Category SysAdmin

add HSTS to Apache

We mentioned before how did we switch to SSL since 2017.

I want to add here how to set HSTS to prevent a wellknown SSL attack called SSL-Strip.

  • What is SSL Strip?

You can watch the full talk to understand in details how this works here.
Basically the attacker is somehow (we don’t care how) a MITM setting in between the victim and the authentic server.
The attacker in this case can do a downgrade attack on SSL and transfer all HTTPs connection to the normal plain text HTTP connections.
Now the attack can simply sniff all data being communicated between the victim and the server.
The attacker is also free now to change the data and execute other attacks such as injecting malware into the traffic.

  • What is HSTS

HSTS or HTTP Strict Transport Security allows web servers to declare that web b...

Read More

Open .SDF file without SQL Server Management

As part of any post exploitation in a security auditing or testing engagement you will want to gather as much info as you want about the victim to be able to target your next victim in the chain.

Having said that sometimes you stumble upon strange files, encrypted data, and network traffic that you don’t know what to do with it. One of these was an .sdf file related to hmailserver. The last is an open source mail server, you can read more about it here.

When gaining access to this server you will want to read this file:

A sample output would look something like this:

Read More

Attacking Attackers to Protect a WordPress Website

I have previously demonstrated how to protect wp-admin and wp-login files in word-press website.
I wanted to do more. Something like: Attacking those attackers.

What Crashes Browsers?
What crashes applications is what hackers call: Buffer Overflow Exploit. Hackers use them to take control of applications/browsers to gain full system access later on. More about buffer-overflows here.
We are not interested to take control of the attacker’s system; Although that will be very ‘cool’ – maybe the next stage? ūüėČ
We are more interested to stop them i.e: Crash their browsers, fuzzing and brute-force tools.

Results.
Amazingly I was able to reduce attacks from 4000~ to around 70 only!

What is happening behind the scenes?

Read More

Redirecting domains / requests to external domain without changing URL

If you want to mask requests of an external domain using your domain. You can use this two lines into your Apache conf file (under virtual hosts)
Use [P] flag to create a proxy-tunnel from your main domain to the external domain.

Rewrite On
RewriteRule ^(.*) http://domainOrIP/$1 [P]

[P] is for Proxy – hence your proxy modules have to be enabled:
ln -s ../mods-available/proxy* /etc/apache2/mods-enabled/

Also enable slotmem
ln -s ../mods-available/slotmem_* /etc/apache2/mods-enabled/

Restart apache
service apache2 restart

Et Voila!

Read More

Apache Virtualhost to WordPress Permalinks

WordPress Permalinks create RESTful link style like: blog/category/sub-cat/post-title. These are not actual directories in your Apache DirectoryRoot hence you cannot just set a subdomain to point to a WP Permalinks via DocumentRoot /var/www/category/blog/bla/bla/bla.

In my case I was trying to set security.addaxsoft.com to point to addaxsoft.com/blog/security. Many methods failed and the only trick that worked resides in RewriteRules and WordPress URL Parameters.

  1. Set new DNS A record. eg: security.addaxsoft.com some-IP-address
  2. Set new VirtualHost in your apache config file as follow:
    <VirtualHost *:80>
    ServerName security.addaxsoft.com
    DocumentRoot /var/www/
    RewriteEngine On
    RewriteRule . /var/www/index.php?category_name=[YOUR CATEGORY NAME]
    </VirtualHost>
  3. Restart Apache and you’re good...
Read More