Recently, I have a problem where when I tried to update Ubuntu package via apt-get, it shows HTTP 401 proxy error related. Just a note, I’m running VM using my office network which has an enterprise web proxy servers.
This method uses the apt.conf file which is found in your /etc/apt/ directory. This method is useful if you only want apt-get (and not other applications) to use a http-proxy permanently.
On some installations there will be no apt-conf file set up. This procedure will either edit an existing apt-conf file or create a new apt-conf file.
gksudo gedit /etc/apt/apt.conf
Add this line to your /etc/apt/apt.conf file (substitute your details for yourproxyaddress and proxyport).
Recently, I was searching for rollover cable that used to connect your PC/laptop to your switch via console port. It took me for a while searching this kind of cable in Low Yat Plaza, KL. Here, you can find variety of electronics stuff from PC hardware to servers stuffs.
But, it was hard for me to find this cable. After several visit to Low Yat, I managed to find the cable together with DB9 to USB converter. As you know, the rollover cable is using serial to ethernet cable. So, this post will guide you on how to install the driver and connect your rollover cable to your switch from Mac OS X.
So, for the first step, you should have rollover cable that looks like this:
After you’ve done downloading and extracting the driver, just click at .pkg file and proceed to install the driver. Reminder, make sure you restarted you machine after installing the driver in order for system to take effect:
DB9 to USB Converter driver
Then, connect/plug-in the rollover cable to DB9 to USB converter. Then connect the converter USB to you Mac. After all has been connected, click on Apple logo on top left menu bar, click About This Mac, on Overview tabs, click System Report. Ensure that you DB9 converter is connected:
Mac OS X System Info
After restart, you can verify if the driver has successfully installed and loaded to the system by using this command:
$ kextstat | grep prolific
or
$ ioreg -c IOSerialBSDClient | grep usb
Now finally, you need an application which will talk to the serial port. We’ll using Terminal app on Mac OS X. On Mac, the file which maps to the port is /dev/cu.usbserial. Once all the cable has been connected, run this command to start connecting to you switch is:
This step is for people that using Nessus on Mac OS X.
Step 1: Stop Nessus service on your machine sudo launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist
Step 2: Download and copy the necessary registration and plugin files.
Now we have to download the registration file (nessus-fetch.rc) to register your license offline and latest plugin updates file (all-2.0.tar.gz).
run command: /opt/nessus/bin/nessus-fetch --challenge
This will produce a string called “challenge” that looks like the following: Challenge code: 67e1690d05c8608e959d5983de66688b5c3acae1
Next, go to https://plugins.nessus.org/offline.php and paste the “challenge” string as well as the Activation Code that you received previously into the appropriate text boxes. If you didn’t have the code or the code is invalid, register new activation code. This will produce a custom URL that can be used to download the latest Nessus plugin feed (all-2.0.tar.gz) along with a link to the nessus-fetch.rc file at the bottom of the screen.
Copy the nessus-fetch.rc file to your computer in the following directory: /Library/Nessus/run/etc/nessus/nessus-fetch.rc
Now let’s register the scanner in offline mode.
Run the following command. cd /Library/Nessus/run/bin/
nessus-fetch --register-offline nessus-fetch.rc
You will receive a message output saying registration was successful.
Step 3: Obtain and install latest plugins
To obtain the newest plugins, go to the URL that was provided in the previous step, download the file named “all-2.0.tar.gz” and save it in the directory /opt/nessus/sbin/. To install the plugins, perform the following command: /opt/nessus/sbin/nessus-update-plugins all-2.0.tar.gz
Step 5: Rebuild the installed plugins
Run the following command to rebuild the plugins on your system: /Library/Nessus/run/sbin/nessusd -R
This usually takes time…. So please be patience.
Step 6: Start the nessus server
Start your nessus server and try to login using a browser: https://127.0.0.1:8834
SSH is an acronym for Secure Socket sHell, which provides a secure connection access to a remote machine.
By using this SSH Bruteforce tool, you can test security stuff like iptables, sshguard or fail2ban to see whether the rules or policy that have been set working or not. You also able to see the procedure of real hacking attempt.
Like most of brute forcing tools, first you’ll need a big passlist. You can get one from here:
Get SSHBrute python script:
To get it to work you will need this packages:
For Mac OS X user, this is the requirement:
Xcode 4.3 (App Store link) or later installed including Command Line Tools or install GCC and Command Line Tools without Xcode
Get Paramiko 1.7.7.2+ (or whatever the newest version is), this package includes PyCrypto
Download Paramiko at here:
Then, unzip the Paramiko archive and go to that directory:
Type the following command to start installing:
After that, unzip SSHBrute:
Go to SSHBrute directory:
To start the script, run this command:
The parameter:
-h = hostname/IP address
-u = username/username list
-d = password list
Macam tajuk kat atas, aku nak share ngan korang 1 benda ni.. Benda ni firewall untuk website korang.. Aku tengok benda ni bagus dari segi fungsi-fungsi yang die berikan..
Antara requirements yang dia nak ialah;
PHP Firewall is recommended for PHP websites only. Server requirements PHP Firewall is written in PHP. PHP 5 and more is required on your server. No database required. PHP Firewall runs on Linux server, MS Windows or other one web server. PHP Firewall is a small free PHP script, but secure all websites writen in PHP. Last version 1.0.2 – 04/01/2010 PHP Firewall required PHP 5. PHP Firewall doesn’t use any database, but flatfile system. It’s very small, very simple, really easy to install and fastest. PHP Firewall have is own logs system and email alert. No .htaccess file required for betters performances
So, antara fungsi-fungsi yang ada ialah;
* XSS protection * UNION SQL Injection protection * Bads bots protection * Bads requests methods protection * Small DOS protection * Inclusion files protection * Santy and others worms protection * Server Protection * URL Query protection * Cookies sanitize * Post vars sanitize * Get vars sanitize * IPs range reserved denied * IPs range spam denied * IPs protected * Unset globals PHP var
Haa.. Menarik kan? So, aku cadangkan korang try pakai benda ni.. Tak rugi pun..
Benda ni free dan boleh didapati di laman yang berikut. http://www.php-firewall.info/
bagi sape2 yg ade forum yg berasaskan MyBB, dan yg menggunakan SpiceFuse Shoutbox, baik korg baca bnd ni..
sbb ade bnd yg menarik kat sini.. 🙂
bnd ni Johnburn dr tbd.my yg jmp.. jd aku share kn kat sini..
special thanx to Johnburn utk artikel & solution ni.. 🙂
The stories:
Tadi xda keje aku tgk2 code mybb dengan target nk bypass xss filter mybb melalui bbcode dia. dlm aku tgk2 tu aku nmpk satu bnda yg agak menarik pada code shoutbox (aku install plugin SpiceFuse Shoutbox yg sama mcm kt TBD and my0d). Plugin ni vulnerable kepada CSRF melalui image tag.
PoC:
Jika user post yang berikut kat shoutbox, mana2 user len yg view shoutbox secara automatik akan turut post sebarang post jika browser diset untuk load image (default).
Bagi sapa-sapa yang selalu setup/bermain-main dengan forum, korang ada tak guna plugin ni?
Korang pernah tak nak try plugin ni? Plugin ni gunanya untuk letakkan shoutbox kat index forum kita. So kawan-kawan kita boleh ‘terjerit-jerit’ kat situ.
Juga nak mempercepatkan pertanyaan. Kalau tak nak kene bukak thread, nak kena tunggu orang reply. Tak ke leceh tu.
Tapikan.. Plugin ni untuk mereka yang setup kan MyBB diorang dengan menggunakan MyBB version 1.4++. Adoi.. Habis bagi mereka yang pakai MyBB versi 1.4 > keatas macam mana?
Mesti tak best kan sebab tak dapat guna. So, kat sini saya nak share kan macam mana kita nak guna SpiceFuse ni kat MyBB versi yang latest-latest. Saya test kat MyBB versi 1.6.
Pertama korang upload dulu plugin ni mengikut tempat dia..
Lepas tu korang edit file “spicefuse_shoutbox.php” ni.
Cari line yang ada tulis macam ni..
Lepas tu korang tukarkan no. 14* tu ke 16*.
Maksudnya 14* tu dia just compatible dengan MyBB versi 1.4 je. Kalau korang tukar 16*, jadi dia compatible dengan MyBB versi 1.6.. :p
Lepas tu korang save kan file tu.
Pergi kat Template Sets, AfreshBlack Templates (ikut theme yang korang pakai), klik kat Options, Expand Templates, dekat Index Page Templates tu korang klik Expand kat belah kanan tu, Cari Index, lepas tu klik Full Edit.
Dekat-dekat situ cari line:
Betul-betul bawah dia tu korang bubuh code ni;
Lepas tu korang save kan file tu. Lepas tu korang try aktifkan plugin tersebut.
Tada.. Da boleh guna da shoutbox korang.. Kalau tak boleh jugak, cuba check bebetul.
Bagi sapa2 yang selalu menggunakan MySQL database,
pernah tak jadi kat korang dimana korang terlupa password ‘root’ korang?
Haa.. Aku dah terkena dah sekali..
Dan memang sangat tebaik.. Huhu..
Lalai betul aku nih..
Ntah macam mana aku boleh lupa pulak password aku..
So kat sini aku sharekan solution macam mana nak reset password untuk ‘root’ korang..
Stop kan mysql service
Lepas tu korang start kan balik mysql server tu supaya nanti korang boleh akses ke mysql server tu tanpa menggunakan password
Connect ke mysql server dengan menggunakan mysql client
Buat password baru untuk ‘root’ user
Stop kan mysql server
Start balik macam biasa
Haa.. Dengan mengikuti cara ni, insyallah server MySQL tu boleh diakses sebagai ‘root’ user dengan menggunakan password yang baru korang bubuh tu..