment. Given its central function, any vulnerability within the ld.so dynamic loader is a matter of serious concern as it could potentially compromise the security and stability of a wide range of systems.

In light of the discovery of “Looney Tunables”, it is imperative for organizations and users utilizing Linux-based systems to acknowledge and address this security vulnerability swiftly to safeguard their systems against potential exploits. Immediate mitigation steps, including the application of security patches and updates, should be undertaken to protect systems from the risks associated with this high-severity vulnerability. Users and administrators should stay vigilant and monitor any security advisories and updates issued by the Linux community and cybersecurity experts to ensure timely and effective protection against this newly identified threat.

Furthermore, it would be prudent for organizations to adopt and enforce a set of security best practices. These might include the regular updating and patching of systems, the use of reliable security solutions, conducting cybersecurity awareness and training programs for employees, and implementing network segmentation strategies. These proactive measures can significantly enhance the security posture of an organization, providing robust defense mechanisms against “Looney Tunables” and other similar security threats that might emerge in the future.

The GNU C Library’s ld.so dynamic loader was found to include the security flaw, which exposed a crack in the armor. During the processing of the ‘GLIBC_TUNABLES’ environment variable, this security hole might manifest itself. To put it more simply, a hostile attacker on the local network who has some dexterity and cunning may insert text into the ‘GLIBC_TUNABLES’ environment variable. The attacker is able to execute code with dangerously high privileges if they do this while beginning binaries that have the SUID permission.

This vulnerability was discovered by the observant members of the Qualys Threat Research Unit. According to an investigation into the origin of the vulnerability, it was first discovered in April 2021, when glibc version 2.34 was being distributed. Ironically, the commit was made with the intention of improving security by correcting the behavior of SXID_ERASE in setuid applications.

It is important to keep in mind that attackers, even those with just the most basic privileges, are able to take advantage of this severe gap. since of their simplicity and since they don’t need any input from the user, these assaults are particularly alarming.

There is a solution available for those who are unable to update their software promptly and do not have the Secure Boot capability. A SystemTap script has been made available, and once it is enabled, it will immediately stop any setuid application that has been launched with the ‘GLIBC_TUNABLES’ environment variable present. To securely call the setuid program thereafter, one just has to unset or remove the ‘GLIBC_TUNABLES’ environment variable, for instance by executing the command ‘GLIBC_TUNABLES= sudo’.

According to Saeed Abbasi, who is the Product Manager at Qualys’ Threat Research Unit, “Our successful exploitation, leading to full root privileges on major distributions like Fedora, Ubuntu, and Debian, underscores the profound and ubiquitous nature of this vulnerability.”

While the Qualys team has indicated that they will not release its exploit code at this time, the inherent simplicity of transforming the buffer overflow into a data-only assault suggests that other research teams may soon take up the challenge.

Systems that are running Debian 12 and 13, Ubuntu 22.04 and 23.04, or Fedora 37 and 38 are vulnerable to the CVE-2023-4911 flaw and should be avoided at all costs. The extent of the possible harm might be enormous due to the widespread use of the glibc library in Linux’s many different distributions. Distributions such as Alpine Linux, which use the musl libc library instead of the glibc library, are given a little bit of wiggle room.

Linux Pocket Guide: Essential Commands

Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: 13, 23.04 & FEDORA 37, HACKING DEBIAN 12, UBUNTU 22.04


Aug 19 2023

10 Best Linux Distributions In 2023

Category: Linux Securitydisc7 @ 12:46 pm

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with a top 10 best Linux distros in 2023 for all professionals.

Hence Linux can be defined as the most rebellious among the three, as it’s flexible and customizable, including a bunch of various Best Linux distros designed by unique associations for various values.

Moreover, the Linux “core” (kernel) and most distros are free, which is a significant trading point for the OS when it is compared to Windows and macOS.

As there are several Linux distros are available for various situations. Even if you are behind an OS that is customized for desktops, workstations, laptops, servers, gaming, or A/V editing, there is a distro over there for everyone.

Hence, we are trying to summarize the most reliable and popular Linux distros accessible, each of which is customized for desktop use.

Therefore, you can install those Linux distros on a Chromebook, PC, or Mac as a substitute for your prevailing operating system, utilize both in a dual-boot scenario or in combination with one of the best practical tools out there. 

Well, if you want a Linux distro similar to Windows? Or do you like to apply commands rather than click? Or do you want something special on privacy? These and several other determinants will help you decide which would be the most suitable Linux distro for you.

Usually, the top Linux distros list is customized to meet users’ requirements. For example, Kali Linux is specifically created for digital forensics and penetration testing.

Hence, here in this article, we have selected the top 10 best Linux distros list, and we have updated this list from Popular Linux distro 2022.

What is Linux Distro?

As we have said before that Linux is flexible and customizable, which includes a bunch of unique features for different uses.

Moreover, we can also say that Linux is a house to nearly each programming language, and it is a Unix-like operating system

Hence, this open-source operating system is basically designed as per the Linux kernel and is usually collected in multiple Linux distributions.

Thus the Linux distributions, traditionally known as a distro, are operating systems that progressed from a software compilation based on the Linux kernel.

Various users use Linux by downloading one of the various Linux distros. Linux operating systems are most common to coders, programmers, and gamers. 

Thus, we can say that Linux is a worldly gift that has shaped our modern lives. In today’s world, we can’t imagine a particular moment outwardly technology.

DistroKey Features
UbuntuCompiz performance improvements.
Kernel 3.11
LibreOffice 4.12
CentOSExcellent documentation and support community.
Based on Debian.
Open stack interface.
DebianMorden branch of GnuPG
UEFI support improved
MariaDB is default
Linux MintSoftware manager
Automatic updates
Better file search in Nemo
Arch LinuxEasy installation
Great learning tool
TailsStream isolation
Onion circuit’s graphical frontend
Network manager
FedoraDynamic firewall
Better end-user software
Virtual desktop support
Elementary OSEasy image resizing
Keyboard shortcut cheat sheet
Bold use of color
Kali LinuxFull customization
Full disk encryption
Metapackages
MX LinuxOne-click enabling event sound.
Hibernation is now enabled by default.
Easy and flexible installation.

Therefore, Linux has produced the most significant innovations in the creation of modern technology. 

At first, Linux was not like the form it is; it has evolved a long way through varied crafting and drafting from an open-source friendly association.

Thus, without a doubt, we can say that Linux does not only appear with a delicate-looking desktop manager, but it also contributes a wide range of beneficial and productive sets of free and open-source software for performing all the basic and necessary needs of the users.

Now, without wasting much time, let’s explore the list below.

Best Linux Distros 2023

  • Ubuntu
  • CentOS
  • Debian
  • Linux Mint
  • Arch Linux
  • Tails
  • Fedora
  • Elementary OS
  • Kali Linux
  • MX Linux

Ubuntu 22.04 – 64Bit Linux Operating System – That Powers Millions of PCs and laptops Around The World

CISSP training course

InfoSec tools | InfoSec services | InfoSec books | Follow our blog

Tags: Linux Distributions


Jul 28 2023

VERSIONS OF UBUNTU PRIOR TO 23.04 CAN BE HACKED THANKS TO THESE 2 SEVERE SECURITY FLAWS

Category: Hacking,Linux Securitydisc7 @ 9:43 am

Two vulnerabilities in the Linux operating system Ubuntu have been found by researchers. Both of these vulnerabilities have the ability to offer attackers elevated privileges.There have been indications that a vulnerability that allows for an increase in privilege may be detected in the OverlayFS module of Ubuntu operating systems.

A Linux filesystem known as OverlayFS has seen significant adoption in the container industry. OverlayFS makes it possible to deploy dynamic filesystems while maintaining compatibility with pre-built images.

CVE-2023-23629

When invoking the ovl_do_setxattr function on Ubuntu kernels, the ovl_copy_up_meta_inode_data module has the potential to bypass permission checks. This vulnerability occurs as a result. This vulnerability has been assigned a CVSS score of 7.8, which is considered to be High.

CVE-2023-2640

There is a flaw in Ubuntu known as SAUCE: overlayfs bypass permission checks for trusted that leads to this vulnerability.overlayfs. * xattrs. * xattrs.

This vulnerability may be exploited by an attacker who does not have rights by establishing privileged extended attributes on the mounted files and then setting them on the other files without necessary checks being performed. This vulnerability has been assigned a CVSS score of 7.8, which is considered to be High.

The Ubuntu Patch from 2018 is in Conflict with the Linux Kernel Project from 2019 and 2022.

Since the OverlayFS module may be used by non-privileged users via user namespaces, it is a perfect candidate for local privilege escalation. In 2018, Ubuntu released patches that addressed these security flaws.

Despite this, researchers working for Wix discovered that the Linux Kernel Project released many new versions in the years 2019 and 2022.

There was a problem between the older patches and the most recent version as a direct consequence of the changes that were made to the OverlayFS module.

These exploits are already accessible to the public in their exploitable forms. It is strongly advised that anyone using Ubuntu versions earlier than 23.04 update to the most recent release in order to prevent these vulnerabilities from being exploited. On the other hand, the majority of cloud security providers (CSPs) have been using insecure versions of the Ubuntu Operating System as their default system.

Researchers believe that around forty percent of computers running Ubuntu might have been affected by the issue, making the anticipated scope a large one. According to Canonical, the business that is responsible for Ubuntu and also operates for profit, the desktop version of the software was installed more than 20 million times in 2017. Ubuntu has issued a security alert that addresses many vulnerabilities and gives credit to the researchers who discovered them.

Mastering Linux Security and Hardening: Protect your Linux systems from intruders, malware attacks, and other cyber threats

InfoSec books | InfoSec tools | InfoSec services

Tags: Mastering Linux Security and Hardening, UBUNTU


May 11 2023

EASILY GET ROOT USER PRIVILEGES IN LINUX 6.3.1 USING THIS VULNERABILITY VIA EXPLOIT CODE

Category: Linux Securitydisc7 @ 8:33 am

The Linux kernel is the most important part of the Linux operating system. It is in charge of managing system resources, delivering necessary services, and guaranteeing the general stability of the system. As a result, any vulnerability inside the kernel has the potential to have major implications, which might put the system’s overall security and integrity at risk. The Linux kernel has been found to include a major security flaw, which has been given the identifier CVE-2023-32233. This flaw makes it possible for locally authenticated users to gain additional rights while using the system. A locally authenticated attacker is able to get elevated privileges as root by submitting a specifically constructed request thanks to the vulnerability, which is caused by a use-after-free hole in Netfilter nf_tables while processing batch requests. The bug was caused by a use-after-free flaw. Linux has a subsystem known as netfilter nf_tables that is responsible for managing the setup of firewall rules. The problem is that Netfilter nf_tables is accepting some improper modifications to its configuration, which is causing the issue.

Security researchers Piotr Krysiuk and Piotr Krysiuk found the vulnerability and built an attack for it. The exploit makes it possible for local users without administrative privileges to launch a root shell by exploiting the problem. This attack was discussed in confidence with the Linux kernel security developers so that they may get assistance in developing a solution.

An adversary might take advantage of this vulnerability in a particular situation by constructing an erroneous batch request that includes actions that lead to a corruption of the internal state of Netfilter nf_tables. Because of this, the attacker is granted the ability to obtain root access to the system and further elevate their privileges.

The mainline kernel git repository now provides a patch that may be used to resolve the vulnerability that was discovered. Administrators and users of the system are strongly encouraged to deploy the patch as quickly as they can in order to prevent their systems from the possibility of being exploited.

Multiple versions of the Linux kernel, including the most recent stable release, Linux 6.3.1, have been used to successfully replicate the issue. If this vulnerability is not fixed, it may be used by hostile actors to obtain unauthorized access to the system with elevated privileges. As a result, sensitive data may be compromised, and serious disruption may occur.

Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks

 InfoSec tools | InfoSec services | InfoSec books

Tags: LINUX 6.3.1, Mastering Linux Security, ROOT USER PRIVILEGES


Mar 11 2023

Linux 101 Hacks

Category: Hacking,Linux Security,Security ToolsDISC @ 12:09 pm

Looking to enhance your Linux skills? Practical examples to build a strong foundation in Linux – credit: Ramesh Nararajan
*******************************************

Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Hacking, Hacking tool, Linux, OSINT


Feb 15 2023

10 Best Linux Distributions In 2023

Category: Linux SecurityDISC @ 9:28 am

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, simultaneously with Windows and macOS. Here we have provided you with a top 10 best Linux distros list 2023 for all professionals.

Hence Linux can be defined as the most rebellious among the three, as it’s flexible and customization, including a bunch of various Best Linux distros designed by unique associations for various values.

Moreover, the Linux “core” (kernel) and most distros are free, which is a significant trading point for the OS when it is compared to Windows and macOS.

As there are several Linux distros are available for various situations. Even if you are behind an OS that is customized for desktops, workstations, laptops, servers, gaming, or A/V editing, there is a distro over there for everyone.

Hence, we are trying to give you a summary of the most reliable and popular Linux distros accessible, each of which is customized for desktop use.

Therefore, you can install those Linux distros on a Chromebook, PC, or Mac as a substitute for your prevailing operating system, utilize both in a dual-boot scenario, or utilize them in combination with one of the best practical tools out there. 

Well, if you want a Linux distro similar to windows? Or do you like to apply commands rather than click? Or do you want something special on privacy? Each of these and several other determinants will conclude which would be the most suitable Linux Distros for you.

Usually, the top Linux distros list is customized to meet the requirements of users. For example, Kali Linux is specifically created for digital forensics and penetration testing. Hence, here in this article, we have selected the top 10 best Linux distros list and we have updated this list from Popular Linux distro 2022.

What is Linux Distro?

As we have said before that Linux is flexible and customizable, which includes a bunch of unique features for different uses.

Moreover, we can also say that Linux is a house to nearly each programming language, and it is a Unix-like operating system

Hence, this open-source operating system is basically designed as per the Linux kernel and is usually collected in multiple Linux distributions.

Thus the Linux distributions, traditionally known as a distro, are operating systems that progressed from a software compilation based on the Linux kernel.

Various users use Linux by downloading one of the various Linux distros. Linux operating systems are most common to coders, programmers, and gamers. 

Thus, we can say that Linux is a worldly gift that has formed our modern life. Well, in today’s world, we can’t imagine a particular moment outwardly technology.

DistroKey Features
UbuntuCompiz performance improvements.
Kernel 3.11
LibreOffice 4.12
CentOSExcellent documentation and support community.
Based on Debian.
Open stack interface.
DebianMorden branch of GnuPG
UEFI support improved
MariaDB is default
Linux MintSoftware manager
Automatic updates
Better file search file in Nemo
Arch LinuxEasy installation
Great learning tool
TailsStream isolation
Onion circuit’s graphical frontend
Network manager
FedoraDynamic firewall
Better end-user software
Virtual desktop support
Elementary OSEasy image resizing
Keyboard shortcuts cheat sheet
Bold use of color
Kali LinuxFull customization
Full disk encryption
Metapackages
MX LinuxOne-click enabling event sound.
Hibernation is now enabled by default.
Easy and flexible installation.

Therefore, Linux has produced the most significant and meaningful innovations in the creation of modern technology. 

At first, Linux was not like the form as now it is, it has evolved a long way through varied crafting and drafting from an open-source friendly association.

Thus, with no doubt, we can say that Linux does not only appear with a delicate-looking desktop manager, but it also contributes a wide range of beneficial and productive sets of free and open-source software for performing all the basic and necessary needs of the users.

Now without wasting much time, let’s get started and simply explore the whole list that we have mentioned below.

Best Linux Distros 2023

  • Ubuntu
  • CentOS
  • Debian
  • Linux Mint
  • Arch Linux
  • Tails
  • Fedora
  • Elementary OS
  • Kali Linux
  • MX Linux
Linux Distros

Linux for Beginners: A Practical and Comprehensive Guide to Learn Linux Operating System and Master Linux Command Line. Contains Self-Evaluation Tests to Verify Your Learning Level

Introduction to Linux

Previous posts on Linux Security

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Best Linux Distributions


Jan 20 2023

SUDO HAS A HIGH-SEVERITY VULNERABILITY THAT LOW-PRIVILEGE ATTACKERS MIGHT EXPLOIT TO GET ROOT ACCESS

Category: Linux Security,Security vulnerabilitiesDISC @ 9:47 am

Sudo is one of the most essential, powerful, and often used tools that comes as a core command pre-installed on macOS and practically every other UNIX or Linux-based operating system. It is also one of the programs that comes pre-installed as a core command. A system administrator has the ability to delegate authority to certain users or groups of users through the use of the sudo (su “do”) command, which provides an audit trail of the commands that were executed and the arguments that were passed to those commands. This allows the administrator to give certain users or groups of users the ability to run some or all commands as root or another user.

A new sudo vulnerability was found. It was on sudoedit (sudo -e) flaw. With it, attackers can edit arbitrary files, and therefore machines were at the risk of the pwned and having information steeled.

Researchers Matthieu Barjole and Victor Cutillas of Synacktiv uncovered the weakness, which was given the identifier CVE-2023-22809, in the sudoedit function for Linux. This vulnerability might enable a malicious user with sudoedit access to edit arbitrary files on a system running Linux.

In order to give its users with the ability to pick the editor of their choosing, Sudo makes use of environment variables that are supplied by the user. The contents of these variables provide additional information to the command that is ultimately sent to the sudo edit() function. The latter, on the other hand, is dependent on the existence of the — argument in order to establish the list of files that need to be edited. This list may be changed by the insertion of an additional — argument into one of the approved environment variables, which can then lead to a privilege escalation through the modification of any other file with the rights of the RunAs user. This problem appears after the sudoers policy validation has been completed.
Versions of sudo that came out before 1.8.0 built the argument vector in a different way and are not impacted by this issue. It is strongly suggested that users get their systems up to date with the most recent version.

Checkout our previous posts on topic of Linux Security

InfoSec books | InfoSec tools | InfoSec services

Tags: SUDO vulnerability


Jan 16 2023

A NEW PRIVILEGE ESCALATION VULNERABILITY IN THE LINUX KERNEL, ENABLES A LOCAL ATTACKER TO EXECUTE MALWARE ON VULNERABLE SYSTEMS

Category: Linux SecurityDISC @ 11:51 pm

A new privilege escalation vulnerability has been identified in the Linux kernel by researcher Davide Ornaghi. This vulnerability might enable a local attacker to execute code on vulnerable computers with elevated rights if the kernel is installed on those systems. Additionally, Davide published the proof-of-concept and the write-up. The vulnerability, which has been assigned the tracking number CVE-2023-0179, is a stack-based buffer overflow that exists in the Netfilter subsystem. An authorized attacker might exploit this issue to get elevated privileges as root if the attacker executed a program that had been carefully written for the purpose.

The Linux kernel has a framework known as netfilter that enables a variety of networking-related actions to be performed in the form of individualized handlers. This may be accomplished by filtering incoming network packets. Netfilter provides the functionality necessary for directing packets through a network and preventing packets from reaching sensitive locations within a network by offering a variety of functions and operations for packet filtering, network address translation, and port translation. [1] These features allow Netfilter to provide the functionality required for directing packets through a network.

Linux Basics: The Command Line Interface

latest Linux security Titles

Tags: PRIVILEGE ESCALATION VULNERABILITY


Jan 03 2023

Kali Linux: What’s next for the popular pentesting distro?

Category: Linux Security,Pen TestDISC @ 2:18 pm

If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it.

We talked to Jim O’Gorman, Chief Content and Strategy Officer at Offensive Security (OffSec), about the direction in which the development of the open-source distro is headed.

[The answers have been edited for clarity.]

Kali Linux keeps growing and improving. How much does user feedback influence where you want to go next? What do users want the most?

Two questions drive Kali’s development:

1. What needs to be done to ensure that Kali Linux is the best possible platform for professional and hobbyist information security work?
2. What needs to be done to ensure that Kali is the best possible platform for information security training?

There is a lot of overlap between those two questions, but realistically they are separate and distinct items. However, by getting them both right on a single platform, we create an environment where people can train, study, and learn, but also use the same platform for real-world efforts. In essence, it means that you train like you fight.

The answer to the first question is driven by input from the Kali and OffSec teams. As infosec professionals ourselves, what are the things we run into on a day-to-day basis and how do we make our life easier by ensuring the toolset is of the highest quality possible? We also work closely with OffSec’s pentesting team.

We also listen to input from other Kali users. Kali is a totally open-source project and anyone and everyone can pitch in and contribute. And they do! If you wish a tool to be included in Kali, package it and submit it! If you wish a configuration worked a certain way out of the box, modify the package and submit the change. It’s very direct and easy to do, and it is in our documentation. Anyone – regardless of their background – can play a part.

The second way users influence development is through bug reports, feature requests, and conversations on OffSec’s Discord and other social media. The Kali team is out there as part of the infosec community – talk to us and let us know what you are seeing. Also, when possible, we will set up private conversations with large organizations that use Kali to get a feel for their unique needs.

The answer the second question – How to make Kali the best possible platform for training? – we work very closely with the OffSec content development team to find out what tools they are using for training, what sort of default environment works best for learners, and what we can do in Kali to support general education efforts.

Surprisingly, even though Kali is built for advanced information security work, it is often the first Linux many users ever use. So we are careful with the design of Kali to ensure that it is approachable. We want to ensure that you don’t have to be a Linux professional to utilize Kali successfully in OffSec courses.

What’s your vision for Kali Linux in the next 12 months? What areas need polishing?

The changing of attack techniques over time does not impact Kali as much as you might think, as techniques are more often than not implemented in tools and scripts. While the tools and scripts change, Kali Linux as a platform to launch them does not have to change much. The closest item to this is expanding Kali to run everywhere. Our goal is to put the Kali toolset as close as possible to you no matter where you are.

Kali installed on bare metal, Kali in a VM, Kali in containers (Docker & LXC), Kali on WSL, Kali on various ARM devices such as Raspberry Pi, Kali in a cloud instance such as AWS and Azure, Kali on your Android phone or tablet – we even have Kali running on a watch! No matter where you are or what your needs are, we want Kali to be easy to access and run.

Kali is primarily gered towards pentesting and red teaming, but we are looking at expanding into other areas of information security as well.

Kali Linux comes with a myriad of tools. What’s the process for including or removing a piece of software? What tools are used the most?

What tools run in Kali is really a matter of input from the team, community, and OffSec. Our goal is to have the most frequently used and important tools installed and working out of the box. Other common tools are installed quickly and easily with a single command.

We add new tools based on the answers to a number of questions: What functionality does the tool provide and is it unique or different enough from functionalities of other tools? Is the tool going to be maintained and updated over a reasonable period of time? How functional is the tool? It is a wrapper for another tool? Does the developer have a positive reputation?

If a tool stops being updated and stops working, we’ll try to work with the author. If they are unresponsive and the effort of maintaining the tool becomes too complex, we document this and then often remove it.

We get a lot of input from the OffSec pentesting team on what tools they are using in the field today, as well as the OffSec content developers on what tools are being used as part of the courseware. The idea is to have all the tools used in OffSec coursework out of the box to keep things easy for students.

Do major software development trends influence your approach to enhancing Kali Linux? How do you prioritize features?

When prioritizing features, we look at what is needed at the current time. We release Kali in quarterly updates so that dictates our development cycle. Each cycle we look at what is happening in the industry, where the gaps are, and determine what to prioritize.

On this front, there is a lot to balance. Everything from the distribution of Kali, installation, user experience, tools, stability, so on and so forth. It’s a full operating system and a small team so we have to pick and choose what goes into it, we can’t do everything each cycle. Again, input from the community and OffSec sets the priorities.

There’s been a lot of buzz around AI lately. Do you expect AI to play a role in future Kali Linux versions?

As Kali is a base OS, not right now. For tools that run in Kali, perhaps in time. As soon as the tools are there we will add them into Kali if they are any good. But there are also always fad trends so we tend not to get over-excited about them until they start to actually deliver results.

We have seen demonstrations of tools being developed with some of the PoC which have been creating some buzz, but as they are not ready to be released we are a ways off from this yet.

Kali Linux 2022.4 released | OpenSourceFeed


5 Kali Linux tools you should learn how to use

5 Kali Linux books you should read this year

New Book: Advanced Security Testing with Kali Linux!

Infosec books | InfoSec tools | InfoSec services

Tags: Kali Linux


Dec 27 2022

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Category: Linux SecurityDISC @ 11:17 am

Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news.

The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably best known for buying up zero-day security bugs via the popular Pwn2Own competitions, where bug-bounty hunting teams compete live on stage for potentially large cash prizes.

In return for sponsoring the prize money, the vendors of products ranging from operating systems and browsers to networked printers and internet routers hope to buy up brand new security flaws, so they can fix the holes responsibly. (To collect their prizes, participants have to provide a proper write-up, and agree not to share any information about the flaw until the vendor has had a fair chance to fix it.)

But ZDI doesn’t just deal in competitive bug hunting in its twice-a-year contests, so it also regularly puts out vulnerability notices for zero-days that were disclosed in more conventional ways, like this one, entitled Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability.

Serving Windows computers via Linux

SMB is short for server message block, and it’s the protocol that underpins Windows networking, so almost any Linux server that provides network services to Windows computers will be running software to support SMB.

As you can therefore imagine, SMB-related security bugs, especially ones that can be exploited over the network without the attacker needing to logon first, as is the case here, are potentially serious issues for most large corporate networks.

SMB support is also generally needed in home and small-business NAS (network attached storage) devices, which generally run Linux internally, and provide easy-to-use, plug-it-in-and-go file server features for small networks.

No need to learn Linux yourself, or to set up a full-blown server, or to learn how to configure Linux networking – just plug-and-play with the NAS device, which has SMB support built-in and ready to go for you.

Why the holiday timing?

In this case, the bug wasn’t deliberately disclosed on the night before the night before the night before Christmas in a not-so-ho-ho-ho bid to spoil your festive season by freaking you out.

And it wasn’t reported just before the weekend in a bid to bury bad PR by hoping you’d be vacation-minded enough either to miss the story completely or to shrug it off until the New Year.

The good news is that, as usually happens under the umbrella of responsible disclosure, the date for ZDI’s report was agreeed in advance, presumably when the flaw was disclosed, thus giving the Linux kernel team sufficient time to fix the problem properly, while nevertheless not allowing them to put the issue off indefinitely.

In this case, the bug report is listed as having happened on 2022-07-26, and what ZDI refers to as the “co-ordinated public release of [the] advisory” was set for 2022-12-22, which turns out to be exactly 150 days, if you count old-school style and include the full day at each end.

So, even though this bug has had some dramatic coverage over the holiday weekend, given that it was a remote code execution (RCE) hole in the Linux kernel itself, and came with a so-called CVSS score of 10/10, considered Critical

…it was patched in the Linux source code within just two days of disclosure, and the fix was accepted and packaged into the official Linux kernel source code in time for the release of Linux 5.15.61, back on 2022-08-17, just 23 days after the report first came in.

In other words, if you’ve updated your Linux kernel any time since then, you’re already safe, no matter what kernel compilation settings you or your distro used. (This includes 24 subsequent updates to the kernel 5.15 series, now at 5.15.85, along with any versions of kernel 6.0, kernel 6.1 and the still-in-candidate-stage kernel 6.2, all of which had their first releases after August 2022.)

Probably not the SMB software you suspect

Also, although it sounds at first glance as though this bug will inevitably affect any Linux server or device supporting Windows networking, that’s not true either.

Most sysadmins, and in our experience most NAS programmers, provide Windows SMB supprt via a long-running and well-respected open source toolkit called Samba, where the name Samba is simply the closest pronounceable word that the original developer, open-source luminary Andrew “Tridge” Tridgell OAM, could find to represent the abbreviation SMB.

Anyone who has used Samba will know that the software runs as a regular application, in what’s known as user space, in other words, without needing its own code running inside the kernel, where even modest bugs could have dangerous repercussions.

Indeed, the main Samba program file is called smbd, where the trailing -D is a typical Unixism standing for daemon, or background process – what Windows admins would call a service.

This bug, as you can see from the ZDI report, is in a kernel module called ksmbd, where the -D denotes a background service, the -SMB- denotes Windows networking support, and the K- means runs in kernel space, i.e. right inside the kernel itself.

At this point, you’re probably asking yourself, “Why bury the complexity of supporting SMB right into the kernel, given that we’ve already got a reliable and well-respected user-space product in the form of Samba, and given that the risks are much greater?”

Why, indeed?

As so often, there seem to be two main reasons: [A] because we can! and [B] because performance.

By pushing what are typically high-level software features down into the kernel, you can often improve performance, though you almost always pay the price of a corresponding, and possibly considerable, decrease in safety and security.

What to do?

  • Check if you have a Linux kernel based on any release on or after 5.15.61 (dated 2022-08-17). If so, this bug is fixed in the source code. No matter what kernel compilation options you (or your distro maker) choose, the bug can’t and won’t exist on your system.
  • Check if your Linux kernel build even includes ksmbd. Most popular distros neither compile it in, nor build it as a module, so you can’t load it or activate it, even by mistake.
  • Check with your vendor if you are using an applicance such as a NAS box or other device that supports connections from Windows computers. Chances are that your NAS device won’t be using ksmbd, even if it still has a kernel version that is vulnerable in theory.
  • If you’re using ksmbd out of choice, consider re-evaluating your risk. Make sure you measure the true increase in performance you’ve achieved, and decide whether the payoff is really worth it.

COMMANDS YOU CAN USE TO CHECK YOUR EXPOSURE

Any Linux from 5.15.61 on, or any 6.x, is already patched. 
To check your Linux version:

  $ uname -o -r
  6.1.1 GNU/Linux     
To see if this kernel feature is compiled in, you can dump the 
compile-time configuration of the running kernel:

  $ zcat /proc/config.gz | grep SMB_SERVER
  # CONFIG_SMB_SERVER is not set

If this compile-time configuration setting is unset, or set to 
"n" for no, the feature wasn't built at all.

If it says "y" for yes, then the kernel SMB server is compiled 
right into your kernel, so ensure you have a patched version.

If it says "m" for module, then the kernel build probably 
includes a run-time module that can be loaded on demand.
To see if your kernel has a loadable module available:

  $ /sbin/modprobe --show ksmbd
  modprobe: FATAL: Module ksmbd not found in directory /lib/modules/6.1.1

Note that "--show" means "do not actually do it, just show 
if loading it would actually work or not".
To see if your system has the ksmbd module already active:

  $ lsmod | grep ksmbd

If you see no output, the module wasn’t matched in the list.

To stop the module loading in case it ever shows up, add a 
file with a name such as ksmbd.conf to the directory 
/lib/modules.d or /etc/modules.d with this line in it:

  blacklist ksmbd

Mastering Linux Security and Hardening: Protect your Linux systems from intruders, malware attacks, and other cyber threats

Infosec books | InfoSec tools | InfoSec services

Tags: Linux Security, Mastering Linux Security and Hardening


Dec 05 2022

A New Linux Flaw Lets Attackers Gain Full Root Privilege

Category: Linux SecurityDISC @ 10:41 am

The Threat Research Unit at Qualys’ has revealed how a new Linux flaw tracked as (CVE-2022-3328),  may be combined with two other, seemingly insignificant flaws to gain full root rights on a compromised system.

The Linux snap-confine function, a SUID-root program installed by default on Ubuntu, is where the vulnerability is located.

The snap-confine program is used internally by snapd to construct the execution environment for snap applications, an internal tool for confining snappy applications.

Linux Flaw Let Attackers Gain Full Root Privilege

The newly discovered flaw, tracked as CVE-2022-3328, is a race condition in Snapd, a Canonical-developed tool used for the Snap software packaging and deployment system. 

The issue specifically affects the ‘snap-confine’ tool that Snapd uses to build the environment in which Snap applications are executed.

“In February 2022, Qualys Threat Research Unit (TRU) published CVE-2021-44731 in our “Lemmings” advisory. The vulnerability (CVE-2022-3328) was introduced in February 2022 by the patch for CVE-2021-44731).” reads the post published by Qualys.

“The Qualys Threat Research Unit (TRU) exploited this bug in Ubuntu Server by combining it with two vulnerabilities in multipathd called Leeloo Multipath (an authorization bypass and a symlink attack, CVE-2022-41974, and CVE-2022-41973), to obtain full root privileges”.

The CVE-2022-3328 weakness was chained by the researchers to two other flaws in Multipathd, a daemon responsible for looking for failed paths. Particularly, in several distributions’ default installations, including Ubuntu, Multipathd runs as root.

Two Vulnerabilities Impact Multipathd

The device-mapper-multipath, when used alone or in conjunction with CVE-2022-41973, enables local users to gain root access. 

In this case, the access controls can be evaded and the multipath configuration can be changed by local users who have the ability to write to UNIX domain sockets.

This problem arises because using arithmetic ADD rather than bitwise OR causes a keyword to be incorrectly handled when repeated by an attacker. Local privilege escalation to root may result from this.

Together with CVE-2022-41974, the device-mapper-multipath enables local users to get root access. Further, due to improper symlink handling, local users with access to /dev/shm can modify symlinks in multipathd, which could result in controlled file writes outside of the /dev/shm directory. Hence, this could be used indirectly to elevate local privileges to the root.

Notably, any unprivileged user might get root access to a vulnerable device by chaining the Snapd vulnerability with the two Multipathd vulnerabilities.

“Qualys security researchers have verified the vulnerability, developed an exploit, and obtained full root privileges on default installations of Ubuntu,” Qualys said.

On Ubuntu default installations, Qualys security researchers have confirmed the vulnerability, developed an exploit and got full root access.

Although the vulnerability cannot be used remotely, the cybersecurity company issues a warning that it is unsafe because it can be used by an unprivileged user.

Linux Flaw Let Attackers Gain Full Root Privilege

Mastering Linux Security and Hardening

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Follow DISC #InfoSec blog

Ask DISC an InfoSec & compliance related question

 

Tags: Linux Flaw, Mastering Linux Security and Hardening, Root Privilege


Nov 16 2022

5 Kali Linux tools you should learn how to use

Category: Linux SecurityDISC @ 11:03 am

Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing.

Kali Linux also comes with several hundred specialized tools for carrying out penetration testing, security research, computer forensics, reverse engineering, vulnerability management, and red team testing. Here are 5 you should learn how to use.

Aircrack-ng

Aircrack-ng is a complete suite of tools to assess Wi-Fi network security, focusing on:

  • Monitoring: Packet capture and export of data to text files for further processing by third-party tools
  • Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
  • Testing: Checking WiFi cards and driver capabilities (capture and injection)
  • Cracking: WEP and WPA PSK (WPA 1 and 2)
Aircrack-ng

John the Ripper

John the Ripper is an open-source password security auditing and password recovery tool. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in “-jumbo” versions.

Kali Linux tools

Lynis

Lynis performs an extensive health scan of your systems to support system hardening and compliance testing. Lynis is open-source and flexible, and used for several different purposes. Typical use cases include:

  • Security auditing
  • Compliance testing (e.g. PCI, HIPAA, SOx)
  • Penetration testing
  • Vulnerability detection
  • System hardening
Kali Linux tools

Metasploit

Metasploit is the world’s most used penetration testing framework. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

For more information about the past, present and future of Metasploit, watch our video with Spencer McIntyre, Lead Security Researcher at Rapid7.

Metasploit

Nmap

Nmap is a free and open-source utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Kali Linux tools

More Kali Linux content to check out:

Checkout our previous posts on Linux Security

Kali Linux tools

Tags: Kali Linux


Oct 12 2022

5 Kali Linux books you should read this year

Category: Hacking,Linux SecurityDISC @ 1:36 pm

Kali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering.

Here is a selection of books for different experience levels, you can either start from scratch or get advanced tips – there’s something for everyone.

Advanced Security Testing with Kali Linux

Independently published / Author: Daniel Dieterle

Kali Linux books

This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like:

  • The MITRE ATT@CK Framework
  • Command & Control (C2) frameworks
  • In-depth network scanning
  • Web app pentesting
  • Advanced techniques like “Living off the Land”
  • AV bypass tools
  • Using IoT devices in security

Kali Linux Penetration Testing Bible

Wiley / Author: Gus Khawaja

Kali Linux books

This book is the hands-on and methodology guide for pentesting with Kali Linux. You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.

  • Build a modern dockerized environment
  • Discover the fundamentals of the bash language in Linux
  • Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
  • Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
  • Apply practical and efficient pentesting workflows
  • Learn about Modern Web Application Security Secure SDLC
  • Automate your penetration testing with Python

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

No Starch Press / Author: OccupyTheWeb

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you’ll learn the basics of using the Linux operating system and acquire the tools and techniques you’ll need to take control of a Linux environment.

First, you’ll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you’ll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You’ll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to:

  • Cover your tracks by changing your network information and manipulating the rsyslog logging utility
  • Write a tool to scan for network connections, and connect and listen to wireless networks
  • Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email
  • Write a bash script to scan open ports for potential targets
  • Use and abuse services like MySQL, Apache web server, and OpenSSH
  • Build your own hacking tools, such as a remote video spy camera and a password cracker

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

Packt Publishing / Author: Vijay Kumar Velu

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

In this book you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You’ll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances.

This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

For more information about this book, we have a video with the author you can watch here.

The Ultimate Kali Linux Book – 2nd Edition

Packt Publishing / Author: Glen D. Singh

Kali Linux books

This is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts.

Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks.

Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.

Tags: Kali Linux books


Sep 30 2022

Parrot Security OS 5.1 Release

Category: Linux SecurityDISC @ 8:30 am

Parrot 5.1 – What’s New?

Parrot created the latest release of the operating system to ensure it was as stable and adaptable as possible. There are a number of factors that have contributed to the success of this project.

https://twitter.com/ParrotSec/status/1575519347430543360?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1575519347430543360%7Ctwgr%5Eb4ff9b14e2b445fb0b87f6f3431d3db2784b50b1%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fgbhackers.com%2Fparrot-5-1%2F

Here below we have mentioned all the new additions:-

  • New kernel 5.18
  • Updated docker containers
  • Updated backports
  • System updates
  • Firefox profile overhault
  • Major updates for tools
  • New AnonSurf 4.0
  • Parrot IoT improvements
  • Architect Edition improvements
  • New infrastructure powered by Parrot and Kubernetes

How to Download or Update?

The Parrot OS 5.1 can be downloaded by clicking on the following link. In order to keep users safe, ParrotSec always recommends to users that third-party sources should never be trusted.

You can also use the official torrent files for these downloads if the direct downloads are not working for you. As in most cases, the firewall and network restrictions can be circumvented by doing so.

If you are already using any older version of Parrot OS then you can update to the latest version and to do so you have to follow a few commands that we have mentioned below:-

sudo parrot-upgrade

or

sudo apt update && sudo apt full-upgrade

Parrot Security OS 5.1

EZITSOL 32GB 9-in-1 Linux Bootable USB 

Tags: Parrot Security OS 5.1


Sep 15 2022

5 Kali Linux books you should read this year

Advanced Security Testing with Kali Linux

Independently published / Author: Daniel Dieterle

Kali Linux books

This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like:

  • The MITRE ATT@CK Framework
  • Command & Control (C2) frameworks
  • In-depth network scanning
  • Web app pentesting
  • Advanced techniques like “Living off the Land”
  • AV bypass tools
  • Using IoT devices in security

Kali Linux Penetration Testing Bible

Wiley / Author: Gus Khawaja

Kali Linux books

This book is the hands-on and methodology guide for pentesting with Kali Linux. You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.

  • Build a modern dockerized environment
  • Discover the fundamentals of the bash language in Linux
  • Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
  • Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
  • Apply practical and efficient pentesting workflows
  • Learn about Modern Web Application Security Secure SDLC
  • Automate your penetration testing with Python

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

No Starch Press / Author: OccupyTheWeb

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you’ll learn the basics of using the Linux operating system and acquire the tools and techniques you’ll need to take control of a Linux environment.

First, you’ll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you’ll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You’ll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to:

  • Cover your tracks by changing your network information and manipulating the rsyslog logging utility
  • Write a tool to scan for network connections, and connect and listen to wireless networks
  • Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email
  • Write a bash script to scan open ports for potential targets
  • Use and abuse services like MySQL, Apache web server, and OpenSSH
  • Build your own hacking tools, such as a remote video spy camera and a password cracker

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

Packt Publishing / Author: Vijay Kumar Velu

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

In this book you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You’ll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances.

This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

For more information about this book, we have a video with the author you can watch here.

The Ultimate Kali Linux Book – 2nd Edition

Packt Publishing / Author: Glen D. Singh

Kali Linux books

This is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts.

Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks.

Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.

Hacking Handbooks

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Follow DISC #InfoSec blog

Ask DISC an InfoSec & compliance related question

Tags: Kali Linux, Kali Linux books


Next Page »