RemoteRoot » Security

The lighter side of every problem…Debian OpenSSL

Joe — Sun, 18 May 2008 17:48:26 +0000

In the aftermath of the Debian SSH Keys issue, at least there’s a lighter side…

There’s some good analysis, predictable PRNG toys and more funny pictures from HD Moore.

Metasploit Auxiliary Simple HTTP Get and Post

Joe — Thu, 28 Feb 2008 22:33:07 +0000

This auxiliary module for Metasploit does a simple HTTP GET or POST and returns the result, be it a file and error – whatever!

Get it here: Metasploit Simple HTTP

Rename the file to .rb and install in the aux directory of your Metasploit installation.

If you need a PUT example, Carnal0wnage has a good module on his blog.

Paros User-Agent Removal

Joe — Thu, 28 Feb 2008 20:10:00 +0000

Paros is a great little tool, however it can leave traces of its use due to an altered User-Agent header. (Adding Paros/x.x.x at the end of the UA, where x is the version). This can lead to problems some of which, including this fix, are detailed at Security Ripcord and Armor.

To remove this download the source and edit line 80 of Constant.java from

public static final String USER_AGENT = PROGRAM_NAME + "/" + PROGRAM_VERSION;

public static final String USER_AGENT = "";

and recompile.

This should remove the obvious traces!