Not able to receive any notification from netconf test tool [closed]

I am working with netconf test tool to simulate devices. I was able to edit configuration on the devices. I was working with notification even tough I subscribed to a stream I was not able to get any notification from the device. If anybody has an understanding or have worked on netconf test tool with notification, it would be a great help .

Here is my python code

import sys import logging from ncclient import manager from ncclient import operations  log = logging.getLogger(__name__)  CREATE_SUBSCRIPTION = '''<?xml version="1.0" encoding="UTF-8"?>   <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="{}">     <create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">       <stream>NETCONF</stream>     </create-subscription>   </rpc>''' # Fill the device information and establish a NETCONF session def connect(host, port, user, password):     return manager.connect(host=host,                            port=port,                            username=user,                            password=password,                            hostkey_verify=False,                            allow_agent=False,                            look_for_keys=False)   def test_notification(host, port, user, password):     # 1.Create a NETCONF session     with connect(host, port=port, user=user, password=password) as m:         # 2.Set the message-id for the rpc         msgId = 1002         rpc = CREATE_SUBSCRIPTION.format(msgId)          # 3.Send rpc         result = m._session.send(rpc)         m.take_notification(block=True, timeout=None)   if __name__ == '__main__':     logging.basicConfig(level=logging.DEBUG)     test_notification(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4]) 

open relay test discrepancy

nmap smtp open relay test shows (verbose mode):

smtp-open-relay: Server is an open relay (5/16 tests)   MAIL FROM:<antispam@[xxx.xxx.xx.xx]> -> RCPT TO:<relaytest%nmap.scanme.org@XHS5P>   MAIL FROM:<antispam@[xxx.xxx.xx.xx]> -> RCPT TO:<"relaytest@nmap.scanme.org">   MAIL FROM:<antispam@[xxx.xxx.xx.xx]> -> RCPT TO:<"relaytest%nmap.scanme.org">   MAIL FROM:<antispam@[xxx.xxx.xx.xx]> -> RCPT TO:<nmap.scanme.org!relaytest>   MAIL FROM:<antispam@[xxx.xxx.xx.xx]> -> RCPT TO:<nmap.scanme.org!relaytest@XHS5P> 

xxx.xxx.xx.xx being host IP smtp: Microsoft ESMTP 6.0.2600.5949

Previous tests through mxtoolbox:

MAIL FROM:<supertool@mxtoolbox.com> 250 2.1.0 supertool@mxtoolbox.com....Sender OK [703 ms] RCPT TO:<test@mxtoolboxsmtpdiag.com> 550 5.7.1 Unable to relay for test@mxtoolboxsmtpdiag.com [696 ms] 

According to mxtoolbox, my host is not an open relay smtp

My question:

  • can I consider nmap test unreliable?

In order to check, nmap results I made a few test myself using nmap output

Here’s what I got:

HELO 250 XHS5P Hello [yy.yy.yyy.yyy] MAIL FROM:<tester@bogusyyyyyw.com> 250 2.1.0 tester@bogusyyyyyw.com....Sender OK RCPT TO:<"relaytest@nmap.scanme.org"> 250 2.1.5 "relaytest@nmap.scanme.org"@XHS5P 

status code 250 2.1.5 means: email has been delivered

So, nmap was right. But I still believe it was not, since perhaps it has to do with the the fact that the recipient has double quotes

Can someone help me to figure out if my host is an open relay?

thanks a lot

What questions are useful to scope a mobile app pen test?

When arranging a pen test it’s common practice to ask the client a set of questions, and use the answers either as the basis for further discussions, or to directly provide a test plan and quotation.

For a mobile app specifically, what questions are helpful to include? For example:

  • What platforms does the app support? e.g. iOS, Android
  • Was the app developed using a cross-platform framework? e.g. PhoneGap, Kivy
  • Does the app connect to it’s own back-end service? e.g. bespoke REST, Firebase
    • Do these connections use SSL pinning?
  • Does the app provide additional UI secuity? e.g. PIN, FLAG_SECURE
  • Does the app provide IPC interfaces? e.g. URL handler, intent
  • Does the app interface with hardware? e.g. bluetooth card reader
  • Is the app obfuscated?
  • How is the app delivered? e.g. public store, private app in store, alternate store, sideloading
  • What authentication is used? e.g. pairing, user name & password, connect with Facebook
  • How many views/pages does the app have?
  • What permissions does the app request?
  • Does the app make arbitrary network connections or listen on ports?

If you have any other ideas, please let me know!

Runtime error : How do I avoid it for a large test case?

I have been solving the CSES problem set and I am stuck on the following problem : CSES-Labyrinth

Here is my solution :

#include <bits/stdc++.h> using namespace std;  int main() {     int n,m,distance=0,x=0,y=0;     string str1="NO",str2="";     cin>>n>>m;     char grid[n+1][m+1];     int vis[n+1][m+1];     int dis[n+1][m+1];     string path[n+1][m+1];     int dx[]={0,0,1,-1};     int dy[]={1,-1,0,0};     char dz[]={'R','L','D','U'};     queue<pair<int,int>>s;      for(int i=0;i<n;i++)         for(int j=0;j<m;j++){             cin>>grid[i][j];             if(grid[i][j]=='A'){                 x=i; y=j;             }             vis[i][j]=0;             dis[i][j]=0;             path[i][j]="";         }          s.push({x,y});     while(!s.empty()){         pair<int,int>a=s.front();         s.pop();         if(grid[a.first][a.second]=='B'){             distance=dis[a.first][a.second];             str1="YES";             x=a.first; y=a.second;             break;         }         if(vis[a.first][a.second]==1)         continue;         else{             vis[a.first][a.second]=1;             for(int i=0;i<4;i++){                 if(a.first+dx[i]<n && a.first+dx[i]>=0 && a.second+dy[i]<m && a.second+dy[i]>=0 && (grid[a.first+dx[i]][a.second+dy[i]]=='.' || grid[a.first+dx[i]][a.second+dy[i]]=='B')){                     s.push({a.first+dx[i], a.second+dy[i]});                     dis[a.first+dx[i]][ a.second+dy[i]]=dis[a.first][a.second]+1;                     path[a.first+dx[i]][ a.second+dy[i]]=path[a.first][a.second]+dz[i];                 }             }         }     }     if(str1=="YES"){         cout<<str1<<endl<<distance<<endl<<path[x][y];     }     else     cout<<str1; } 

I am getting a Runtime error on 3/15 test cases and this was the best result I could reach (other 12 cases are accepted). How do I avoid runtime errors? What is wrong with my solution?

Should the pentester seek features to test by himself?

Imagine we have a dev team

  1. developers
  2. team lead
  3. scrum master

When a new feature is planned to be implemented, should it be sent to the security team by the dev team lead (to evaluate whether it needs to be tested) or the someone from the security team should seek for them by himself by attending to meetings? We have like 10 different products.

How am I supposed to check Defender’s capability when it trusts me blindly after I mark a test malware file as “allowed”?

With enormous amounts of fighting with Windows/Microsoft Defender, I finally managed to download the "test virus" file from https://www.ikarussecurity.com/en/private-customers/download-test-viruses/ onto my desktop.

However, Defender (on the command line) still just says:

Scanning C:\Users\John Doe\Desktop\eicar_com.zip found no threats. 

No threats? You just had me work for 30 minutes straight to make you not remove the file before it ever even landed on my desktop, and now you consider it to not contain any threats? Is this just because I have "allowed" it?

My entire point of downloading this file was to check if Windows/Microsoft Defender returns a "1" code instead of "0" when it detects a virus (and what it says as text output), but now I can’t even test that because it thinks that the file is not "harmful" just because I allowed it to exist temporarily on my system for the purpose of testing this?

Bottom line: I can’t see any way to test Defender’s output/return code for an actual malware-detected file because it doesn’t even allow me to have the file on my desktop without "allowing" it, which apparently makes it believe me blindly as an authority.

OpenVPN: test security from external point of view

How would I test an OpenVPN environment from external, kind of black box pentest. I have the public server-IP (port 1194, udp, tun).

I have found NO online ressources on how to do that, or whether some tools are available (e.g. for IPsec there is the ike-scan tools), nmap has no scripts for that, metasploit has no plugins, kali has no tools (only OpenVAS looks like it has a module, didnt try that yet).

Is there any way to test or analyse the security of OpenVPN from an external point of view?

WE have made changes on TEST server but it is impacted on PROD SQL server

We have 2012 SQL SERVER(PROD), client cloned a Test server from PROD, For testing the Upgrade process.

While performing the SQl server upgrade we have restarted services on TEST, after restarting the services Report server schema version is changed from 163 to 164 on PROD. We got SSRS connection issues to fix the issues we have changed the report server schema version to 163 on PROD.

We are confused that we have restarted services on TEST but report server verion changed on PROD how it happens

Flag Finding in Penetration Test

Need a bit of help in reagards to flag finding.

I have gained access to a custom Target mahine on VMware to find 3 flags.

all the flags start with word “flag” and some of them are encrypted. I could only find 1 broken link to 1 flag but when i try to open it, it just prints out some weired data. Could anyone please guide me how to:

  1. open the contents of this found flag.

  2. how to find other 2 flags.

Thanks

enter image description here

SYN Flood Test Platform

I am a new programmer, i’m learning. I made a SYN Flood program. I observed with Wireshark, i saw how many packets. But I don’t know how many megabytes of attack were. I don’t know how many packages are going to the target in a healthy way. Is there a test platform that you would recommend for SYN Flood(Online/Offline)? I don’t want to attack real sites. I just want to see the damage done by the program.