Come limitare gli utenti ssh ad un singolo comando

Introduzione Oggi mi sono trovato nella necessità di dover utilizzare un utente, tramite protocollo ssh, per eseguire un singolo e semplice comando da remoto verso un server linux. Per ragioni di sicurezza mi sono chiesto se esistesse la possibilità di limitare tale utenza all’esecuzione di un unico programma, senza ricorrere a jail (chroot) o shell “castrate” di terze parti. Googolando e leggendo il man di ssh ho scoperto una soluzione facile e carina:...

April 27, 2015 · 5 min · claudio

How to install Faraday Community Edition on BackBox Linux 3

Tested on: Faraday Community Edition BackBox Linux 3.x x86_64 Download Faraday claudio@backbox3:~$ wget https://github.com/infobyte/faraday/archive/master.zip Install requirements claudio@backbox3:~$ sudo pip install psycopg2 Downloading/unpacking psycopg2 Running setup.py egg_info for package psycopg2 Installing collected packages: psycopg2 Running setup.py install for psycopg2 Successfully installed psycopg2 Cleaning up... claudio@backbox3:~$ Modify installation script claudio@backbox3:~$ unzip master.zip claudio@backbox3:~$ cd faraday-master/ claudio@backbox3:~/faraday-master$ ls apis AUTHORS config data deps exporters faraday.py gui install....

October 11, 2014 · 2 min · claudio

IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit

[claudio@localhost ~]$ python ipfire_cgi_shellshock.py ___ _______ _______ __ _______ __ | | _ | _ |__.----.-----. | _ .-----|__| |. |. 1 |. 1___| | _| -__| |. 1___| _ | | |. |. ____|. __) |__|__| |_____| |. |___|___ |__| |: |: | |: | |: 1 |_____| |::.|::.| |::.| |::.. . | `---`---' `---' `-------' _______ __ __ __ _______ __ __ | _ | |--.-----| | | _ | |--....

September 29, 2014 · 1 min · claudio

Gnu Bash 4.3 and below Cgi Scan + Remote Command Injection Exploit

[claudio@localhost ~]$ ./bash_env_rci_v2.py _______ _______ __ | _ .-----.--.--. | _ .---.-.-----| |--. |. |___| | | | |. 1 | _ |__ --| | |. | |__|__|_____| |. _ |___._|_____|__|__| |: 1 | |: 1 \ |::.. . | |::.. . / `-------' `-------' ___ ___ _______ _______ _______ ___ | Y | | _ | | _ | _ | | | | |_|___| | |. l |. 1___|....

September 26, 2014 · 1 min · claudio

aLFI Scanner – An0th3r LFI sC4Nn3r v1.0

[claudio@localhost ~]$ ./aLFIscanner.py -u 10.0.0.67 -t lfi.php?ID= $$\ $$$$$$$$\ $$$$$$\ $$ | $$ _____|\_$$ _| $$$$$$\ $$ | $$ | $$ | \____$$\ $$ | $$$$$\ $$ | $$$$$$$ |$$ | $$ __| $$ | $$ __$$ |$$ | $$ | $$ | \$$$$$$$ |$$$$$$$$\ $$ | $$$$$$\ \_______|\________|\__| \______| $$$$$$\ $$ __$$\ $$ / \__| $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ \$$$$$$\ $$ _____|\____$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\ \____$$\ $$ / $$$$$$$ |$$ | $$ |$$ | $$ |$$$$$$$$ |$$ | \__| $$\ $$ |$$ | $$ __$$ |$$ | $$ |$$ | $$ |$$ ____|$$ | \$$$$$$ |\$$$$$$$\$$$$$$$ |$$ | $$ |$$ | $$ |\$$$$$$$\ $$ | \______/ \_______|\_______|\__| \__|\__| \__| \_______|\__| An0th3r LFI sC4Nn3r v1....

August 26, 2014 · 2 min · claudio