Пропускане към основното съдържание

RedHat Objectives

 ###RedHat Objectives###  
 . Boot, reboot, and shutdown the system normally  
 . Diagnose and correct problems at boot  
 . Boot systems into different runlevels for troubleshooting and system maintenance  
 . Use single-user mode to gain access to a system for which the root password is not known  
 . Diagnose and correct misconfigured networking settings  
 . Diagnose and correct hostname resolution problems  
 . Diagnose and address permissions problems and SELinux policy violations  
 . Diagnose and correct non-hardware disk storage problems  
 . Adding new partitions, logical volumes, filesystems, and swap areas to a system non-  
 . Manually open, mount, unmount, and close LUKS-encrypted filesystems  
 . Extend existing unencrypted ext4-formatted logical volumes  
 . Login or switch user to the root account  
 . Use ssh and VNC to access remote systems  
 . Locate and read on-line documentation using man, info, and files in /usr/share/doc  
 . Locate and analyze system log files  
 . Understand how to use grep and regular expressions to analyze text output  
 . Access a bash shell prompt and issue commands with correct syntax; use pipelines and I/O  
 . Use text editors such as gedit and vim to create and edit text files  
 . Manage system resources: identify CPU/memory intensive processes, adjust process priority  
 with renice, kill processes  
 . Manage files and directories: create/delete/copy/move; create hard and soft links  
 . Use tar, gzip, and bzip2 to archive and compress files  
 . Install Red Hat Enterprise Linux manually with the graphical installer from network installation  
 . Install Red Hat Enterprise Linux automatically using Kickstart  
 . Configure a physical machine as a RHEL-based virtualization host  
 . Manage virtual machines: install/start/stop/configure to start at boot/access a VM ́s graphical  
 . Manage disk partitions: understand MBR-style partitions (primary,extended,logical);  
 list/create/delete partitions  
 . Manage logical volumes: create/remove physical volumes, assign PVs to volume groups,  
 create/delete logical volumes  
 . Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and  
 mount decrypted filesystem at boot  
 . Canage ext4 filesystems: create, label, mount, mount automatically at boot (by UUID or label),  
 . Mount and unmount CIFS and NFS network filesystems, manually or by configuring autofs  
 . Manage network devices: understand basic IP networking/routing, configure IP  
 addresses/default route statically or dynamically  
 . Manage name resolution: set local hostname, configure /etc/hosts, configure to use existing  
 DNS server  
 . Manage network services: check status, start, stop, configure to start automatically at boot  
 . Configure the scheduling of tasks using cron and at  
 . Manage local user and group accounts: create, delete, change passwords, adjust password  
 aging, adjust group memberships  
 . Use network user and group accounts stored on an existing LDAP directory service  
 . Manage standard permissions: list, interpret, change ugo/rwx  
 . Use sgid directories for collaboration  
 . Set and manage Access Control Lists (ACLs)  
 . Manage SELinux security: set enforcing/permissive modes, list file and process context, restore  
 default file context, use "booleans" to adjust policy  
 . Manage default firewall settings with basic tools  
 . Install and update software packages from RHN or remote repository, or from the local  
 . Update the kernel package appropriately to ensure a bootable system  
 . Modify the system bootloader  
 . Configure the system to synchronize system time using remote NTP servers  
 . Deploy a VNC server that allows multiple desktops to be shared  
 . Deploy file sharing services with HTTP/FTP  


Popular Posts


REPRODUCE OF THE VULNERABILITY =): Collaboration: silentsignal

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues). For the final time, let's pretend we do not know any credentials for DVWA.... Let's play dumb and brute force DVWA... once and for all! TL;DR: Quick copy/paste 1: CSRF=$(curl -s -c dvwa.cookie "" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2) 2: SESSIONID=$(grep PHPSESSID dvwa.cookie | cut -d $'\t' -f7) 3: curl -s -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "192.168.1


Donate if you are not shame!