tag:blogger.com,1999:blog-46561846820552151112024-03-14T12:56:08.065+05:30CodeWriteUpA log of my experiments and encounters with my Linux box.Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-4656184682055215111.post-801037204836225392015-05-01T14:44:00.001+05:302015-05-01T14:44:47.466+05:30Ubuntu Tips and TricksHow to check free disk space on an Ubuntu 14.04 machine ?<br />
<br />
<pre class="prettyprint" skin="Desert">$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda6 207G 48G 148G 25% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
udev 1.9G 4.0K 1.9G 1% /dev
tmpfs 384M 1.2M 383M 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 1.9G 16M 1.9G 1% /run/shm
none 100M 56K 100M 1% /run/user
</pre>
<br />Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0tag:blogger.com,1999:blog-4656184682055215111.post-10712778016940578722015-02-05T15:58:00.000+05:302015-02-05T15:58:23.263+05:30Ubuntu auto backup to remote host using scp, rsync, crontab<h2>
Bash script to transfer files via SCP</h2>
<pre class="prettyprint" skin="Desert">#!/bin/bash
REMOTE_IP="x.x.x.x"
SCP_PASSWORD="mypassword"
expect -c "
set timeout 1
spawn scp -r /Local/SourceFolder uname@$REMOTE_IP:/Remote/DestFolder
expect yes/no { send yes\r ; exp_continue }
expect password: { send $SCP_PASSWORD\r }
expect 100%
sleep 1
exit
"
</pre>
Save the above script to autoscp.sh and give the execute permission. The SourceFolder is the folder whose contents are sent to DestFolder on the remote host .<br />
<pre class="prettyprint" skin="Desert">$ chmod +x file.sh
$ ./file.sh
</pre>
Install expect if it's not on our machine, expect is a program that "talks" to other interactive programs according to a script. We use this in this script to provide the password when asked for by the scp command.<br />
<pre class="prettyprint" skin="Desert">sudo apt-get install expect
</pre>
<h2>
Bash script to sync local & remote folder via rsync</h2>
<pre class="prettyprint" skin="Desert">#!/bin/bash
REMOTE_IP="x.x.x.x"
SCP_PASSWORD="mypassword"
#And now transfer the file over
expect -c "
set timeout 1
spawn rsync -azvv -e ssh /Local/SrcFolder uname@$REMOTE_IP:/Remote/DstFolder
expect yes/no { send yes\r ; exp_continue }
expect password: { send $SCP_PASSWORD\r }
expect 100%
sleep 1
exit
" </pre>
-a preserves the date and times, and permissions of the files<br />
-z compresses the data<br />
-vv increases the verbosity of the reporting process<br />
-e specifies remote shell to use<br />
<br />
Save the above script to autorsync.sh file and give the execute permission.<br />
<div>
Refer this <a href="https://help.ubuntu.com/community/rsync" target="_blank">Ubuntu documentation</a> for more details on rsync. Both the bash scripts mainly automate the rsync and scp transfer, so that password don't need to be supplied.</div>
<h2>
Scheduling this rsync and scp scripts to run periodically</h2>
Use crontab to schedule these scripts to run periodically. To edit crontab use<br />
<pre class="prettyprint" skin="Desert">crontab -e
</pre>
Add the below lines<br />
<pre class="prettyprint" skin="Desert"># m h dom mon dow command
0 * * * * cd /location/of/script;./autoscp.sh
30 * * * * cd /location/of/script;./autorsync.sh<span style="font-family: Times New Roman;"><span style="white-space: normal;">
</span></span></pre>
m - minute<br />
h - hour<br />
dom - day of the month<br />
mon - month<br />
dow - day of the week<br />
0 * * * * will run the script at 0 minutes every hour, every day of all the months.<br />
30 * * * * will run the script at every 30 minutes on every hour, every day of all the months.Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0tag:blogger.com,1999:blog-4656184682055215111.post-22088457184385421272014-08-14T23:44:00.000+05:302015-05-01T12:16:29.548+05:30[Tested working] Set up Wifi HotSpot on Ubuntu 14.04 Laptop (Infrastructure Mode, for Android Phones)<span style="font-size: x-large;">1. Check your Wifi card</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Check whether your wifi card support AccessPoint (AP) infrastructure mode</span><br />
<pre class="prettyprint" skin="Desert">iw list
</pre>
<span style="font-family: Arial, Helvetica, sans-serif;">Your wifi card is good to go if the output shows something like</span><br />
<pre class="prettyprint" skin="Desert">Supported interface modes:
* --
* --
* AP
* AP/VLAN
* --
</pre>
AP means AccessPoint (AP) infrastructure mode.<br />
<br />
<span style="font-size: x-large;">2. Install "hostapd"</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">The latest version was buggy when I'm writing this blog. So install the just before version and hold it's updation. </span><br />
64 Bit
<br />
<pre class="prettyprint" skin="Desert">wget http://archive.ubuntu.com/ubuntu/pool/universe/w/wpa/hostapd_2.1-0ubuntu1.2_amd64.deb
sudo dpkg -i hostapd*.deb
sudo apt-mark hold hostapd
</pre>
32 Bit
<br />
<pre class="prettyprint" skin="Desert">wget http://archive.ubuntu.com/ubuntu/pool/universe/w/wpa/hostapd_2.1-0ubuntu1.2_i386.deb
sudo dpkg -i hostapd*.deb
sudo apt-mark hold hostapd
</pre>
<br />
<span style="font-size: x-large;">3. Install dnsmasq</span><br />
<br />
<pre class="prettyprint" skin="Desert">apt-get install dnsmasq
</pre>
<br />
<span style="font-size: x-large;">4. Install ap-hotspot</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Install ap-hotspot, it's a set of scripts that helps you to easily configure the hotspot settings.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Download the .deb file from the below links and double click to install.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Ubuntu 12.04 - <a href="https://launchpad.net/~nilarimogard/+archive/ubuntu/webupd8/+files/ap-hotspot_0.2.1-1~webupd8~1_all.deb" target="_blank">Click to download</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Ubuntu 12.10 - <a href="https://launchpad.net/~nilarimogard/+archive/ubuntu/webupd8/+files/ap-hotspot_0.2.1-1~webupd8~1_all.deb" target="_blank">Click to download</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Ubuntu 13.04 - <a href="https://launchpad.net/~nilarimogard/+archive/ubuntu/webupd8/+files/ap-hotspot_0.2.1-1~webupd8~1_all.deb" target="_blank">Click to download</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Ubuntu 13.10 - <a href="https://launchpad.net/~nilarimogard/+archive/ubuntu/webupd8/+files/ap-hotspot_0.3.1-1~webupd8~0_all.deb" target="_blank">Click to download</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Ubuntu 14.04 - <a href="https://launchpad.net/~nilarimogard/+archive/ubuntu/webupd8/+files/ap-hotspot_0.3-1~webupd8~2_all.deb" target="_blank">Click to download</a></span><br />
<br />
<span style="font-size: x-large;">5. Configure WiFi hotspot</span><br />
<pre class="prettyprint" skin="Desert">sudo ap-hotspot configure
</pre>
<br />
<span style="font-size: x-large;">6. Start/Stop/Restart WiFi hotspot
</span><br />
<pre class="prettyprint" skin="Desert">sudo ap-hotspot start
sudo ap-hotspot stop
sudo ap-hotspot restart
</pre>
<br />
<span style="font-size: x-large;">7. Common Issues/Errors</span><br />
<span style="color: #333333; font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; line-height: 18.200000762939453px;"><u>Another process already running error</u></span></span><br />
<span style="color: #333333; font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; line-height: 18.200000762939453px;">When you try to start the ap-hotspot it says 'Another process already running'</span></span><br />
<pre class="prettyprint" skin="Desert">sudo ap-hotspot start
Another process is already running
</pre>
<span style="font-family: Arial, Helvetica, sans-serif;">
To fix this issue remove hotspot.pid from /tmp</span><br />
<pre class="prettyprint" skin="Desert">sudo rm /tmp/hotspot.pid
sudo ap-hotspot start
</pre>
<br />
Hope this helps and saved your time...Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com27tag:blogger.com,1999:blog-4656184682055215111.post-83806719857054308602014-03-10T11:43:00.000+05:302014-03-10T11:43:21.443+05:30[CTF Writeups] InCTF 2014 Round 2 Forensics[6] BlopDownload the file and try command '<i>string</i>' on it<br />
<pre class="prettyprint" skin="Desert">#file Forensics-6.png
....
....
1b|.
ya3 S
yr1bz
0bl0BchUnk Flag :8bfe6a66710d9652e7fb10f19a75dd8e
%tEXtdate:create
2013-10-19T06:47:30+02:00
%tEXtdate:modify
2013-10-19T06:47:30+02:00
tEXtjpeg:colorspace
2,uU
tEXtjpeg:sampling-factor
2x2,1x1,1x1I
KtEXtxapMM:DocumentID
adobe:docid:photoshop:6baf7f6c-0033-11da-9596-894fe830229dF
IEND
</pre>
<br />
you got the flag 8bfe6a66710d9652e7fb10f19a75dd8e.Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com1tag:blogger.com,1999:blog-4656184682055215111.post-4542929321494906422014-03-10T11:33:00.001+05:302014-03-10T11:37:23.851+05:30[CTF Writeups] InCTF 2014 Round 2 Reverse[4] 150Download the file, extract it, check the file details using the '<i>file</i>' command<br />
<pre class="prettyprint" skin="Desert">#file four
four: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x899a337216c40966fb57583c9ff45fcac0384cbb, not stripped
</pre>
<br />
It says '<i>not stripped'</i> so let's try '<i>strings' </i>command but it won't give out any flag.<br />
Let's try to execute it from terminal<br />
<pre class="prettyprint" skin="Desert">#./four
Usage: ./four <key>
#./four abcd
Sorry no flag for you
</key></pre>
<br />
So our next option is to de-compile it. I used IDA. The assembly code of the main function gives as few clues on how to crack it.
<br />
<pre class="prettyprint" skin="Desert"> public main
.text:0804856C main proc near ; DATA XREF: _start+17 o
.text:0804856C
.text:0804856C arg_0= dword ptr 8
.text:0804856C arg_4= dword ptr 0Ch
.text:0804856C
.text:0804856C push ebp
.text:0804856D mov ebp, esp
.text:0804856F and esp, 0FFFFFFF0h
.text:08048572 sub esp, 10h
.text:08048575 cmp [ebp+arg_0], 2
.text:08048579 jz short loc_8048597
.text:0804857B mov eax, [ebp+arg_4]
.text:0804857E mov eax, [eax]
.text:08048580 mov [esp+4], eax
.text:08048584 mov dword ptr [esp], offset format ; "Usage: %s <key>\n"
.text:0804858B call _printf
.text:08048590 mov eax, 1
.text:08048595 jmp short locret_80485C8
.text:08048597 ; --------------------------------------------------------
.text:08048597
.text:08048597 loc_8048597: ; CODE XREF: main+D j
.text:08048597 mov eax, [ebp+arg_4]
.text:0804859A add eax, 4
.text:0804859D mov eax, [eax]
.text:0804859F mov [esp], eax
.text:080485A2 call check_key
.text:080485A7 test eax, eax
.text:080485A9 jnz short loc_80485B7
.text:080485AB call display_result
.text:080485B0 mov eax, 0
.text:080485B5 jmp short locret_80485C8
.text:080485B7 ; ----------------------------------------------------------
.text:080485B7
.text:080485B7 loc_80485B7: ; CODE XREF: main+3D j
.text:080485B7 mov dword ptr [esp], offset s ; "Sorry no flag for you"
.text:080485BE call _puts
.text:080485C3 mov eax, 2
.text:080485C8
.text:080485C8 locret_80485C8: ; CODE XREF: main+29 j
.text:080485C8 ; main+49 j
.text:080485C8 leave
.text:080485C9 retn
.text:080485C9 main endp
.text:080485C9
</key></pre>
<br />
<div style="text-align: justify;">
We can see that there are call to few functions like '<i>check_key</i>' and '<i>display_result</i>'. 'check_key' is called before '<i>display_result</i>'. So we can make a wild guess like the input what we enter will be validated using the '<i>check_key</i>' function and if it's correct then '<i>display_result</i>' will be executed and will give out the key.</div>
<div style="text-align: justify;">
So we have to get our execution to '<i>display_result</i>' function but before that there is a 'JNZ' statement. It may be this line that will decide based on the result from '<i>check_key</i>' whether '<i>display_result</i>' must run or not. </div>
<div style="text-align: justify;">
Now while debugging when we reach the JNZ statement set the Zero flag to 1 so that that jump will not happen '<i>display_result</i>' will get executed. </div>
<div style="text-align: justify;">
Luckily our guess is right and we got the file</div>
<br />Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0tag:blogger.com,1999:blog-4656184682055215111.post-45948686905145050632014-03-10T10:59:00.000+05:302014-03-10T11:04:42.137+05:30[CTF Writeups] InCTF 2014 Round 2 Reverse[3] 50Download the file, extract it and check the file details using the command '<i>file</i>'.<br />
<pre class="prettyprint" skin="Desert">#file three
three: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0xdcc8c235853a156ab338ea9833f4a20a713d72a8, not stripped
</pre>
<br />
So it says the file is not stripped then let's try to find out the readable string in the binary using the command 'strings'<br />
<pre class="prettyprint" skin="Desert">#strings three
/lib64/ld-linux-x86-64.so.2
libc.so.6
puts
printf
strcmp
__libc_start_main
__gmon_start__
GLIBC_2.2.5
UH-P
UH-P
l$ L
t$(L
|$0H
Usage: %s <key>
reversing_is_super_fun
Yaay! Now submit md5 of key for points
Wrong key! Look for key again!
;*3$"
</key></pre>
<br />
The text '<i>reversing_is_super_fun</i>' looks like a flag so let's find the md5 of that text and submit it....yeah it works..Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0tag:blogger.com,1999:blog-4656184682055215111.post-88817426032710132142014-03-10T10:47:00.000+05:302014-03-10T11:05:04.802+05:30[CTF Writeups] InCTF 2014 Round 2 Reverse[2] 50Download the file and extract it.<br />
Check the file details using the command '<i>file</i>'<br />
<pre class="prettyprint" skin="Desert">#file two
two: compiled Java class data, version 51.0
</pre>
Executing it won't help and so we will move on to de-compile it. I used an online decompiler available in this <a href="http://www.showmycode.com/" target="_blank">link</a><br />
Upload the class file, decompile it and download the source, it will look like this.<br />
<br />
<pre class="prettyprint" skin="Desert">import java.io.*;
public class challenge {
public challenge() { }
public static void main(string args[]) throws ioexception
{
byte abyte[] =
{ byte.valueOf((byte)106), byte.valueOf((byte)97), byte.valueOf((byte)50), byte.valueOf((byte)37), byte.valueOf((byte)36), byte.valueOf((byte)103), byte.valueOf((byte)94), byte.valueOf((byte)115), byte.valueOf((byte)94), byte.valueOf((byte)92), byte.valueOf((byte)96), byte.valueOf((byte)101), byte.valueOf((byte)94), byte.valueOf((byte)105), byte.valueOf((byte)105), byte.valueOf((byte)98), byte.valueOf((byte)107), byte.valueOf((byte)100), byte.valueOf((byte)98), byte.valueOf((byte)112), byte.valueOf((byte)92), byte.valueOf((byte)94), byte.valueOf((byte)111), byte.valueOf((byte)98), byte.valueOf((byte)92), byte.valueOf((byte)112), byte.valueOf((byte)113), byte.valueOf((byte)102), byte.valueOf((byte)105), byte.valueOf((byte)105), byte.valueOf((byte)92), byte.valueOf((byte)98), byte.valueOf((byte)94), byte.valueOf((byte)112), byte.valueOf((byte)118), byte.valueOf((byte)36), byte.valueOf((byte)38)
};
string s = "";
byte abyte1[] = abyte;
int i = abyte1.length;
for(int j = 0; j < i; j++)
{
byte byte0 = abyte1[j].byteValue(); s = (new StringBuilder()).append(s).append((char)(byte0 + 3)).toString();
}
bufferedreader bufferedreader = new bufferedreader(new inputstreamreader(system.in));
bufferedreader.readLine();
system.exit(0);
system.out.println(s); }
}
</pre>
<br />
For a quick look through in the code you can figure out that the key is stored in variable '<i>s' </i>and also before the statement that print out the variable '<i>s</i>'<i> </i>there is an '<i>exit</i>' statement '<i> system.exit(0)'</i>.<br />
So remove that line and remove the ' <i>bufferedreader.readLine()</i>' also.<br />
Compile the new code and execute it.<br />
The output will be<br />
md5('java_challenges_are_still_easy')<br />
Find the md5 of the text and it will be the flag.Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0tag:blogger.com,1999:blog-4656184682055215111.post-22807895655125138622014-03-10T10:28:00.000+05:302014-03-10T11:05:22.478+05:30[CTF Writeups] InCTF 2014 Round 2 Reverse[1] 50Download the file and extract it and we can see the file named '<i>one</i>'<br />
<br />
Check what kind of the file it is using the command '<i>file</i>'<br />
<pre class="prettyprint" skin="Desert"># file one
one: python 2.7 byte-compiled
</pre>
<br />
Okie let's try executing it<br />
<pre class="prettyprint" skin="Desert"># python one<span style="font-family: Times New Roman;"><span style="white-space: normal;">
</span></span></pre>
Gives no O/P just reads what you give as I/P and terminates.<br />
<br />
So we have to look inside the compiled file for that we have to de-compile it. Download the tool uncompyle2[only for python2.7] and install it. Run uncomple2 on our file<br />
<pre class="prettyprint" skin="Desert">#uncompyle2 one
# 2014.02.28 10:34:22 IST
#Embedded file name: one.py
eflag = [131, 138, 219, 198, 201, 158, 151, 154, 134, 129, 128, 177, 135, 157, 177, 157, 154, 135, 130, 130, 177, 141,
129,
129,
130,
201,
199]
flag = ''.join(map(chr, map(lambda x: x ^ 238, eflag)))
raw_input()
+++ okay decompyling one
# decompiled 1 files: 1 okay, 0 failed, 0 verify failed
# 2014.02.28 10:34:22 IST
</pre>
<br />
So they are doing some operation and getting the flag in variable 'flag'. Copy the code and modify it to output the flag, that is add the line print(flag) to the end before '<i>raw_input()</i>' and execute the new python code.<br />
The output is<br />
md5('python_is_still_cool')<br />
Find the md5 and it's the flag.Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0tag:blogger.com,1999:blog-4656184682055215111.post-7535907145752408592014-03-10T10:09:00.000+05:302014-03-10T11:05:33.497+05:30[CTF Writeups] InCTF 2014 Round 2 Web 100Task<br />
A login from is there, with fields to enter '<i>username</i>' and '<i>password</i>', we have to login somehow.<br />
<br />
Solution<br />
First let's have a look at the source by clicking the link '<i>source</i>'<br />
<pre class="prettyprint" skin="Desert"><?php
include 'foo.php';
$user = $_POST['username'];
$pass = $_POST['password'];
if( !strcasecmp($user, "admin") && !strcasecmp($pass, $secret)) {
echo"<h1>$flag</h1>";
}
else {
echo"<h1>No flag for n00bs..</h1>";
}
?>
</pre>
<br />
So we can see the password is obliviously '<i>admin</i>' but the password is stored in the variable '<i>$secret'</i> which must be in the file <i>'foo.php', </i>which we have no way to figure out.<br />
<br />
Next we option is we can look out for vulnerabilities in function '<i>strcasecmp()'. </i>A quick googling will reveal that '<i>strcasecmp()' </i>have a vulnerabiity that when we pass array to that function it return true.<br />
<br />
Let's edit the source of the login page and pass array to '<i>strcasecmp()</i>'. In login page change the below line using 'Firebug' in Firefox or 'Developers tool' in Chrome.<br />
<pre class="prettyprint" skin="Desert"><input name="password" placeholder="Password" type="password">
</pre>
to the below<br />
<pre class="prettyprint" skin="Desert"><input name="password[]" placeholder="Password" type="password">
</pre>
<br />
And now click login and you will get the flag{fb1186d3dfd25773d51964cf0d62d302}.Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0tag:blogger.com,1999:blog-4656184682055215111.post-10554845530810737522014-02-28T19:40:00.000+05:302014-03-08T15:30:05.030+05:30Install 32-bit IDA Debugger on Ubuntu 13.10 - 64 bitIDA is powerful Debugger/Dis-assembler, you can read more in this <a href="https://www.hex-rays.com/products/ida/debugger/">link</a><br />
<br />
The main road block for the installation is that IDA is a 32 bit application and so expects 32 bit libraries.<br />
But your system being 64 bit will only have 64 bit libraries and so you have to install the 32 bit variant of the libraries that IDA requires.<br />
<br />
I will walk you through the install steps.<br />
<br />
<b>Step 1:</b> Download<br />
Download the IDA files[l<a href="https://www.hex-rays.com/products/ida/support/download_demo.shtml" target="_blank">ink</a>], of course it's a paid software and you can get only the demo version.<br />
<br />
<b>Step 2: </b>Unzip<br />
Unzip the files and try to run the executable '<i>idaq</i>'<br />
<pre class="prettyprint" skin="Desert"># ./idaq
</pre>
and if your Ubuntu is 64 bit something similar may show up
<br />
<pre class="prettyprint" skin="Desert">./idaq: error while loading shared libraries: libgthread-2.0.so.0: cannot open shared object file: No such file or directory
</pre>
<br />
<b>Step 3: </b>Install 32 bit libraries<br />
So you have to install the 32 bit libraries, 64 bit version will be already present on your system by default.<br />
Find the package that has libgthread-2.0.so.0<br />
<pre class="prettyprint" skin="Desert"># dpkg -S libgthread-2.0.so.0
libglib2.0-0:amd64: /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0
</pre>
The package name '<i>libglib2.0-0:amd64</i>' and 32 bit package will be '<i>libglib2.0-0:i386'</i><br />
And install the package '<i>libglib2.0-0:i386'</i><br />
<pre class="prettyprint" skin="Desert">#apt-get install libglib2.0-0:i386
</pre>
Before trying to run IDA again you can find out all the libraries that are not found in the system using the below command<br />
<pre class="prettyprint" skin="Desert">#ldd idaq | grep found
</pre>
<br />
After installing all the missing libraries you can run IDA again [<i>./idaq</i>]Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Center for Cyber Security, Amrita Vishwa Vidyapeetham, IT Block Road, Ettimadai, Boluvampatti, Tamil Nadu 641112, India10.904918 76.899283799999921-14.6171165 35.590689799999922 36.4269525 118.20787779999992tag:blogger.com,1999:blog-4656184682055215111.post-54218285231142720842014-02-25T07:54:00.000+05:302014-02-25T07:54:45.926+05:30Reset MySQL root password [Ubuntu 12.04]If you want reset your MySQL root password follow the below simple steps.<br />
<br />
Stop MySQL server<br />
<pre class="prettyprint" skin="Desert"># service mysql stop<span style="font-family: Times New Roman;"><span style="white-space: normal;">
</span></span></pre>
Restart MySQL with option --skip-grant-tables, i.e permissions are not loaded and so disable networking<br />
<pre class="prettyprint" skin="Desert"># /usr/sbin/mysql --skip-grant-tables --skip-networking<span style="font-family: Times New Roman;"><span style="white-space: normal;">
</span></span></pre>
Now login to the mysql shell as root user, and no password<br />
<pre class="prettyprint" skin="Desert"># mysql -u root<span style="font-family: Times New Roman;"><span style="white-space: normal;">
</span></span></pre>
The user passwords are in the table mysql.user in password column update them<br />
<pre class="prettyprint" skin="Desert">mysql>use mysql;
mysql>update user set password=password('inctfmysql') where user='root';<span style="font-family: Times New Roman;"><span style="white-space: normal;">
</span></span></pre>
Now give the below command to commit the changes<br />
<pre class="prettyprint" skin="Desert">mysql>flush privileges;<span style="font-family: Times New Roman;"><span style="white-space: normal;">
</span></span></pre>
Restart the MySQL server
<pre class="prettyprint" skin="Desert">
# service mysql restart
</pre>
<br/>
Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Center for Cyber Security, Amrita Vishwa Vidyapeetham, IT Block Road, Ettimadai, Boluvampatti, Tamil Nadu 641112, India10.904918 76.899283799999921-14.6171165 35.590689799999922 36.4269525 118.20787779999992tag:blogger.com,1999:blog-4656184682055215111.post-20382494711274801202014-02-09T16:20:00.000+05:302014-02-25T07:55:12.396+05:30Block ping request from a specific IP using iptables on Ubuntu 12.04 [Tested]<b>My Sever</b><br />
OS:Ubuntu 12.04<br />
IP: 192.168.56.100<br />
<br />
<b>My Client</b><br />
OS:Ubuntu 13.04<br />
IP 192.168.56.101<br />
<br />
<b>Task</b><br />
Block the ping request from client to server, so that when client ping the server, client should not get any reply.<br />
<br />
<b>Solution</b><br />
Add the below rule in iptable of the server
<br />
<pre class="prettyprint" skin="Desert">iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -s 192.168.56.101 -j DROP
</pre>
<br />
You have to specify the icmp-type as echo-request other wise the outgoing ping from server to client also will get blocked because when you ping client from server following happens<br />
:-ICMP echo-request is send to client<br />
:-ICMP echo-reply is send back from client to server(this get dropped if no icmp-type is indicated)<br />
<br />
<b>Save rules in iptables permanently</b><br />
If you give iptables-save rules will be saved for the current session but will be gone once you reboot your machine. To save them permanently<br />
<br />
<ul>
<li>Open '/<i>etc/network/interfaces</i>' file</li>
</ul>
<br />
<pre class="prettyprint" skin="Desert">vim /etc/network/interfaces</pre>
<br />
<ul>
<li>Append the below line along with your eth0 directives:</li>
</ul>
<br />
<pre class="prettyprint" skin="Desert">post-up /sbin/iptables-restore < /etc/iptables-up.rules
</pre>
<br />
<ul>
<li>Now save the current iptable rules to '<i>/etc/iptables-up.rules'</i></li>
</ul>
<br />
<pre class="prettyprint" skin="Desert">iptables-save > /etc/iptables-up.rules
</pre>
<br />
<b>About the flags used in the rule</b><br />
-A: Append with the existing rules<br />
-i: In interface name<br />
-o: Out interface name<br />
-p: protocol<br />
-s: Source IP Address<br />
-d: Destination IP Address<br />
-j: Jump Target-> What to do when a packet that satisfy this rule comes (eg: ACCEPT, DROP, QUEUE, RETURN or name of a user specif chain)<br />
<br />
Built in chain Names:<br />
FORWARD:-For packets routed through the box<br />
INPUT:-For packets coming into the box<br />
OUTPUT:- For altering the locally generated packets before routingAnonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Center for Cyber Security, Amrita Vishwa Vidyapeetham, IT Block Road, Ettimadai, Boluvampatti, Tamil Nadu 641112, India10.904918 76.899283799999921-14.6171165 35.590689799999922 36.4269525 118.20787779999992tag:blogger.com,1999:blog-4656184682055215111.post-86698987024340762662014-02-06T23:55:00.001+05:302014-02-25T07:55:27.584+05:30Backup and Restore database in MySQL server on Ubuntu 13.04Backup and Restore operation in MySQL Server.<br />
<div>
<br /></div>
<div>
Some handy MySQL tips before we move on:</div>
<div>
<br /></div>
<div>
<b>How to log into mysql shell ?</b></div>
Type the below command in the terminal
<br />
<pre class="prettyprint" skin="Desert">mysql --user=username --password=password
</pre>
<br />
<b>Know the version of my MySQL server ?</b><br />
After you log in to mysql shell check out the first few lines, it will have the server version.<br />
<br />
<b>See all databases in mysql ?</b><br />
From mysql shell, type the command '<i>show databases'</i>.<br />
<pre class="prettyprint" skin="Desert">mysql show databases
</pre>
<br />
<b>Set a database as working or current database ?</b><br />
From mysql shell, type the command use database_name<br />
<pre class="prettyprint" skin="Desert">mysql --user=username --password=password
</pre>
<br />
<b>See all the tables in my current selected database ?</b><br />
From mysql shell, type the command<i> 'show tables'</i><br />
<pre class="prettyprint" skin="Desert">mysql show tables
</pre>
<br />
<h2>
How to take BackUp</h2>
<div>
<b>To take back up of all databases</b></div>
<div>
Type the the below in your terminal
<br />
<pre class="prettyprint" skin="Desert">mysqldump --user=username --password=password --all-databases > alldbbck.sql
</pre>
</div>
<br />
<b>To take back up of a single database</b><br />
Give the below command from your terminal<br />
<pre class="prettyprint" skin="Desert">mysqldump --databases db1 > dump.sql
mysqldump db1 > dump.sql
</pre>
<br />
If we use<i> '--databases'</i> then the dump.sql will have '<i>CREATE DATABASE db1'</i> and '<i>USE db1</i>' statements, so while restoring this script you need not specify the target database name for recreation of tables, MySQL will create the database for you.<br />
<br />
<b>To take back up of a multiple database</b><br />
Use the below command<br />
<pre class="prettyprint" skin="Desert">mysqldump --databases db1 db2 db3 > dump.sql
</pre>
<br />
<h2>
How to Restore</h2>
<div style="text-align: justify;">
If the dump script have create database and use statements (i.e created using --all-databases or --databases option) then it's not necessary to specify a database in which the backup is to be restored.</div>
<div style="text-align: left;">
Fire the below command from your terminal:
<br />
<pre class="prettyprint" skin="Desert">mysql --user=username --password=password < dump.sql
</pre>
</div>
<br />
MySQL will create the database for you as your script already have the '<i>CREATE DATABASE' </i>statement.<br />
<br />
Otherwise specify an existing database as destination database<br />
<pre class="prettyprint" skin="Desert">mysql --user=username --password=password dump < dump.sql
</pre>
<br />
This post covered the most basic and steps for backup and restore, a shot for the jump in guys..<br />
Happy Hacking !!Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Center for Cyber Security, Amrita Vishwa Vidyapeetham, IT Block Road, Ettimadai, Boluvampatti, Tamil Nadu 641112, India10.904918 76.89928379999992110.904918 76.899283799999921 10.904918 76.899283799999921tag:blogger.com,1999:blog-4656184682055215111.post-66475916086911375922014-02-06T23:02:00.000+05:302014-03-25T07:14:55.147+05:30Secure or Harden MySQL installation on Ubuntu 13.04 [Tested]Harden MySQL installation was a task in <a href="http://inctf.in/">InCTF</a> 2014 learning round. Below are the steps I used to harden MySQL installation on my Ubuntu 13.04 box.<br />
<br />
<b>Basic MySQL installation</b><br />
<pre class="prettyprint" skin="Desert">sudo apt-get install mysql-server
</pre>
<br />
<b>Securing MySQL</b><br />
Type the below command to start the secure setup script<br />
<pre class="prettyprint" skin="Desert">sudo /usr/bin/mysql_secure_installation
</pre>
<br />
This will launch the secure installation script<br />
<br />
<b>Setting root password:</b><br />
If you had not set the root password at the time of installation systems asks you to set it now. I had already set the root password, so I'm skipping.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-RRnpZSImh70/UvPCFIZRWPI/AAAAAAAAAcM/KWw2egUPWHU/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-RRnpZSImh70/UvPCFIZRWPI/AAAAAAAAAcM/KWw2egUPWHU/s1600/1.jpg" height="214" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<b>Remove anonymous users:</b><br />
By default MySQL have anonymous login with no passwords, so remove it.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-T6WQgHT8sRU/UvPCKWuwTwI/AAAAAAAAAcY/WT4uFM72Lc0/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-T6WQgHT8sRU/UvPCKWuwTwI/AAAAAAAAAcY/WT4uFM72Lc0/s1600/2.jpg" height="80" width="640" /></a></div>
<br />
<b>Disallow remote root login:</b><br />
To make sure some one brute force or guess your root user password and attempt to remotely login into your database server.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-7nhW_Vu-Yzw/UvPCKxgsdxI/AAAAAAAAAcg/6BXfzndaCCA/s1600/5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-7nhW_Vu-Yzw/UvPCKxgsdxI/AAAAAAAAAcg/6BXfzndaCCA/s1600/5.jpg" height="48" width="640" /></a></div>
<br />
<b>Remove default '<i>test</i>' database:</b><br />
MySQL is shipped with a default '<i>test' </i>database that anyone can access, it's purely only for testing and should be removed.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-LF_2wOWxTJc/UvPCMG08J9I/AAAAAAAAAco/oKfU2mlhvFE/s1600/6.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-LF_2wOWxTJc/UvPCMG08J9I/AAAAAAAAAco/oKfU2mlhvFE/s1600/6.jpg" height="62" width="640" /></a></div>
<br />
<b>Reload the privileges table:</b><br />
To make all the changes reflect reload the privileges table.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-PbBKuhGgV0s/UvPCRyR1rYI/AAAAAAAAAcw/HRtg9ViChIo/s1600/7.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-PbBKuhGgV0s/UvPCRyR1rYI/AAAAAAAAAcw/HRtg9ViChIo/s1600/7.jpg" height="124" width="640" /></a></div>
<br />Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Center for Cyber Security, Amrita Vishwa Vidyapeetham, IT Block Road, Ettimadai, Boluvampatti, Tamil Nadu 641112, India10.904918 76.89928379999992110.897122 76.889198799999917 10.912714000000001 76.909368799999925tag:blogger.com,1999:blog-4656184682055215111.post-75123551398331908442014-02-06T01:08:00.000+05:302014-10-15T12:48:29.816+05:30Hardening or Securing apache2 in Ubuntu 13.04 [Tested]Here are the 10 steps I did to harden apache2 server on my Ubuntu 13.04 box<br />
Securing apache2 was a task in learning round 1 of <a href="http://inctf.in/" target="_blank">InCTF '14</a>.<br />
<br />
<h2>
<b>Step 1 Disable Directory Listing</b></h2>
<div style="text-align: justify;">
Directory Listing: If there is no "<i>index</i>" file in a directory of your website and if u give the URL to that directory in the browser it will list out the files in that directory. Directory listing will look like this</div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-ssacGAdLxag/UvJWfh0CHXI/AAAAAAAAAbQ/cpkPajD6A94/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-ssacGAdLxag/UvJWfh0CHXI/AAAAAAAAAbQ/cpkPajD6A94/s1600/1.png" height="224" width="640" /></a></div>
To disable directory listing:<br />
<div>
<b>Open file <i>/etc/apache2/sites-available/000-default.conf</i></b></div>
<pre class="prettyprint" skin="Desert">
sudo vim /etc/apache2/sites-available/000-default.conf
</pre>
<div>
<b><i><br /></i>Find the line having the path of your website and c</b><b>hange the <i>Indexes</i> in <i>Options</i> to <i>-Indexes</i></b><br />
<ol>
</ol>
<ul><ul>
</ul>
</ul>
<pre class="prettyprint" skin="Desert"> <directory /var/www/php >
Options -Indexes
Order allow,deny
Allow from all
</directory></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-JFtsQiVfpUM/UvJmxKY3CBI/AAAAAAAAAbs/oeTgaZYUHSI/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-JFtsQiVfpUM/UvJmxKY3CBI/AAAAAAAAAbs/oeTgaZYUHSI/s1600/6.png" height="218" width="640" /></a></div>
<h2>
<b>Step 2 Prevent Server Information leakage</b></h2>
<div style="text-align: justify;">
Version details of Apache server and Operating system will be shown by default in error pages, directory listing, HTTP request header. This is a security threat as an attacker can figure out which kind of attack he need to use from the version details. See the server and port details beneath the directory listing above.</div>
</div>
<div>
To disable this information leakage:<br />
<br />
<b>Open the file "<i>/etc/apache2/conf-available/security.conf"</i></b></div>
<pre class="prettyprint" skin="Desert">sudo vim /etc/apache2/conf-available/security.conf
</pre>
<br />
<b>Set "<i>ServerSignature Off</i>" and "<i>ServerTokens Prod</i>"</b><br />
<pre class="prettyprint" skin="Desert">ServerSignature Off
ServerTokens Prod
</pre>
<br />
<b>Restart Apache server</b>
<br />
<pre class="prettyprint" skin="Desert">sudo service apache2 restart
</pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-idbeNZKAiMM/UvJqOgvecOI/AAAAAAAAAb4/vS7vsbhwn7g/s1600/for.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-idbeNZKAiMM/UvJqOgvecOI/AAAAAAAAAb4/vS7vsbhwn7g/s1600/for.jpg" height="180" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<h2>
<b>Step 3 Run Apache as separate User and Group</b></h2>
<div>
First find out under which user Apache server is running:</div>
<div>
<br /></div>
<pre class="prettyprint" skin="Desert">ps -aux | grep --color apache2
</pre>
<br />
<div style="text-align: justify;">
The first column shows the user under which Apache process is running, if you had just plainly installed apache2 the user must be '<i>root</i>' or 'www-data'. </div>
<div style="text-align: justify;">
Wonder wat's this '<i>www-data</i>' ? '<i>www-data</i>' account can be used if you want php to be able to edit the contents of that file/folder.<br />
<br /></div>
<div style="text-align: justify;">
We have to change the user running the Apache to a low privileged one. If the user '<i>Nobody</i>' is the one that is coming to your mind don't give up to it because there will be many other process running under '<i>Nobody</i>' user as it's the default daemon process account in linux system. </div>
<div style="text-align: justify;">
If an attacker some how compromise your Apache server he will also get access to all other process. So it's always better to run a process under a separate low privilege account here we will create '<i>apache2</i>' account.<br />
<br />
<b>Create a new group apache2</b>
<br />
<pre class="prettyprint" skin="Desert">groupadd apache2
</pre>
<br />
<b>Create a new user apache2</b>
<br />
<pre class="prettyprint" skin="Desert">useradd -d /var/www/ -g apache2 -s /bin/nologin apache2
</pre>
-d-home directory<br />
-g-The group name or number of the user's initial login group<br />
-s-The name of the user's login shell [/bin/nologin = login disabled]<br />
<br />
<b>Open /etc/apache2/envvars</b>
<br />
<pre class="prettyprint" skin="Desert">sudo vim /etc/apache2/envvars
</pre>
<br />
<div style="text-align: left;">
<b>Change export APACHE_RUN_USER and </b><b>export APACHE_RUN_GROUP</b>
<br />
<pre class="prettyprint" skin="Desert">export APACHE_RUN_USER=apache2
export APACHE_RUN_GROUP=apache2
</pre>
<br />
Now restart [reboot may be needed] and check the user under which Apache is running.<br />
<br />
<h2>
<b>Step 4 Use mod_security and mod_evasive modules</b></h2>
<div style="text-align: justify;">
mod_security is a web application firewall that can do HTTP Traffic Logging to a particular web application,Real-Time Monitoring and Attack Detection,Attack Prevention and Just-in-time Patching etc..For more details check out the mod_security project website <a href="http://www.modsecurity.org/projects/modsecurity/" target="_blank">here</a>.</div>
<div>
<br /></div>
<div style="text-align: justify;">
mod_evasive is an evasive maneuvers module for Apache that provides evasive action in the event of an HTTP DoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and more. mod_evasive presently reports abuse via email and syslog facilities. </div>
<div>
<br /></div>
<div>
<b>mod_security Installation</b></div>
<div>
<b><br /></b></div>
<div>
<b>Install mod_security package</b>
<br />
<pre class="prettyprint" skin="Desert">sudo apt-get install libapache2-modsecurity
</pre>
</div>
<br />
<b>Enable mod_security module within the apache2 configuration</b>
<br />
<pre class="prettyprint" skin="Desert">sudo a2enmod mod-security
</pre>
</div>
<br />
<div>
<b>Verify it's enabled or not</b>
<br />
<pre class="prettyprint" skin="Desert">apachectl -M | grep --color security
</pre>
<br />
You should see a module named security2_module (shared) which indicates that the module was loaded.
</div>
<br />
<div style="text-align: left;">
<b>mod_evasive</b><b style="text-align: left;"> Installation</b>
<br />
<pre class="prettyprint" skin="Desert">sudo apt-get install libapache2-mod-evasive
</pre>
</div>
<div style="text-align: left;">
<b style="text-align: left;"><br /></b></div>
<div style="text-align: left;">
<b style="text-align: left;">Create log file directory for mod_evasive</b>
<br />
<pre class="prettyprint" skin="Desert">mkdir /var/log/mod_evasive/
sudo chown apache2:apache2 /var/log/mod_evasive/
</pre>
</div>
<div style="text-align: left;">
<b style="text-align: left;"><br /></b></div>
<div style="text-align: left;">
<b style="text-align: left;">Create mod-evasive.conf file and configure ModEvasive</b>
<br />
<pre class="prettyprint" skin="Desert">sudo vi /etc/apache2/mods-available/mod-evasive.conf
</pre>
<br />
<b>Add the below to <i>mod-evasive.conf</i></b>
<br />
<pre class="prettyprint" skin="Desert"><ifmodule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir /var/log/mod_evasive
DOSEmailNotify EMAIL@DOMAIN.com
DOSWhitelist 127.0.0.1
</ifmodule>
</pre>
<br />
<b>Check if ModEvasive is enabled and restart Apache.
</b>
<br />
<pre class="prettyprint" skin="Desert">sudo a2enmod mod-evasive
service apache2 restart
apache2ctl -M | grep --color evasive
</pre>
</div>
</div>
<br />
<h2>
<b>Step 5 Turn off Server Side Includes and CGI Execution</b></h2>
<div>
If server side includes / CGI execution is not required in your website then disable them because shell code can be executed in the server through poorly designed website.</div>
<div>
<br /></div>
<div>
<b>In the file '<i>/etc/apache2/sites-available/default' </i>change or add '<i>Options -Includes'</i></b></div>
<div>
<b><i>'Options -ExecCGI'</i> to your website section.</b></div>
<div>
</div>
<h2>
<b>Step 6 File permissions</b></h2>
<div>
Your website root directory may have files that holds sensitive information so remove write permission from those files, so that data cannot be modifies through the website or using the website in any manner.</div>
<div>
<br /></div>
<div>
Permission bits: Read = 4, Write = 2, Execute = 1</div>
<div>
<div>
So if you split the octal permission 745 into 3 sections, user, group and world, you have the following permissions.</div>
<div>
User = 7 (4+2+1 or RWX)</div>
<div>
Group = 4 (4 or R)</div>
<div>
Others = 5 (4+1 or RX)</div>
<div>
Permission to sensitive file can be modified using the below command
<br />
<pre class="prettyprint" skin="Desert">chmod 745 sensitive_file.txt
</pre>
</div>
</div>
<br />
<h2>
<b>Step 7 File/Folder Ownership</b></h2>
<div>
One should never run any files in apache directory with root permission</div>
<div>
To change the ownership to apache2 user and apache2 group use the below command
<br />
<pre class="prettyprint" skin="Desert">chown apache2:apache2 -R /var/www/
</pre>
</div>
<br />
<h2>
<b>Step 8 Use Allow and Deny to Restrict access to Directories</b></h2>
<div>
We can restrict access to directories with “Allow” and “Deny” options in '<i>/etc/apache2/sites-available/default</i>'. Secure the root directory using the below settings.
<br />
<pre class="prettyprint" skin="Desert"><Directory />
Options None
Order deny,allow
Deny from all
</Directory><span style="font-family: Times New Roman;"><span style="white-space: normal;">
</span></span></pre>
</div>
<br />
Order is one of the below:[<a href="http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order" target="_blank">more details here</a>]<br />
Allow,Deny<br />
First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.<br />
<br />
Deny,Allow<br />
First, all Deny directives are evaluated; if any match, the request is denied unless it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted.<br />
<br />
<h2>
<b>Step 9 Disable unwanted HTTP methods</b></h2>
Disable unwanted potentially risky HTTP1.1 method , usually a website may just need GET, HEAD, POST request methods in web application, which can be configured in respective Directory directive.
<br />
<pre class="prettyprint" skin="Desert"><Directory /var/www/php/ >
<LimitExcept GET POST >
deny from all
</LimitExcept>
</Directory>
</pre>
<br />
Restrictions applied to GET will apply to HEAD, and therefore if GET is unrestricted so HEAD will also be unrestricted.<br />
The HEAD method is identical to GET except that the server MUST NOT return<br />
a message-body in the response.<br />
<br />
<h2>
<b>Step 10 Keep Apache Server updated</b></h2>
In Ubuntu you can trigger the system update process from the Software updater, which will have the Apache updates also.Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Amrita Vishwa Vidyapeetham, Ettimadai Road, Ettimadai, Boluvampatti, Tamil Nadu 641112, India10.904784703078425 76.89949035644531210.896988703078424 76.889405356445309 10.912580703078426 76.909575356445316tag:blogger.com,1999:blog-4656184682055215111.post-45808256698993604322013-12-31T00:23:00.000+05:302013-12-31T00:23:22.015+05:30Set execute permission for files on NTFS partition [Ubuntu 13.04]<div>
<b>Description:</b></div>
<div>
Can't execute or set execute permission for executable (Linux executable) files in NTFS partition.</div>
<div>
<b><br /></b></div>
<div>
<b>Details:</b></div>
<div>
OS:Ubuntu 13.04</div>
<div>
NTFS partition mounted by clicking on the partition name that appear in the 'Devices' section in the Nautilus window (File Explorer).</div>
<div>
<br /></div>
<div>
<b>Reason:</b></div>
<div>
The NTFS file system don't have the permission bits like that in the Linux because NTFS is designed for windows.</div>
<div>
<br /></div>
<div>
<b>Fix:</b></div>
<div>
In the <b style="font-style: italic;">/etc/fstab </b>file mount the NTFS partition using the <i style="font-weight: bold;">umask=000 </i>and <i style="font-weight: bold;">exec </i>option.</div>
<div>
<i style="font-weight: bold;">umask</i> indicates which all permissions you want to restrict, so <i style="font-weight: bold;">umask</i>=000 mean everyone will have read,write and execute permission on the disk after the mounting.</div>
<div>
<br /></div>
<pre class="prettyprint">UUID=ECE896823234E8964CA8 /media/Disk ntfs defaults,exec,fmask=000 0 0
</pre>
<div>
<br />
<b>Reference Links:</b><br />
<a href="http://askubuntu.com/questions/223016/setting-permission-for-ntfs-partition">http://askubuntu.com/questions/223016/setting-permission-for-ntfs-partition</a><br />
<a href="http://askubuntu.com/questions/5069/cant-set-permissions-for-files-on-an-ntfs-partition">http://askubuntu.com/questions/5069/cant-set-permissions-for-files-on-an-ntfs-partition</a><br />
<br /></div>
Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0India8.9284870626655035 76.59667968754.935277062665504 71.4331056875 12.921697062665503 81.7602536875tag:blogger.com,1999:blog-4656184682055215111.post-52852091698706353972013-12-13T21:53:00.002+05:302013-12-29T00:45:42.284+05:30Multi Threaded v/s Single Threaded Download Manager<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In a quest to choose a Download manager for my Linux Box, i came across this question </div>
<div style="text-align: justify;">
"Does multi threaded download managers really help". </div>
<div style="text-align: justify;">
Had a discussion with my friends, spend quite sometime on Google and finally came to a conclusion.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Yes multi-threaded/multi-part Downloading really HELPS and SPEEDS UP the download..</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In multi-threaded/multi-part downloading a single file is split into multiple segments/parts and are downloaded using several parallel HTTP connections from a single server. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This speeds up the download because the ISP/Server/Firewall will usually put a limitation of bandwidth per connection, so multiple connections will help to circumvent this limitation. But bear in mind that you can't speed up beyond the maximum bandwidth allocated to you. Also servers will have a limit on maximum limit on the number of parallel connections per client in order to prevent this.</div>
<br />Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Kerala, India10.8505159 76.2710832999999876.8573059 71.10750929999999 14.843725899999999 81.434657299999984tag:blogger.com,1999:blog-4656184682055215111.post-33792928212418741572013-11-22T01:17:00.000+05:302013-11-22T01:53:50.585+05:30[CTF Writeups]Defcamp Quals 2013:Misc 1<i>Mission:</i><br />
Recover the password of user hertz<br />
<br />
<i>Given:</i><br />
passwd file and corresponding shadow file<br />
<br />
<i>Background info:</i><br />
<div style="text-align: justify;">
The password of the user is saved in the shadow file as hash value. Hash values are generated by hash function which are one way functions. So it's not possible to find out the password from the hash value by reverse engineering.</div>
<div style="text-align: justify;">
<br /></div>
<i>Mode of Attack:</i><br />
Brute Force, using the tool <a href="http://rpmfind.net/linux/rpm2html/search.php?query=john" target="_blank">John the Ripper</a><br />
After installing the rpm package from the above link run below commands in the terminal to<br />
<ul>
<li>Combine user information in <i>passwdfile</i> and <i>shadowfile</i> and write it to <i>testfile</i></li>
<li>Launch dictonary based brute force attack on <i>testfile</i></li>
<li>Recover the passwords using <i>--show</i></li>
</ul>
And you will get your initial key as "<b>iloveu1</b>"<br />
<br />
<pre class="brush:shell.js">unshadow passwdfile shadowfile > testfile
john testfile
john --show testfile
</pre>
Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Amrita Vishwa Vidyapeetham, Ettimadai, Tamil Nadu 641112, India10.904829072437916 76.89925446242682510.897033072437916 76.889169462426821 10.912625072437917 76.909339462426829tag:blogger.com,1999:blog-4656184682055215111.post-75667239106719784702013-11-22T01:16:00.001+05:302013-11-22T01:16:31.827+05:30[CTF Writeups]CSCAMP 2013: Reverse 80<i>Mission: </i><br />
An executable 'nullex80' was given and we have to find out the flag, tried to run in and it asked for username and password<br />
<br />
First: applied the 'file' command, it gave the below o/p<br />
<br />
<pre class="prettyprint lang-bsh">file nullex80
nullex80: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0x7f73d19c16ca48817097c99cb8e0d2fb3ad50760, not stripped</pre>
<br />
So from the o/p we got it's not stripped so the variables and functions are in readable form that means we can apply 'strings' command on the file to get all readable strings from the file<br />
<br />
Second: apply strings on 'nullex80'<br />
<br />
<pre class="prettyprint lang-bsh">strings nullex80
/lib64/ld-linux-x86-64.so.2
libc.so.6
puts
putchar
printf
strlen
strcmp
__libc_start_main
__gmon_start__
GLIBC_2.2.5
UH-h
UH-h
[]A\A]A^A_
username password
%s %s
r00t
OshZ2sexLLLxXXnnn001
Kit Williams quotes
You see, my ambition was not to confound the engineering world but simply to create a beautiful piece of art.
Wrong username/password!
;*3$"
</pre>
<br />
So from a look at the readable strings given as the o/p 'r00t' seem like a good candidate for password<br />
<br />
Third: Run the executable with 'r00t' as username and 'OshZ2sexLLLxXXnnn001'as the password<br />
<br />
<pre class="prettyprint lang-bsh">./nullex80 r00t OshZ2sexLLLxXXnnn001
You see, my ambition was not to confound the engineering world but simply to create a beautiful piece of art.
Kit Williams quotes
flag{2afcad7815395d567001e09100c4e2fe}
</pre>
<span class="st">voilà got the flag !!<em> </em></span>Anonymoushttp://www.blogger.com/profile/15693170709144921381noreply@blogger.com0Amrita Vishwa Vidyapeetham, Ettimadai, Tamil Nadu 641112, India10.9024692 76.90019860000006710.8946732 76.890113600000063 10.910265200000001 76.910283600000071