become a hacker with webgoat

Posted April 15, 2008
Filed under: Information, Injection, LFI, PHP, RFI, XSS, sql, tools | Tags: , , , , , , , ,
* Comments(0)

WebGoat is a insecure web application which is designed to teach web application security concepts.
You can try hacking: Access Control Flaws, Authentication Flaws, Session Management Flaws, Cross-Site Scripting (XSS), Buffer Overflows, Injection Flaws, Improper Error Handling, Insecure Storage, Denial of Service, Insecure Configuration, Web Services and AJAX Security.

There is a “Lesson Plan” a kind of tutorial and in the “Hints Menu” you can view the parameters, cookies, the Code and the solution.
It’s a lot of fun and you learn more about web application security.

Read more »

hide your JavaScript

Posted March 2, 2008
Filed under: Information, javascript, tools | Tags: , , , , ,
* Comments(0)

If there is a reason why you don’t want humans to read your JavaScript code, you can use the packer from
http://dean.edwards.name/packer/ to obfuscated it (online).

The packer compress the code to one line, deletes all comments and has the option to encode it with Base62. You can put the generated code in your code, it should work with any browser.
You must correctly terminate all JavaScript statements with semi-colons.

Here an example script and the output from the packer:
Read more »

hardening wordpress

Posted February 26, 2008
Filed under: PHP, Security | Tags: , , ,
* Comments(0)

I had positive feedback after posting my article about hardening Joomla!, so I will now focus on the blog-software wordpress.
Here are a couple of tips that you can use to make your wordpress a bit securer.

Change the default name of your administrator login (admin) and choose a strong password for all your accounts. It’s also a good idea to use different login- and author-names, wordpress has also a great user levels.
Read more »

playing with a backdoor

Posted February 14, 2008
Filed under: Information, Injection, tools | Tags: , , , , ,
* Comments(0)

I played last night with a backdoor shell that I found on the net and will show you how this works and how you can find traces if you are the system administrator.

I used 2 vm’s (virtual machines), both based on Debian/Linux one called “victim” it simulates the cracked server where the backdoor runs and the other box called “hacky” where the bad guy is sitting in front :)

The first step of the bad guy is to start a server that listens on some port (12345) on his box, a good program for this is netcat, the command could be something like: netcat -l -p 12345

Read more »

hardening the famous PHP-CMS Joomla!

Posted February 4, 2008
Filed under: Information, PHP, Security | Tags: , , , ,
* Comments(2)

I’m not a big fan of Joomla! but a client wanted to use it and so I had a closer look on it, to make it a bit securer.
For the moment I work with the 1.0.14 version and read that the Joomla1.5 work with safe mode on and has some nice security features.
Here are some tips which you can also use if you aren’t a Joomla head.

Read more »

hide your php source code

Posted January 2, 2008
Filed under: Information, PHP, Security | Tags: , , , ,
* Comments(7)

I’m a big fan of the open source philosophy but sometimes it’s useful to have an unreadable binary source code.
In this posting i will show you how to use and how to install bcompiler to encode your scripts in phpbytecode, enabling you to protect the source code.
Read more »

Spam protection with Akismet

Posted December 23, 2007
Filed under: PHP, spam, tools | Tags: , , , ,
* Comments(0)

Akismet, or Automattic Kismet, is a text spam filtering service created by Automattic, the corporation which employs most of the main developers of WordPress.

When a new comment is posted on your site, Akismet webs service catches the comment and tests whether a comment is valued as “spam” or “not spam”. Read more »

.htaccess tips and tricks

Posted December 22, 2007
Filed under: Information, Security | Tags: , , , , ,
* Comments(3)

.htaccess (hypertext access) is the default name of Apache’s directory-level configuration file. .htaccess is placed in a particular directory, and the directives in the .htaccess file apply to that directory, and all subdirectories thereof.

The most common feature is to restrict access to a folder by force the user to a login prompt, but there are some other helpful things also that I show you in this posting.

Read more »

The null byte to hack includes

Posted December 9, 2007
Filed under: Injection, LFI, PHP, RFI, Security | Tags: , , , , , , , , ,
* Comments(3)

The null byte (also null terminator) is a character with the value zero, present in the ASCII and Unicode character sets. Strings end if there is a null character.
In PHP this character looks like this %00.

Ok whats the deal with null bytes?

A lot of people think that this method below, to include a file which has a fix extension (.php), is a bullet prof one, but that’s not true.

<?php
include ($_GET['site'].”.php”);
?>

If you call the script with a null byte in the URL it’s possible to include any local or remote site!

http://example.com/?site=../../../../etc/passwd%00

Protect your application against SQL injections part 2

Posted December 6, 2007
Filed under: Injection, PHP, sql | Tags: , , , , , ,
* Comments(0)

In part 1 we made sure that the value is an integer, but what if a value could be a string?
You have to escape special characters in a string for using in a SQL statement. This means that a single quote (’) get a backslash before (\’).

There are escape functions for each popular database:

Read more »

Next Page »