Rabu, 5 Disember 2012

Sun Java System Calendar Server Denial of Service


[1 of 1] Sun Java System Calendar Server Denial of Service
Severity: High
Test Type: Application
Vulnerable URL: http://172.17.244.116/pcbcalc/
CVE ID(s): CVE-2009-1219
CWE ID(s): 20
Remediation Tasks: Apply patches for Sun Java System Calendar Server 6.3
Variant 1 of 1 [ID=12182]
The following changes were applied to the original request:
• Set path to 'pcbcalc/'
• Added parameter 'tzid' with the following value 'crash'

=============================================================

Hello there,
i'm taking my time so long to search.surf to remove from error reporting which software i used to scan my application.

Here, just want to share with you how do i do that.
have you ever heard apache mod rewrite. yes that what i'll explain till end.

i'm using SUSE SLES 11.

1) check your info about php. Does it install mod rewrite? You now have to check. create one file with phpinfo();

2) Asssume you dont install.
im /etc/apache2/default-server.conf
a- Search for AllowOverride , it will be below  . /srv/www/htdocs can be changed, if you changed your sever root before to some other directory.
b- And change AllowOverride None to AllowOverride All , which will allow you to create custom .htaccess rules.
Save and exit.
c- Run SuSEconfig to update the Apache configuration files.
vim /etc/sysconfig/apache2
Now apache2 file is open and we need to do some changes in it.
Note: If you are not familiar with vim commands, read it here and be careful to use it. You will need few commands like how to insert(i key), how to quit insert mode(Esc key), how to save the file(:wq [w=write, q=quit]), how to exit the file without save(:q). The link i provided is for reference.
d- Search for APACHE_MODULES and you will see a line some thing like:
APACHE_MODULES=”actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5″
Now we will add rewrite at the end of the line and it will become:
APACHE_MODULES=”actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5 rewrite”




e- Restart the server with:
/etc/init.d/apache2 restart

Take from http://anl4u.com/blog/enable-mod_rewrite-on-opensuse-11-3-linux/

3) you need to have file .htaccess in directory

4) 
#AllowOverride All

Options ExecCGI FollowSymLinks

Options +FollowSymLinks +SymLinksIfOwnerMatch
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ /err.php/$1 [L,QSA]



5) finally you need err.php
put yor error message inside err.php to tell your client


tq

Rabu, 17 Oktober 2012

Installing MySql in Slackware 13.37 - prepare by Nurul


Installing Mysql - Slackware 13.37

1. Slackware does not install mysql automatically. User need to install on thier own.
2. you have to use root password,type mysql_install_db
2.1 you can see some information typing the above command.It asking you to create root password.
2.2 in order to create the password u need to start the db first
2.3 to start db, go to this path /var/lib/mysql and change the owner of all file to mysql.
The command i use is: chmod -R mysql.mysql *
3. on succesful,start the mysql.the command i used : /etc/rc.d/rc.mysqld start
4. Then type this command to create the password:/usr/bin/mysqladmin -u root password 'p@ssw0rd'
5. currently,there's no connection between outside client to access this database.you have to grant permission to the client.
5.1 first,login to the database;command :mysql -u root -p ... enter your password
5.2 on successful login,you'll be given mysql prompt mysql>
5.3 at the prompt type this command:  grant all privileges on *.* to 'userid1'@'%' identified by 'p@ssw0rd' with grant option;
5.4 the command is actually telling you that userid1 can access all tables in the database and the '%' means that 'userid1' can
access the dbase form any ip.If you want to limit athe access,you have to rplace the '%' with ip address.
6.The mysql configuration n need to be placed in /etc directory.You can choose file that suitable to your server requirement
  The files are ; my_huge.cnf ,my_large.cnf,my_medium.cnf and my_small.cnf.Open and view this file,you can see difeerent parameter
  for each one of them
  6.1 copy the chosen file to /etc/my.cnf
  for me, i choose my-huge.cnf to copy to my.cnf because my RAM is big
7.So far, if you trying to connect the dbase through the client, you will failed.The last step you need to do is put # to this statement inside the rc.mysqld file
 the statement: SKIP="--skip-networking".
 8.then restart the rc.mysqld

 9.Now,you can connect through the client. Happy using mysql,the best DB in the world!!

Selasa, 9 Ogos 2011

How to Install mod_rewrite to Linux (Slackware)

1. Must enable mod_rewrite in apache web server.
You can check using phpinfo();

Slackware 13.37 is already include this mod and ready to use.

2. Must edit httpd.conf, open using your favourite editor, find
directory
Option FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
directory

3. Change no 2 to
directory "var www htdocs"
Option FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
directory

Explanation 1: : put your directory which to protect, notice the slash is gone.

Explanation 2:Change AllowOverride None to AllowOverride All


4. Almost finish, create file name .htaccess inside folder /var/www/htdocs and write all the rule how to protect apache web server. I do not want to take risk, i type all the rule and save the file.(sometime when you use copy paste file does not save properly)

sample rule

Error Document 403 "Pencerobohan.. pencerobohan telah dikesan!"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
RewriteCond %{HTTP_USER_AGENT}^.*(nessus|havij|libwww|perl|python|nikto|acunetix|morfeu|w3af).* [NC,OR]
RewriteCond %{QUERY_STRING}.*(union|select|cast|char|convert|declare|delete|drop|exec|insert|meta|script|hex|unhex|concat|set|truncate|update|).* [NC]
RewriteRule (.*) - [F,L]








Khamis, 9 Disember 2010

Install mod_security on Slackware 13.1

After so long to leave my favorite linux...I will make a mod-security installations in slackware 13.1

I will say Mod_security is software required for each Apache web server. I will write how I make my test install on the server.


1. download latest files from http://www.modsecurity.org/download/index.html. I'm using modsecurity-apache_2.5.13.tar.gz

2. Untar to any folder,this is what u get
modsecurity-apache_2.5.13# ls
CHANGES LICENSE MODSECURITY_LICENSING_EXCEPTION README.TXT README_WINDOWS.TXT apache2/ doc/ modsecurity.conf-minimal rules/ tools/

3. select folder apache2 as slackware 13.1 package currently using apache2

4. Logged as root run all these command
./configure
make
make test
make install

5. You should get this result. i think is it successfull
build/apxs-wrapper -i mod_security2.la
/usr/lib/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib/apr-1.3.9/build-1/libtool' mod_security2.la /usr/lib/httpd/modules
/usr/lib/apr-1.3.9/build-1/libtool --mode=install cp mod_security2.la /usr/lib/httpd/modules/
cp .libs/mod_security2.so /usr/lib/httpd/modules/mod_security2.so
cp .libs/mod_security2.lai /usr/lib/httpd/modules/mod_security2.la
PATH="$PATH:/sbin" ldconfig -n /usr/lib/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
/usr/lib/httpd/modules

6. so far so good, mod_security2.so module is created and you can apply this module in httpd.conf.
cd /etc/httpd , you may copy httpd.conf to reserve old one.

Edit httpd.conf, add this line (bold line)
LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
LoadModule security2_module lib/httpd/modules/mod_security2.so


and bottom portion of httpd.conf(bold line)

# Uncomment the following line to enable PHP:
#
Include /etc/httpd/mod_php.conf
Include /etc/httpd/mod_security2.conf
# Uncomment the following lines to enable svn support:


7. File mod_security2.conf must fill in with latest base rules from modsecurity,get it download.
http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/
Untar and this is all files i get:


8. Put all every single file stated modsecurity_crs* in one file mod_security2.conf which is located at /etc/httpd and you should read README file. Some rule you may rewrite on your own favour. For example SecServerSignatute may name 'mysrv' so that your client cannot guest what server you are running on.

i think you can choose which modsecurity_crs* file to put it on but modsecurity_crs_10_config.conf is mandatory because the switch on/off is inside that file.Finally that file,

opening ifModule mod_security2.c
# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.1.6.1
# Copyright (C) 2006-2007 Breach Security Inc. All rights reserved.
#
# The ModSecuirty Core Rule Set is distributed under GPL version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------


# Configuration contained in this file should be customized
# for your specific requirements before deployment.
#
# Next to each rule there is a description of what it does. Each
# location where customization is needed is marked with "TODO". It
# is recommended that you:
#
# 1) Keep a copy of the original file. This will allow you to use
# the "diff" command to quickly see the changes. It will also
# make upgrades to future rule sets easier.
#
# 2) Document your changes thoroughly.
#
# You are advised to start with ModSecurity in detection mode only.
# Switch to protection when you are comfortable with your rule set.
# For maximum protection monitor your logs on daily basis (or
# better).
#

# TODO You may want to provide an error friendly message to your
# users when you start rejecting requests. You can do this using
# the Apache ErrorDocument directive. You should also add
# mod_unique_id to your configuration and display the unique
# request ID on the error page. This would allow your users to
# report the request ID back to you so that you can investigate
# the false positive (if that's what it is). A nice error page
# usually reduces the impact of false positives on the users.
#
# The drawback of this user friendly approach is that it is
# easier for the attackers to figure out there is an web
# application firewall protecting the application.
#
# ErrorDocument 403 /path/to/error_document.php
#
# For more information see
# http://httpd.apache.org/docs-2.0/custom-error.html
## -- Configuration ----------------------------------------------------------

# Turn ModSecurity on ("On"), set to monitoring only
# ("DetectionOnly") or turn off ("Off").
#
SecRuleEngine On

# Define which part of the HTTP transaction to inspect.
#
# Inspecting request body (SecRequestBodyAccess) should probably be always set
# to "on". Only very high volume sites that never use POST requests might want
# to set it to "off" to optimize performance.
#
# Inspecting response body is useful for monitoring for information leaks,
# or for signs of intrusion. However, it does require all responses to be
# buffered in memory. For most sites this should not be a problem, but special
# care must be taken to avoid buffering file downloads (through
# MIME type selection, as shown below).
#
# TODO If you decide to enable output filtering make sure to
# review the list of scanned MIME types. If pages of the types specified
# for outbound inspection are smaller than 512K in you application
# (which is usually the case) you may reduce the SecResponseBodyLimit
# to protect from potential denial of service attacks.
#
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 524288

........and so on....all content goes here

#
# Email Injection
#
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "[\n\r]\s*\b(?:to|b?cc)\b\s*:.*?\@" \
"phase:2,t:none,t:htmlEntityDecode,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Email Injection Attack',id:'950019',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/* "[\n\r]\s*\b(?:to|b?cc)\b\s*:.*?\@" \
"phase:2,t:none,t:urlDecode,t:htmlEntityDecode,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Email Injection Attack',id:'959019',logdata:'%{TX.0}',severity:'2'"


#
# HTTP Response Splitting
#
SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_HEADERS_NAMES "%0[ad]" \
"phase:2,t:none,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:400,msg:'HTTP Response Splitting Attack',id:'950910',logdata:'%{TX.0}',severity:'1'"
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|XML:/* "(?:\bhttp\/(?:0\.9|1\.[01])|<(?:html|meta)\b)" \
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:400,msg:'HTTP Response Splitting Attack',id:'950911',logdata:'%{TX.0}',severity:'1'"

ifModule nd also you need this closing partner



9. restart httpd /etc/rc.d/rc.httpd restart. You must get no error. For my case i get this error
[Fri Dec 10 08:20:31 2010] [notice] SIGHUP received. Attempting to restart
Syntax error on line 192 of /etc/httpd/mod_security2.conf:
ModSecurity: Failed to open the audit log file: /usr/logs/modsec_audit.log

root@uji:/usr# /etc/rc.d/rc.httpd restart
Syntax error on line 307 of /etc/httpd/mod_security2.conf:
Invalid command '------------------------------------------------------------', perhaps misspelled or defined by a module not included in the server configuration
httpd not running, trying to start

Correct it ,create /usr/logs/ directory and syntax error on line 307 is a line reported because that line is without comment tag #
Get it done and let httpd start ok.

10. Now ,i may ask will mod_security is working. Oh ya that is critical part on every job TESTING

To test it create on php program like below
$text=$_GET['file'];
echo "Content of File $text";
echo `cat $text`;

and save as testmod1.php. run this http://your.server.ip.no/testmod1.php?file=/etc/passwd

you must get error reported on browser
Method Not Implemented

GET to /testmod1.php not supported.


and look into /var/log/httpd/access.log
[Fri Dec 10 08:33:28 2010] [error] [client 192.168.5.52] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\.asa|httpd\\.conf|boot\\.ini)\\b|\\/etc\\/)" at ARGS:file. [file "/etc/httpd/mod_security2.conf"] [line "546"] [id "950005"] [msg "Remote File Access Attempt"] [data "/etc/"] [severity "CRITICAL"] [tag "WEB_ATTACK/FILE_INJECTION"] [hostname "192.168.5.99"] [uri "/testmod1.php"] [unique_id "TQF1WMCoBWMAACO6ILoAAAAA"]

this message also goes to /usr/logs/modsec_audit.log


11. Yeah mod_security installed succesfully.

Isnin, 8 Jun 2009

Connecting Hand Phone(3g Modem) Using Wvdial

New version Ubuntu 9.04 does not provide wvdial. There is no wvdial.conf in /etc.
You need to install wdial to connect to internet thru Hand phone. Configuration is as posted below.
Follow this link....
http://opensource.telkomspeedy.com/forum/viewtopic.php?id=5418

Selasa, 2 Jun 2009

Connecting to Internet Using HandPhone as Modem (Ubuntu8.04)

Jumaat, 10 April 2009

Era Sumber Terbuka

Saya dapati sekarang ini banyak website institusi kerajaan di Malaysia menggunakan sumber terbuka sebagai http server. Contoh paling dekat ialah http://www.1malaysia.com.my/. Begitu juga website http://rangsanganekonomi.treasury.gov.my/ yang dibangunkan untuk perdana menteri.

Ini satu permulaan yang baik kerana perisian sumber terbuka menyokong konsep telus seperti yang diminta oleh ramai rakyat sekarang.

Pernahkah anda terfikir kenapa bila anda login sebagai Administrator anda masih tak boleh melihat semua fail yang ada dalam folder??