Linux Security Web And Vulnerability

if you are a server administrator, may be that you know about DDOS attack n damage that uttack for network traffik for web server.
we can see if there are that uttack on our server.

if you use a linux administrator Go to your shell or terminal interface, login as a root an type this
"netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n"

this example:
root@www:/home/www# netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n
1 184.73.194.227
1 63.235.28.194
1 69.171.228.12
1 74.125.71.104
2 74.125.71.139
1000 182.7.1.217
root@www:/home/www#

So, how to read from that result?
from that resault there are six IP address connected or access our server, there are :
184.73.194.227
63.235.28.194
69.171.228.12
74.125.71.104
74.125.71.139
182.7.1.217
And front of each number there is a number that show us how many traffic, the greater number it mean that there are more trafic and it can from DDOS atttack
from that result, connection from number six with 1000 traffic it can from DDOS attack

be carefully from that, cos can make slow your server connection...

CSRF (Cross-site Request Forgery) is a hacking technique to gain control of an account or even a way to attack the web that are executed on the authority of the victim, without pleases.

Request forgery CSRF is a technique derived from a web page or a different site, when executed by the victim's home page will display a new account without the admin desired.

Many security loopholes found in a variety of CMS, CMS example vCalendar.



The author created a story so easy to understand, there is an admin have a site built with vCalendar, one day she logged into the administrator page.



After the admin login and enter the user options menu it will show the user on the site.



Seen there are 3 pieces account, at that time were also asked by someone his friend to open a web page.



When the admin to click all of a sudden appeared a list of a user to login page.



With the addition of a user automatically to the administrator page, then his friend who trapped the admin can login with that account.

phpMyAdmin is one way to memananage our database. With it we can save a lot of databases that exist within our website, but to the question of security, even the admins are still many users who each secured phpmyadmin untuyk underestimate it, because if a cracker can log in as user root in phpmyadmin, and he knows the path of the web, it could have been on our website hacked, because by so doing, can plant a shell via phpmyadmin web.
It also was the author of this blog that is on the http://web-vuln.blogspot.com/2009/07/upload-shell-melalui-phpmyadmin.html

Here we will try to secure phpmyadmin using the login page and create a password for the root user

Please Install phpmyadmin that you like, I use phpMyAdmin which has been integrated with XAMPP for Linux Operating system.
we need to know the folder path phpMyadminnya
Writer put phpMyAdmin on the folder path / opt / lampp / phpmyadmin

Let's Start

edit the file config.inc.php

ngelih@franky-xcode:~$ cd /opt/lampp/phpmyadmin
ngelih@franky-xcode:/opt/lampp/phpmyadmin$ sudo gedit config.inc.php

change $cfg['Servers'][$i]['auth_type'] =; become $cfg['Servers'][$i]['auth_type'] = 'cookie';



Then go to phpmyadmin via a web browser ==> localhost / phpmyadmin
click privilliges ===> edit privilliges for the root user, as like in the picture below





Then please enter the password for the root user, as represented in images that are demonstrated in red circle below, then click OK



If we succeed, then later, if we will go to phpMyAdmin, then there will be a login form, like this:

This tool is a webcams backdoor to show performed by a webcam on the target computer using the Windows operating system.

You can Download that Program here Download


After you download the compressed Backdoor Webcam ago to extract the files will appear 2 pieces, namely:

Server.exe: For dikomputer run victim
client.exe: To run on computer attackers



server.exe file used to run on the victim's computer, then the files running on your computer attackers client.exe

Telnet backdoor is to target the Windows operating system, while telnet backdoor is on the run then it will open a backdoor telnet port 5000, file too small only 4 Kb.

Download the program here Telnet_Backdoor
After you download Telnet Backdoor to extract the compressed then it will appear the first fruit of files, namely telnetbackdoor.exe


telnetbackdoor backdoor can be used as an alternative after you log onto a server that can be of the web hacking, hacking computers on the LAN, and so on.

Planting a backdoor way to run enough telnetbackdoor.exe, for example:



After the run, we live in a computer attacker run a program PuTTY and enter the victim's IP and port 5000 in the computer ..



After clicking Open will display as below.

authors try to fill the more common articles include the installation of the FTP Server on linux and basically configuration. Here the authors try to configure your web files in LAMPP management, the web server has been install.if you do not know how to install LAMPP then can be searched on this blog, only the author's time to use Mandriva, but essentially the same because only the extract from the file lampp, and configuration as needed, then run lamppnya.

I use Ubuntu 10.0.4 and FTP server which is installed proftpd

admin@admin-laptop:~$ sudo apt-get install proftpd
[sudo] password for admin:
Reading package lists… Done
Building dependency tree
Reading state information… Done
Note, selecting proftpd-basic instead of proftpd
The following extra packages will be installed:
openbsd-inetd proftpd-basic
Suggested packages:
proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap
proftpd-mod-odbc proftpd-mod-sqlite
The following NEW packages will be installed:
openbsd-inetd proftpd-basic
0 upgraded, 2 newly installed, 0 to remove and 429 not upgraded.
Need to get 904kB of archives.
After this operation, 2,335kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://na.archive.ubuntu.com/ubuntu/ lucid/main openbsd-inetd 0.20080125-4ubuntu2 [37.0kB]
Get:2 http://na.archive.ubuntu.com/ubuntu/ lucid-updates/universe proftpd-basic 1.3.2c-1ubuntu0.1 [867kB]
Fetched 904kB in 22s (40.0kB/s)
Preconfiguring packages …
Selecting previously deselected package openbsd-inetd.
(Reading database … 122714 files and directories currently installed.)
Unpacking openbsd-inetd (from …/openbsd-inetd_0.20080125-4ubuntu2_i386.deb) …
Selecting previously deselected package proftpd-basic.
Unpacking proftpd-basic (from …/proftpd-basic_1.3.2c-1ubuntu0.1_i386.deb) …
Processing triggers for man-db …
Processing triggers for ureadahead …
ureadahead will be reprofiled on next reboot
Setting up openbsd-inetd (0.20080125-4ubuntu2) …
* Stopping internet superserver inetd [ OK ]
* Not starting internet superserver: no services enabled

Setting up proftpd-basic (1.3.2c-1ubuntu0.1) …
Warning: The home dir /var/run/proftpd you specified can’t be accessed: No such file or directory
Adding system user `proftpd’ (UID 115) …
Adding new user `proftpd’ (UID 115) with group `nogroup’ …
Not creating home directory `/var/run/proftpd’.
Adding system user `ftp’ (UID 116) …
Adding new user `ftp’ (UID 116) with group `nogroup’ …
Creating home directory `/home/ftp’ …

For more delicious writer root login only with sudo su. After that its author proftpd.conf configuration to configuration.

root@admin-laptop:/# cd /etc/proftpd
root@admin-laptop:/etc/proftpd# nano proftpd.conf

If LAMPP we installed in opt / lampp then we enter the following configuration

#defaultroot ~
Defaultroot /opt/lampp/htdocs

After that save

After the restart we stayed proftpdnya restart.

root@admin-laptop:/etc/init.d# sudo /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ OK ]
* Starting ftp server proftpd

If you've lived we tried to connect with an FTP client.



Here we are in / opt / lampp / htdocs, here we can manage folders and files on our web server.

In this brief article I will give a little tutorial for how we can embed a web shell at cms wordpress without using any plugins.
This I did on the localhost with the URL address and wordpress.localhost on WordPress version 3.2. For other versions, please try ...
Once we managed to get the wordpress admin account target, it's up to you how to get it, probably from SQL Injection, Social enginering, whatever is not the problem, which is important to go to the Dashboard from admin

Well, we start ..
Login to the admin dashboard panel of its via http://wordpress.localhost/wp-login.php



Enter your username and password from his wordpress, after a successful login, then we will be taken to the dashboard page admin panel, like the bland below



Once successful, then select Appreance --> Editor and select a file we will edit, for example, we select the file header.php, like the one in the picture below.



Then please us include uploader php script that allows you to upload a shell our website at the beginning of the script file header.php.this is example file:

Download

Then click the Update file, and note the words "File edited successfully", and note the URL is created that is

That means the file was located in the path / wp-content/themes/twentyeleven/header.php

As in the show in the picture below



then the URL to access the last uploader was: http://wordpress.localhost/wp-content/themes/twentyeleven/header.php




It remains to be uploading a web shell, for example C100.
and to access his sojourn we navigate to the folder twentyeleven
thus becomes:
http://wordpress.localhost/wp-content/themes/twentyeleven/c100.php
and ... Here is the result:



Binggo, we get its web shell ..
DO NOT FORGET TO REMOVE THE FILE header.php Uploader

Happy Hacking ...

The development of the computer is so fast and already many of us who start dependency with a computer, other than that of the development application, the developers who continue to compete seen many make the product easy to use with features that are increasingly complex. On behalf of the target time and then test the program looks much the only test on the function, safety is often the stepchild.

Not a new look at the many web-hack, find applications in the gap and so forth, should be in developing an application we need to do the test, including from the security side and it needs to run well, if not then the threat to computer security will be even greater as the complexity of the program.

Currently hacking tutorials are so easy to obtain, both profiles on-site hackers, as well as in various books hacking. Plus software for hacking tool increasingly easy to use, for example using the Fast-Track (Automated Penetration Testing), this generally resulted in individuals who are known as hackers become decreased, but rather the threat of growing up because people can easily become the attacker and this is a threat for the public interest not to mention the increasing number of lay people who begin to recognize the computer without knowing how to secure the computers so that victims can be more and more.

Hacking as objects of thought makes the writer look at doing more with ethical hacking and unethical. For which no ethical experience of the authors of ancient times until today is the most widely performed by the people coupled with the many people who do not know to not care about computer security, so it was predictable that they become easy targets for the prankster or someone who has special purpose.

In this article the author invites developers to pay more attention to the security side which made the application in which the test measures not only on functionality but also on the security side, also to the user application also needs to pay more attention to the safety in using the application, if for example you want to use CMS with a particular component then at least an application to use safety inspected at least in general.

Here the author wanted to give a simple tutorial how to install XAMPP (Web Server and DB), until the basic security safeguards to protect the real machine.

First you install the program for the Virtual OS, here the authors use a virtual box, after you install then create a new virtual machine, for example name mandriva, having made the necessary configuration for your network configuration made in bridge mode, after configuration is complete then Mandriva OS you install, after install and configuration tailored to the needs in Mandriva, after that, for the Web Server and DB server, you can download XAMPP or copy of an existing real machine.

Here it is assumed you have copied the file xampp-linux-mandriva xxxtar.gz to you, here the author uses the old XAMPP, which you can download the new official website.

[Admin @ localhost ~] $ su
Password:
[Root @ localhost admin] # ls
Desktop / Documents / Download / Music / Pictures / tmp / Videos /
[Root @ localhost admin] # cd Download
[Root @ localhost Download] # ls
xampp-linux-1.6.7.tar.gz *
[Root @ localhost Download] # tar xvzf xampp-linux-1.6.7.tar.gz-C / opt

After completion

[Root @ localhost Download] # cd / opt
[Root @ localhost opt] # ls
lampp /
[Root @ localhost opt] # cd lampp
[Root @ localhost lampp] # ls
backup / error / icons / libexec / modules / RELEASENOTES tmp /
bin / etc / lampp * licenses / phpmyadmin / sbin / var /
cgi-bin / htdocs / lib / logs / phpsqliteadmin / share /
[Root @ localhost lampp] #. / Lampp start
Starting XAMPP for Linux 1.6.7 ...
XAMPP: Starting Apache with SSL (and PHP5) ...
XAMPP: Starting MySQL ...
XAMPP: Starting ProFTPD ...
XAMPP for Linux started.
[Root @ localhost lampp] #

After that you go into the firewall mandriva you provide access to the web server that can be opened by the computer outside.

[Root @ localhost phpmyadmin] # cd ..
[Root @ localhost lampp] # cd phpmyadmin
[Root @ localhost phpmyadmin] # vi config.inc.ph


You change the input for the auth type from config to http, as above would result.

Description to vi
x to remove
Insert to edit, once completed press Esc
: W to save
: Q to quit

After that, do not forget to change the password, how http://localhost/phpmyadmin, enter the username root, password does not need to be filled and then click ok, go into and then do the edit privileges on the user root, find the change password, enter the password, then click Go.

For the configuration in PHP.INI, check in http://localhost and select English alone, then look for phpinfo () and then check the Loaded Configuration File in the directory where it exists.

To the authors installed in / opt / lampp / etc / php.ini then

[Root @ localhost lampp] # cd etc
[Root @ localhost etc] # vi php.ini



Configuration settings as needed, eg to avoid the LFI and RFI attacks the security of the Web server configuration on PHP.INI: allow_url_include = off, allow_url_fopen = off, magic_quotes_gpc = on but even so you also must look at its web application requires features or not, if yes then continue to use but you secure from the side scripting in PHP so that the configuration in addition to seeing from the side also needs attention to the security side.

After the installation is complete, here the authors assume your internet connection is Speedy and the local IP address in a virtual machine with OS mandriva is 192.168.1.12 then you are simply setting in your ADSL modem router as follows:

On the router TP-LINK modem to go into the Advanced Setup and select NAT and then click Virtual Server.



After that the display appears as below, rule index 1 means to rule number 1, below what is used for application to a web server is the only web content writer, author select all protocols, the start port number 80 and in ahkir 80, Local IP Address can be filled according to the local IP in the virtual machine that will be directed



By performing IP and Port Forwarding as above then the current public IP to port 80 on the call then the router will immediately direct the local IP with port 80 to the virtual machine. For things that are maintenance such as remote desktop and such can you give to a real machine, so if for instance on a virtual machine in trouble then you can still manage virtual machines remotely more easily and quickly.

If you are using a Speedy with a dynamic public IP then you can use the service free sub domain, for example http://www.no-ip.com, with a sub domain would then automatically adjusts the sub domain with your IP publk speedy change-change the This makes it easier for people outside you also open up your web server.

When we talk about web hacking, we will tend to lead to the negative activities that deface the main page on the web that has been infiltrated, but still a lot of things that maybe we can do but this.
Here I'll give a little overview of the web hacking algorithm.

1. It is clear that we must find vulnerabilities of the target web. Maybe it could of SQL Injection, RFI, LFI or LFD
2. After that we have to install a backdoor which is a web shell which we can access from the web, eg: R57, C99, C100 or the other.
3. Then we try to get a shell that can be done by using the connect back or make a backdoor port on terget.
4. Try to access the shell, if successful then we can proceed to the next stage, but if the target server using a firewall, then it most likely will not happen.
5. It is assumed that we are able to shell them, then the next step is we try to obtain root user privileges on the server tersbut termed rooting.Perlu we know that the Unix Operating System for rooting to note is its Linux kernel, for the operating system windows easier.
6. It is assumed that we already have the right to the root user through the process of rooting, then the next step is to make a new user which can be accessed with ssh.
7. Finally, we must remove the trace logs were we rooting process.

For step - a step above we can look at some sources ...