Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
541
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
21
10
2007
Alle die schonmal unter Gentoo die Modul-Namen in der Datei /etc/modules.autoload.d/kernel-2.6 eintragen mussten, wissen wie unangenehm diese Aufgabe sein kann, wenn es viele Module gibt die einzutragen sind.
Um sich hier die Arbeit zu erleichtern, habe ich ein kleines Shell-Script geschrieben, welches mit Hilfe der BASH oder der Korn Shell einem hier diese lästige Arbeit abnimmt:
root@gentoo:~ # vi /sbin/gmc
# !/bin/bash
# Copyright 2006-2007 RemoteShell-Security.com
# Distributed under the terms of the GNU General Public License v2
# title: gmc
mf=/etc/modules.autoload.d/kernel-2.6
#clear
rm -rf $mf
rm -rf /tmp/gmc 2>/dev/null
#file header:
echo '# /etc/modules.autoload.d/kernel-2.6: kernel modules to load when system boots.'>${mf}
if [ $1 ]
then
kpath=$1
find /lib/modules/${kpath}/ -type f -iname '*.o' -or -iname '*.ko' >/tmp/gmc
while read var; do
tn=${var##*/}
echo ${tn%.ko} >>${mf}
done < /tmp/gmc
else
echo "usage: gmc <name of current kernel version>"
fi
rm -rf /tmp/gmc 2>/dev/null
Die Benutzung des Scripts ist auch realtiv einfach. Das Script erwartet beim Aufruf nur als Parameter den Namen der Kernel Version aus welcher man die Module laden möchte.
Weiß man den Namen nicht auswendig, so schaut man einfach unter /lib/modules/ nach. Es sei noch darauf hingewiesen, das für Ausführung in der Regel Root-Rechte benötigt werden.
Kommentare :
Noch keine Kommentare »
Kategorien : Programmierung
Trackbacks :
Keine Trackbacks »
18
04
2007
Java Applets sind eine tolle Sache. Sie ermöglichen einem die aller unterschiedlichsten Applikationen direkt vom Webbrowser aus zu starten.
Doch dies hat auch Kehrseiten. Was würde passieren wenn die geöffnete Applikation sich versucht mit einem Host zu verbinden und diesem eine Remoteshell offeriert.
Oder gehen wir einen Schritt weiter, was würde passieren wenn lokaler Schadcode ausgeführt wird?
Natürlich haben die Entwickler von SUN vorgesorgt und erlauben Java Applets per
default keine lokalen Anwendungen aufzurufen oder sonstige Befehle am System abzusetzen.
Dennoch benötigen einige Entwickler für Ihre Applikationen genau diese Fähigkeit. Daher gibt es die Möglichkeit mittels Zertifikat seine Applikation zu signieren und bei akzeptieren des Zertifikats, ist auch das Starten von lokalen Applikationen kein Problem mehr.
Nun wo liegt hier das Problem?
Ganz einfach.
Ein Angreifer könnte mit geschickten Social Engineering Techniken einen unerfahrenen User dazu bewegen diesem Zertifikat zuzustimmen und dann seinen Schadcode, im Hintergrund ohne das der Benutzer es mitbekommt, ausführen lassen.
Blacklotus (Thomas Schneider) und ich haben unter
http://www.remoteshell-security.com/poc/javapoc.html ein kleines Proof-of-Concept geschrieben, welches unter Windows den Befehl dir im Wurzelverzeichnis ausführt und diese dem lokalen Host schickt.
Unter
http://remoteshell-security.com/poc/jrspoc.html ist dann noch eine Remoteshell bzw. eine Reverse Shell als Java Applet die sich mit einem Ziel Socket verbindet.
Nachtrag:Das die Sache nicht neu ist, habe ich mir schon gedacht, aber anscheinend ist die Sache schon seit langen bekannt:
http://www.bsi.de/fachthem/sinet/gefahr/aktiveinhalte/definitionen/appletsgefahren.htm
Kommentare :
Noch keine Kommentare »
Kategorien : Programmierung
Trackbacks :
Keine Trackbacks »
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
560
Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in
/www/htdocs/w0072ee3/blog/include/db/mysql.inc.php on line
270
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_config.inc.php on line
506
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::enum_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
951
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_s9ymarkup::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php on line
146
Strict Standards: Declaration of serendipity_event_s9ymarkup::uninstall() should be compatible with serendipity_plugin::uninstall(&$propbag) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php on line
146
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_emoticate::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_emoticate/serendipity_event_emoticate.php on line
204
Strict Standards: Declaration of serendipity_event_emoticate::uninstall() should be compatible with serendipity_plugin::uninstall(&$propbag) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_emoticate/serendipity_event_emoticate.php on line
204
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_nl2br::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_nl2br/serendipity_event_nl2br.php on line
162
Strict Standards: Declaration of serendipity_event_nl2br::uninstall() should be compatible with serendipity_plugin::uninstall(&$propbag) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_nl2br/serendipity_event_nl2br.php on line
162
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_browsercompatibility::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php on line
80
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line
469
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line
494
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line
538
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line
902
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_statistics::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_statistics/serendipity_event_statistics.php on line
1015
Strict Standards: Declaration of serendipity_event_statistics::uninstall() should be compatible with serendipity_plugin::uninstall(&$propbag) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_statistics/serendipity_event_statistics.php on line
1015
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line
400
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line
444
Strict Standards: Declaration of serendipity_event_spartacus::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line
1183
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_config.inc.php on line
506
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/serendipity_config.inc.php on line
399
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/genpage.inc.php on line
31
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::count_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/genpage.inc.php on line
34
Strict Standards: Non-static method serendipity_plugin_api::count_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/genpage.inc.php on line
35
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
355
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
464
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
943
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
1026
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
1094
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
1026
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
1094
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Only variables should be assigned by reference in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
73
Strict Standards: Only variables should be assigned by reference in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
73
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
541
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
