Tag Archives: network&hacking

Configuring proxy for APT in Ubuntu

Recently, I have a problem where when I tried to update Ubuntu package via apt-get, it shows HTTP 401 proxy error related.
Just a note, I’m running VM using my office network which has an enterprise web proxy servers.

From this site;

APT configuration file method

This method uses the apt.conf file which is found in your /etc/apt/ directory. This method is useful if you only want apt-get (and not other applications) to use a http-proxy permanently.

On some installations there will be no apt-conf file set up. This procedure will either edit an existing apt-conf file or create a new apt-conf file.

gksudo gedit /etc/apt/apt.conf

Add this line to your /etc/apt/apt.conf file (substitute your details for yourproxyaddress and proxyport).

Acquire::http::Proxy “http://username:password@yourproxyaddress:proxyport”;

Save the apt.conf file.

References:

  • http://askubuntu.com/questions/257290/configure-proxy-for-apt
  • http://askubuntu.com/questions/543616/why-does-add-apt-repository-now-fail-to-retrieve-keys-behind-my-proxy-server-bu

Configure Cisco switch from Mac OS X through console port

Recently, I was searching for rollover cable that used to connect your PC/laptop to your switch via console port. It took me for a while searching this kind of cable in Low Yat Plaza, KL. Here, you can find variety of electronics stuff from PC hardware to servers stuffs.

But, it was hard for me to find this cable. After several visit to Low Yat, I managed to find the cable together with DB9 to USB converter. As you know, the rollover cable is using serial to ethernet cable. So, this post will guide you on how to install the driver and connect your rollover cable to your switch from Mac OS X.

So, for the first step, you should have rollover cable that looks like this:

Rollover to DB9/serial cable
Rollover to DB9/serial cable

And the DB9 to USB 2.0 converter. The one that I’m using is like this:
http://www.vztec.com.my/?sec=product&type=connect&sub=5&id=13776589936053

For my Mac OS X version, I’m using Mac OS X Yosemite 10.10.5 on MacBook Pro (13-inch, Early 2011). You’ll need the driver for the cables that you can download at here:
http://www.prolific.com.tw/UserFiles/files/PL2303_MacOSX_1_6_1_20160309.zip

After you’ve done downloading and extracting the driver, just click at .pkg file and proceed to install the driver. Reminder, make sure you restarted you machine after installing the driver in order for system to take effect:

DB9 to USB Converter driver
DB9 to USB Converter driver

Then, connect/plug-in the rollover cable to DB9 to USB converter. Then connect the converter USB to you Mac. After all has been connected, click on Apple logo on top left menu bar, click About This Mac, on Overview tabs, click System Report. Ensure that you DB9 converter is connected:

Mac OS X System Info
Mac OS X System Info

After restart, you can verify if the driver has successfully installed and loaded to the system by using this command:

$ kextstat | grep prolific

or

$ ioreg -c IOSerialBSDClient | grep usb

Now finally, you need an application which will talk to the serial port. We’ll using Terminal app on Mac OS X. On Mac, the file which maps to the port is /dev/cu.usbserial. Once all the cable has been connected, run this command to start connecting to you switch is:

$ screen /dev/cu.usbserial 9600

Disable IPv6 on Ubuntu

If you want to disable IPv6 on your server, below is the step to do it.

  1. Edit this file:
nano /etc/sysctl.conf
  1. Add these lines to the bottom of the file:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
  1. Run this command on your terminal:
sudo sysctl -p

Done!

Update Nessus via offline update mode

This step is for people that using Nessus on Mac OS X.

Step 1: Stop Nessus service on your machine
sudo launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist

Step 2: Download and copy the necessary registration and plugin files.
Now we have to download the registration file (nessus-fetch.rc) to register your license offline and latest plugin updates file (all-2.0.tar.gz).

run command:
/opt/nessus/bin/nessus-fetch --challenge

This will produce a string called “challenge” that looks like the following:
Challenge code: 67e1690d05c8608e959d5983de66688b5c3acae1

Next, go to https://plugins.nessus.org/offline.php and paste the “challenge” string as well as the Activation Code that you received previously into the appropriate text boxes. If you didn’t have the code or the code is invalid, register new activation code. This will produce a custom URL that can be used to download the latest Nessus plugin feed (all-2.0.tar.gz) along with a link to the nessus-fetch.rc file at the bottom of the screen.

Copy the nessus-fetch.rc file to your computer in the following directory:
/Library/Nessus/run/etc/nessus/nessus-fetch.rc

Now let’s register the scanner in offline mode.
Run the following command.
cd /Library/Nessus/run/bin/
nessus-fetch --register-offline nessus-fetch.rc

You will receive a message output saying registration was successful.

Step 3: Obtain and install latest plugins
To obtain the newest plugins, go to the URL that was provided in the previous step, download the file named “all-2.0.tar.gz” and save it in the directory /opt/nessus/sbin/. To install the plugins, perform the following command:
/opt/nessus/sbin/nessus-update-plugins all-2.0.tar.gz

Step 5: Rebuild the installed plugins
Run the following command to rebuild the plugins on your system:
/Library/Nessus/run/sbin/nessusd -R

This usually takes time…. So please be patience.

Step 6: Start the nessus server
Start your nessus server and try to login using a browser:
https://127.0.0.1:8834

use the credentials you created before and login.

How to SSH bruteforce on Linux/Mac OS X

SSH is an acronym for Secure Socket sHell, which provides a secure connection access to a remote machine.

By using this SSH Bruteforce tool, you can test security stuff like iptables, sshguard or fail2ban to see whether the rules or policy that have been set working or not. You also able to see the procedure of real hacking attempt.

Like most of brute forcing tools, first you’ll need a big passlist. You can get one from here:

Get SSHBrute python script:

To get it to work you will need this packages:

For Mac OS X user, this is the requirement:

  • Xcode 4.3 (App Store link) or later installed including Command Line Tools or install GCC and Command Line Tools without Xcode
  • Get Paramiko 1.7.7.2+ (or whatever the newest version is), this package includes PyCrypto

Download Paramiko at here:

Then, unzip the Paramiko archive and go to that directory:

Type the following command to start installing:

After that, unzip SSHBrute:

Go to SSHBrute directory:

To start the script, run this command:

The parameter:
-h = hostname/IP address
-u = username/username list
-d = password list

This is how the tool works:

SQLI – buyamotor[dot]com[dot]my

Almost a decade ago I left this things..

Target:              http://www.buyamotor.com.my/motor.php?cat=53
Host IP:            42.1.60.81
Current DB:     buyamoto_buym
Data Bases:      information_schema
                         buyamoto_buym

Data Found:
admin_email | admin_id | admin_user | admin_pwd
[email protected] | 1 | admin | adminpassword

But luckily I didn’t manage to find the admin page.. 🙁 

PHP Firewall – Free universal firewall protection for PHP WebSite.

Macam tajuk kat atas,
aku nak share ngan korang 1 benda ni..
Benda ni firewall untuk website korang..
Aku tengok benda ni bagus dari segi fungsi-fungsi yang die berikan..

Antara requirements yang dia nak ialah;

PHP Firewall is recommended for PHP websites only.
Server requirements
PHP Firewall is written in PHP.
PHP 5 and more is required on your server.
No database required.
PHP Firewall runs on Linux server, MS Windows or other one web server.
PHP Firewall is a small free PHP script, but secure all websites writen in PHP.
Last version 1.0.2 – 04/01/2010
PHP Firewall required PHP 5.
PHP Firewall doesn’t use any database, but flatfile system.
It’s very small, very simple, really easy to install and fastest.
PHP Firewall have is own logs system and email alert.
No .htaccess file required for betters performances

So, antara fungsi-fungsi yang ada ialah;

* XSS protection
* UNION SQL Injection protection
* Bads bots protection
* Bads requests methods protection
* Small DOS protection
* Inclusion files protection
* Santy and others worms protection
* Server Protection
* URL Query protection
* Cookies sanitize
* Post vars sanitize
* Get vars sanitize
* IPs range reserved denied
* IPs range spam denied
* IPs protected
* Unset globals PHP var

Haa.. Menarik kan?
So, aku cadangkan korang try pakai benda ni..
Tak rugi pun..

Benda ni free dan boleh didapati di laman yang berikut.
http://www.php-firewall.info/

CSRF in SpiceFuse Shoutbox (MyBB)

bagi sape2 yg ade forum yg berasaskan MyBB, dan yg menggunakan SpiceFuse Shoutbox, baik korg baca bnd ni..
sbb ade bnd yg menarik kat sini.. 🙂
bnd ni Johnburn dr tbd.my yg jmp.. jd aku share kn kat sini..
special thanx to Johnburn utk artikel & solution ni.. 🙂

The stories:
Tadi xda keje aku tgk2 code mybb dengan target nk bypass xss filter mybb melalui bbcode dia. dlm aku tgk2 tu aku nmpk satu bnda yg agak menarik pada code shoutbox (aku install plugin SpiceFuse Shoutbox yg sama mcm kt TBD and my0d). Plugin ni vulnerable kepada CSRF melalui image tag.

PoC:
Jika user post yang berikut kat shoutbox, mana2 user len yg view shoutbox secara automatik akan turut post sebarang post jika browser diset untuk load image (default).

http://www.tbd.my/v2/xmlhttp.php?action=add_shout&shout_data=sebarangPost

Quick Fix:
Bleh elak dengan menggunakan token pada shoutbox. Untuk tmbah token, bleh ikut yg berikut:

Edit file ni:

cari line berikut:

dan gantikan dengan line ni:

Edit file ni:

cari line:

tambah line berikut selpas code di atas:

cari line berikut:

dan gantikan dengan line ni:

Edit file ni:

cari line berikut:

tambah code berikut selepas baris code di atas:

p/s: mungkin perlu reactivate blk shoutbox supaya apa yg diubah pada template untuk take effect.

Cara menggunakan SpiceFuse AJAX Shoutbox Beta dekat MyBB v1.6

Bagi sapa-sapa yang selalu setup/bermain-main dengan forum, korang ada tak guna plugin ni?
Korang pernah tak nak try plugin ni? Plugin ni gunanya untuk letakkan shoutbox kat index forum kita. So kawan-kawan kita boleh ‘terjerit-jerit’ kat situ.
Juga nak mempercepatkan pertanyaan. Kalau tak nak kene bukak thread, nak kena tunggu orang reply. Tak ke leceh tu.

Tapikan.. Plugin ni untuk mereka yang setup kan MyBB diorang dengan menggunakan MyBB version 1.4++. Adoi.. Habis bagi mereka yang pakai MyBB versi 1.4 > keatas macam mana?
Mesti tak best kan sebab tak dapat guna. So, kat sini saya nak share kan macam mana kita nak guna SpiceFuse ni kat MyBB versi yang latest-latest. Saya test kat MyBB versi 1.6.

Pertama korang upload dulu plugin ni mengikut tempat dia..
Lepas tu korang edit file “spicefuse_shoutbox.php” ni.
Cari line yang ada tulis macam ni..

Lepas tu korang tukarkan no. 14* tu ke 16*.
Maksudnya 14* tu dia just compatible dengan MyBB versi 1.4 je. Kalau korang tukar 16*, jadi dia compatible dengan MyBB versi 1.6.. :p
Lepas tu korang save kan file tu.

Pergi kat Template Sets, AfreshBlack Templates (ikut theme yang korang pakai), klik kat Options, Expand Templates, dekat Index Page Templates tu korang klik Expand kat belah kanan tu, Cari Index, lepas tu klik Full Edit.
Dekat-dekat situ cari line:

Betul-betul bawah dia tu korang bubuh code ni;

Lepas tu korang save kan file tu. Lepas tu korang try aktifkan plugin tersebut.
Tada.. Da boleh guna da shoutbox korang.. Kalau tak boleh jugak, cuba check bebetul.

Changing MySQL root user Password

Bagi sapa2 yang selalu menggunakan MySQL database,
pernah tak jadi kat korang dimana korang terlupa password ‘root’ korang?
Haa.. Aku dah terkena dah sekali..
Dan memang sangat tebaik.. Huhu..

Lalai betul aku nih..
Ntah macam mana aku boleh lupa pulak password aku..
So kat sini aku sharekan solution macam mana nak reset password untuk ‘root’ korang..

  1. Stop kan mysql service

  1. Lepas tu korang start kan balik mysql server tu supaya nanti korang boleh akses ke mysql server tu tanpa menggunakan password

  1. Connect ke mysql server dengan menggunakan mysql client

  1. Buat password baru untuk ‘root’ user

  1. Stop kan mysql server

  1. Start balik macam biasa

Haa.. Dengan mengikuti cara ni, insyallah server MySQL tu boleh diakses sebagai ‘root’ user dengan menggunakan password yang baru korang bubuh tu..