Friday, July 29, 2011
Conky: Tool for Help Monitoring System (Update 02-17-12)
This is my conky, that help me very much to know about informations from the system. To get it, just install with:
$ sudo apt-get install conky feh
Now, create a file .conkyrc in ~/.conkyrc and fill in with codes which you like. By the way, we can save the code in other place and call it with "conky -c your-file-conky".
For documentations about conky, check this first, http://conky.sourceforge.net/screenshots.html and you won't be disappointed to use it. Hopefully..
Monday, July 25, 2011
Gaining Backdoor Through Sql
1. We go to see DVWA sql injection blind, and the link is:
http://192.168.56.101/dvwa/vulnerabilities/sqli_blind/
Tuesday, July 19, 2011
Test The Net and Gain The Root
Scan for Check The Website
PING xxxxxx (xxxxxx) 56(84) bytes of data.
64 bytes from xxxxxx: icmp_seq=1 ttl=64 time=38.8 ms
64 bytes from xxxxxx: icmp_seq=2 ttl=64 time=39.9 ms
64 bytes from xxxxxx: icmp_seq=3 ttl=64 time=42.1 ms
64 bytes from xxxxxx: icmp_seq=4 ttl=64 time=41.9 ms
^C
--- xxxxxx ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 38.899/40.739/42.113/1.361 ms
Thursday, July 14, 2011
Htaccess
Htaccess can be used to manage multiple usernames/passwords, thereby enhancing information protection on the web server by controlling access through HTTP protocols. When used in conjunction with a browser encryption method such as SSL, it is possible to make htaccess authentication a robust method of protecting directories. However, out of the box, htaccess is prone to several problems, namely: packet-sniffing, IP hijacking, replay attacks, and brute force. Cryptography, (SSL and one-time pads) can solve all but one of these problems - brute forcing.
Brute forcing takes a number of forms, and is a well-known and well-used attack against htaccess. Brute force is usually a minimal knowledge attack, requiring only the URL for the password-protected directory to work. In their most malevolent form, brute force attacks simply check the headers returned by the server. If the program sees that its request was favorable (the server returned a 200 OK response), it will mark the password as being valid. This can wreak havoc on a server. It can even cause denial of service when the brute force program disconnects after viewing the headers (as the server is not allowed to print out the rest of the content and the daemon cannot kill its children efficiently.)
Monday, July 11, 2011
PHP with The Suhosin Patch
On BackTrack 5, the suhosin already exist when we install with apt-get install phpmyadmin - mysql-server - php5-cgi. To check that, we can create file php at localhost, and the simple codes are:
<?
phpinfo();
?>
Now, we call the localhost (http://127.0.0.1/1.php) to get information about suhosin in phpinfo.
Subscribe to:
Posts (Atom)