Linux Kernel Dirty COW exploit POC examples

Dirty COW (CVE-2016-5195) is the latest vulnerability to be given a brand and is being dubbed the biggest privilege escalation vulnerability to date on Linux. The reason for all the hype is because of the amount of devices the vulnerability affects as it has been in the linux kernel since 2.6.22 (2007) and is easily exploitable reliably. That’s enough of the background info, follow the link above if you want to learn more.

GHOST glibc vulnerability CVE-2015-0235

A new dangerous and wide spread vulnerability has been found in the GNU C Library (glib) and has been nicknamed GHOST after the function that is affected, the real name for this is CVE-2015-0235. The work carried out by Qualys ( has found that certain functions in the library are vulnerable to a buffer overflow attack giving the attacker full remote access to the victim. “During a code audit Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc.

Alienvault LVM partitioning

Alienvault by default installs just one partition and in some cases errors on some installations, by editing the preseed file you can split the partitioning up with LVM and avoid any errors. Best practice is to split up the filesystem in to separate sections so filling up /var does not corrupt the main root partition, doing this with LVM allows you to add extra disks later on. As Alienvault can store a lot of data, utilising LVM is extremely useful so you can expand your partitions on the fly later on.

Check a process cpu and memory with Nagios

A check plugin for Nagios to monitor processes and their utilization of system resources. This plugin takes in a process name and then uses the command ps to work out how much memory and cpu all the processes of that name are taking up in percentage. It will output performance data for CPU Usage Percentage, Memory Usage Percentage, VSZ, RSS and the number of processes of that name.

Linux behind NTLM authentication proxy using CNTLM

Sometimes you will find your server sat behind a proxy designed for human traffic rather than server traffic and so requires authentication. Although the NTLM protocol is grossly insecure it still seems to used in a lot of proxies. To get your server to download updates you will need to make your server play nice with this authentication as a lot of software does not support the NTLM protocol. CNTLM solves this issue by adding another proxy layer in front of your software which does not require authentication.