Viewing posts for the category Omarine User's Manual

Does OpenVAS work on SELinux?

In the HACKER world it is still assumed that OpenVAS is not compatible with SELinux, the question of whether OpenVAS will work on a system using the SELinux security module remains unanswered. Just like that if no one speaks up.

This article states that OpenVAS runs fine on SELinux, as long as the security policy is updated appropriately.

OpenVAS is the best vulnerability scanner for compliance assessment, providing live information on severity, risk rating, remediation, etc.

In the OpenVAS setup check script (gvm-check-setup) there is a piece of code like this:

The script requires the SELinux status to be “Disabled” in order to execute.

We need to remove the above code. OpenVAS can run fully functional when SELinux is in “Enabled” state, even policy enforcement mode is “enforcing”.
To start OpenVAS, run sudo gvm-start

The browser is automatically opened and takes us to to start using the scanner

SQLi attack

A type of attack where an attacker interferes with database queries.

Manual on SQLi attack are available at
Here I just add another approach, using Repeater as usual instead of using Intruder as in the tutorial.

Send the item to be injected to the Repeater

In Repeater, modify the query as below then click Send to attack

The results are the same as in the Burp Suit's documentation. What I want to say here is that you are not overwhelmed by the functions. Intruder is similar in nature to Repeater, except that it is a more convenient way to deliver payload.

Reflected XSS attack

Reflected XSS is a type of XSS attack where a vulnerable web server reflects the script in malicious actor's request back to the client browser where the malicious code is executed.


Perfect Forward Secret (PFS) is simple but very interesting


Encrypted password or unencrypted password?

There are two methods of password authentication in encrypted form:
     1. Use an encrypted password on an unencrypted connection
     2. Use an unencrypted password on an encrypted connection

The first method is clearly not recommended. A typical example is the CRAM-MD5 mech.
Second, authentication over an encrypted connection with a cipher suite, for example TLS_AES_256_GCM_SHA384 of TLSv1.3 is secure.

By TLS, we mean entity authentication with digital certificates, at least for server with server certificates.
With TLSv1.3 the session key is randomly ephemeral generated using Perfect Forward Secrecy, which ensures non-repeating session keys. Thus, for example, if the session key is exposed, it will not affect the data of another session. Likewise, because the session key has nothing to do with the server's private key, if the server is compromised, the server's private key cannot decrypt the previously captured data.

What is session key used for?
It is the key of the symmetric encryption cipher, used to encrypt communication bulk data, the cipher here is 256-bit AES. The mode of operation of the cipher is counter (GCM - Galois Counter Mode). So AES_256_GCM goes into a cluster.

The encryption does not guarantee integrity.
There is no guarantee that the data received by the recipient is intact. From here comes the concept of authenticated encryption. This work is done using the hash function SHA384.

Password authentication like?
This is server authenticating client, see if the client has a credential to use its authentication-required service. On a TLS connection, passwords and other authentication-required information are presented by the client to the server as a normal transaction. All data has been securely encrypted as above. If authentication is successful, the client becomes an authenticated user. This applies to any service that uses a TLS connection.

Thus, an unencrypted password is more secure than an encrypted password.

Authentication mechanism
There are several different authentication mechanisms, but as we know there should be no problem using PLAIN mechanism on a TLS connection.
To practice, telnet to the mail server: