Labs Project News

Mise à jour OpenSSH

Emmanuel Lacour — Thu, 15 May 2008 8:38:15 GMT

Suite à la faille OpenSSL Debian[1], ce serveur a été mis à jour. Il refuse désormais les clefs ssh vulnérables. Si votre clefs est concernée, vous devez mettre à jour votre machine, puis générer une nouvelle clefs et remplacer l'ancienne par celle-ci.

[1] http://www.debian.org/security/2008/dsa-1571

wbmtranslator 0.6.3 released

Emmanuel Saracco — Sat, 29 Mar 2008 11:01:00 GMT

* Google translation console:
  - Fixed a lot of encoding problems.
  - Added new languages (Greek and Dutch)

* Send translations section:
  - Added translator name information.
  - Updated E-Mail content to Webmin translations team to be more consistent regarding to the translation type (Webmin ou Usermin).

* Configuration:
  - Added variable "trans_name" in "config.info" file.
  - Updated webmin core modules list.

* Informations translation:
  - Fixed a problem with "module.info" translation when it does not have all descriptions for all module's languages.

phpremoteshell 0.8.2 released

Emmanuel Saracco — Fri, 28 Mar 2008 6:31:52 GMT

- Fixed a problem with some particular servers and tmpdir detection. Some servers allow directory creation, but not directory deletion... So, now zombies management should work on these servers too.
- Fixed a logic error, which could prevent PRS to detect the correct storage mode.
- Fixed a problem with rights detections.
- Fixed a problem with executable method detection.

phpremoteshell 0.8.1 released

Emmanuel Saracco — Sat, 22 Dec 2007 5:05:25 GMT

* Zombies:
	- Fixed some issues with IE.
	- Added the use of hidden iframe to spy user navigation. This
	  feature does not work yet with IE, so it can be enabled/disabled
	  using the ZOMBIE_USE_HIDDEN_IFRAME constant.

* File browser:
	- Added display options (to filter hidden files, directories,
	  symlinks or files)
	- Colors enhancement.
	- Sort enhancement (same sort, whatever browse method is used).

gurlchecker 0.10.2 (stable) released

Emmanuel Saracco — Thu, 13 Dec 2007 5:22:08 GMT

* Configuration:

          - Fixed a problem with libtidy (thanks to Sébastien Lepers).

* Other:

          - Fixed a protocole comparison bug.
          - Some documentation cleaning.

wbmclamav 0.9.0 released

Emmanuel Saracco — Mon, 10 Dec 2007 8:47:49 GMT

* WARNING:

	- Backup your data.
	- Please do the following actions after installing this new
	  release candidate:
		. Review module configuration and save it.
		. Review "Global settings" section and click the "Apply
		  button".

* Configuration:

	- Fixed some problems with restore process.
	- Added the following options in config.info:
	  	clamav_sys_user
		clamav_sys_group
	- Fixed issues in clamav/freshclam configuration files management.
	- Fixed a problem with clamav init script detection on some
	  condition.
* Quarantine section:

	- It should also work now with amavisd-new quantines splitted into
	  mutiple subdirectories (task #1563).
	- Now take in account the Cc field of quarantined E-Mails when
	  resending them (thanks to Aritza Sobrinos).

* Other:

	- Fixed a problem with the following freshclam option:
	  NotifyClamd
	- Code cleaning and comments.
	- Updated for new clamav 0.91.2. Old versions of ClamAV are not
	  supported anymore.
	- Fixed a typo in freshclam options.
	- Added the following clamav option:
		DetectPUA
	- Added the following clamd remote commands:
		MULTISCAN
		STREAM
		SESSION
		END
	- Some security stuff and code cleaning.

phpremoteshell 0.8.0 released

Emmanuel Saracco — Mon, 10 Dec 2007 8:25:26 GMT

* Zombies:

	- Menu reorganization.
	- Added a "Control center". It is now possible to ping hosts with
	  the zombie (so you can bypass firewall etc.). For the moment hosts
	  must have port 80 open to appear alive.
	- Fixed some bad display logic with javascript code.
	- Added "Delete" menu.
	- Added "Reset" and "Add separator" menu to keylogger viewer.		
	- Very first steps for "Zombies" management (based on BeEF ideas).

* Other:

	- Better safe mode handling.
	- Better recursive idirectory deletion.
	- Launcher code cleaning.
	- Some README/INSTALL update.
	- Now the use of the "launcher.html" file is required to open PRS
	  shell. All GET access will result on a "404 Not Found" HTTP
	  error. Just open this file with your Web browser and click the
	  "Launch" button.

phpremoteshell 0.7.0 released

Emmanuel Saracco — Wed, 14 Nov 2007 11:26:45 GMT

* Encryption:

	  - PRS is now able to encrypt/decrypt itself on request. What you
	    have to do is just encrypt it with a secret key (using tools
	    available in the "encryption/" directory), put the encrypted
	    file on a remote server and request it by passing it your secret 
	    key using HTML POST method (see the "post.html" file). It is
	    a ugly/lame/experimental feature, so take it as a PoC and play
	    with it :-) Do not hesitate to send me ideas or patches!

* Self-recovery:

	  - PRS can now host itself in another PHP script on the server to
	    be able to self-restore itself at script execution time. Noisy
	    game though, so think twice before playing it :-)

* Crontab:

	  - Added crontab management when available.

* PHP:

	  - Now take in account "open_basedir" PHP configuration variable.
	  - PHP Exec* functions wrapper debug and optimization.

* Other:

	   - Now take in account the safe mode's variable "safe_mode_exec_dir".
	   - Added some information at the page top (exec method, FS
	     exploration method, PHP safe mode, storage method (cookies/script)).
	   - Again some fixes for runtime magic quotes.
	   - Some file size calculation fixes (when "filesize()" function is
	     disabled).
	  - Code cleaning.

phpremoteshell 0.6.1 released

Emmanuel Saracco — Wed, 07 Nov 2007 7:49:35 GMT

* PHP:

  - Now use "proc_open()" when "popen()" is not available.

* Other:

  - Fixed a typo that broke download functionality.
  - It is now possible to force file saving and deletion, even if 
    PRS think that file can not saved or deleted.
  - PRS is now able of self-modify itself to save dynamic data in
    its own file. If it fail (ie. bad PRS file rights) it use 
    traditional cookie method.
  - Safer read/write file functions.
  - Code cleaning and minor enhancements.

phpremoteshell 0.6.0 released

Emmanuel Saracco — Mon, 05 Nov 2007 8:55:01 GMT

* Popups:

          - Fixed a problem on popup closure with IE.

* PHP:

          - Fixed a problem with magic quotes.

* Menus:

          - Added a "Remove me!" menu item. It just remove the prs.php script
            from the server.


* File browser:

          - Better download handling in safe mode.
          - It is now possible to force file edition, even if PRS think that
            it can not be viewed.
          - Fixed a problem with directories deletion when "opendir()"
            function is not available (use "glob()" instead).
          - Better browse mode detection management.
          - Added bookmarks management for directory location.
          - It is now possible to visualize images found on the server.
          - Try to use "glob()" if "opendir()"/"readdir()" or "ls" system
            command are not available.
          - A lot of improvments on directories/files display.
          - Fixed a problem with sticky directories.
          - Fixed a problem with recursive directories deletion.
          - Fixed a problem with especially crafted directories names.
          - Added "Create directory" menu. User can now create directories.
          - Files with appropriate rights can be fully edited. PRS will try to
            preserve original timestamp if Web user is the same as file owner.

* Other:

          - Fixed problem with HTML output.
          - When in safe mode, we try to display "phpinfo()" output in the
            "Remote information" section.
          - Code cleaning.