playing with a backdoor

I played last night with a backdoor shell that I found on the net and will show you how this works and how you can find traces if you are the system administrator.

I used 2 vm’s (virtual machines), both based on Debian/Linux one called “victim” it simulates the cracked server where the backdoor runs and the other box called “hacky” where the bad guy is sitting in front :)

The first step of the bad guy is to start a server that listens on some port (12345) on his box, a good program for this is netcat, the command could be something like: netcat -l -p 12345

Read more »

Advertisements

How to secure Joomla!

I’m not a big fan of Joomla! but a client wanted to use it and so I had a closer look on it, to make it a bit securer.
For the moment I work with the 1.0.14 version and read that the Joomla1.5 work with safe mode on and has some nice security features.
Here are some tips which you can also use if you aren’t a Joomla head.

Read more »

hide your JavaScript

If there is a reason why you don’t want humans to read your JavaScript code, you can use the packer from
http://dean.edwards.name/packer/ to obfuscated it (online).

The packer compress the code to one line, deletes all comments and has the option to encode it with Base62. You can put the generated code in your code, it should work with any browser.
You must correctly terminate all JavaScript statements with semi-colons.

Here an example script and the output from the packer:
Read more »

hardening wordpress

I had positive feedback after posting my article about hardening Joomla!, so I will now focus on the blog-software wordpress.
Here are a couple of tips that you can use to make your wordpress a bit securer.

Change the default name of your administrator login (admin) and choose a strong password for all your accounts. It’s also a good idea to use different login- and author-names, wordpress has also a great user levels.
Read more »

Spam protection with Akismet

Akismet, or Automattic Kismet, is a text spam filtering service created by Automattic, the corporation which employs most of the main developers of WordPress.

When a new comment is posted on your site, Akismet webs service catches the comment and tests whether a comment is valued as “spam” or “not spam”. Read more »

Automated testing with Selenium IDE

Automated testing is an extremely useful bug-killing tool for the modern Web developer and a lot of vulnerability in fact are based on bugs.
With Selenium IDE, a free Firefox extension, you can easily record your clicks and inputs in the browser, set tests and replay the records. If a test failed you get a feedback.

I’ll show you an example, to make the power of Selenium clearer.
Read more »

System call injection

With the follow commands you can execute an external program on the system (server).

  • shell_exec
  • proc_open
  • system
  • exec
  • passthru
  • popen
  • “ (back tick operator)

This form sends a domain name and prints the result back from the linux program whois.

Read more »

Subversion a security risk?

Subversion allows users to keep track of changes made to source code. It’s very handy and many developers use it everyday, like me.

Some websites have a svn checkout in their public web folder to make faster updates if code change.

Letting the cat out of the bag right now: If the webserver has directory listening on, it’s easy to spy parts of your website.
If you take a closer look to the structure of Subversion you will notice that Subversion creates on every folder a subfolder called “.svn” with some files.

A example is a webshop which uses Subversion on the web server.

The start site of the webshop

Read more »

Stop Spam with reCAPTCHA

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) can protect you and your users from spammers and crackers.
Broadly spoken, user don’t like this ugly looking pictures and I saw a lot of false implemented code or very easy to crack. To see some examples which CAPTCHAs can be broken you should check out http://sam.zoy.org/pwntcha/

An easy to implement, free and I guess secure service can be found on recaptcha.org and you help by digitizing books.

Read more »

Pixy: XSS and SQLI Scanner for PHP Programs

Pixy is a free Java program that performs automatic scans of PHP 4 source code, aimed at the detection of Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

There is also a easy to use webinterface where you can upload your files or paste the code to analyse it.

http://pixybox.seclab.tuwien.ac.at/pixy/webinterface.php