Security – perfect-co.de

“Write anywhere” vulnerability in Parallels Confixx

October 10, 2012

Linux, Security, Vulnerability

A proof of concept of a vulnerability in Parallels Confixx 3.3.9 (latest and final version) allowing an attacker to gain full write access (as root) to a UNIX server operating said hosting software.

(more…)

Worst “trojan” ever

December 6, 2011

PHP, PHP related, PHP Security, Security

While idly browsing [pastebin][1] (yes, sometimes I do that), I found [something interesting][2]. It’s some mildly obfuscated PHP scripted malware. Curious what it might do, I started reverse engineering it and found what must be the *worst coded trojan **ever.***

[1]: http://pastebin.com/
[2]: http://pastebin.com/7HU17uqA

(more…)

Apache Range header vulnerability script

August 25, 2011

Linux, Security

I wrote an upgraded variant of the Apache killer script propagated on [Full Disclosure][1] capable of HTTPS requests. Also, other than its descendant, it can follow a server’s initial response for redirection which the original script interprets as the server not being vulnerable.

Script is available here: [Download not found]

*This script merely __checks__ for vulnarabilities but will __not__ exploit them.*

[1]: http://seclists.org/fulldisclosure/2011/Aug/175

SSH authentication using a client certificate

July 11, 2011

Debian, Linux, Security

Strong passwords are a necessity when it comes to securing almost anything.
This article shows how you can go that extra mile to securing access to an OpenSSH enabled server using not passwords but by flashing a badge…

(more…)