Sonicwall netExtender on ubuntu x64 missing libssl or libcrypto

Wow, over a year since my last post. Work has been crazy and personal life is even worse. If any of you are wondering where i have been hiding head over to upSploit.

Well I have just rebuilt my laptop to Xubuntu 11.10 as I could not stand the Unity on Ubuntu and decided to use 64bit OS now too. Don't worry with the Xubuntu bit this fix should work for any of the Ubuntu family.

During install i came across the error  saying that libssl.so.6 and libcrypto.so.6 were missing. Well they are missing as I have newer libraries in place called libssl1.0.0 and libcrypto1.0.0. So all I needed to do was symlink these two together. Well this was the issue I had, trying to work out what lib folder it was trying to call. After a little playing around I got it working with the following two commands that create the needed symlinks for each file.

sudo ln -s /usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so.6

sudo ln -s /usr/lib/i386-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.6

Once I had added these I could use the CLI interface, I know you need to use the Sun java JRE to get the GUI running and as I am happier in the command line I decided to just stay with this setup.

Hopefully I will just add short notes like this one for a while so the blog does not go stale.

Speak soon.

 

Penetration Testing for Business Reasons

Now during my time as a Penetration Tester I have learnt that these days pen testing is not for the IT department it should be for the whole business. A quote from CISSP for dummies (stop laughing) says "Executives seem to understand This will cost us $3 million better than This will cause an unspecified loss at an undetermined future date".

upSploit - Public Beta Release

upSploit is a new and free Advisory Management Solution. The aim is for upSploit to become a service/framework that security researchers can depend on when disclosing vulnerabilities to vendors. After 5 months of development we are now ready to unleash to the world the Public Beta. This version is fully functional and automated to allow for speedy fixes to all the security holes that are out in the world to be found.

Setup Postgres for Metasploit on Ubuntu

I have been playing with Metasploit over the last few days and going through the Metasploit Unleashed course and while installing Metasploit I have found that some of the database features do not work out of the box. So below is how I managed to install and configure Postgres to work with Metasploit on Ubuntu 10.04(Lucid Lynx).

upSploit - Vulnerability Advisory Gateway

What is upSploit?

upSploit is a free service to the IT security industry to enable vulnerability and exploit advisories to be distributed between the founder, vendor and other security professionals easily. This Vulnerability Advisory Gateway (VAG) should break down the barriers for security researchers and professionals to pass details of vulnerabilities to vendors in a structured easy to follow process.

Apple iPad,iPhone or Touch favicon for your website

I have seen on my Xmarks mobile website that I have bookmarked on my home screen on my iPhone does not have the usual screen shot logo. Instead it has a Xmarks logo in place which makes it look more like an app than a website. I thought this is pretty cool and know that my own site has a mobile version so I thought it would be a good addition to my site.

So it just takes the usual favicon right?? Well that's what I first thought but sadly, no.

DVWA becomes its own Distro

After a few months of hard work and a large number of emails between Ryan Dewhurst(@ethicalhack3r) and myself we have managed to create a LiveCD distribution of Damn Vulnerable Web App.