Archive for the ‘Security’ Category

playing with a backdoor

I played last night with a backdoor shell that I found on the net and will show you how this works and how you can find traces if you are the system administrator.

I used 2 vm’s (virtual machines), both based on Debian/Linux one called “victim” it simulates the cracked server where the backdoor runs and the other box called “hacky” where the bad guy is sitting in front :)

The first step of the bad guy is to start a server that listens on some port (12345) on his box, a good program for this is netcat, the command could be something like: netcat -l -p 12345

Continue reading

hardening wordpress

I had positive feedback after posting my article about hardening Joomla!, so I will now focus on the blog-software wordpress.
Here are a couple of tips that you can use to make your wordpress a bit securer.

Change the default name of your administrator login (admin) and choose a strong password for all your accounts. It’s also a good idea to use different login- and author-names, wordpress has also a great user levels.
Continue reading

Spam protection with Akismet

Akismet, or Automattic Kismet, is a text spam filtering service created by Automattic, the corporation which employs most of the main developers of WordPress.

When a new comment is posted on your site, Akismet webs service catches the comment and tests whether a comment is valued as “spam” or “not spam”. Continue reading

System call injection

With the follow commands you can execute an external program on the system (server).

  • shell_exec
  • proc_open
  • system
  • exec
  • passthru
  • popen
  • “ (back tick operator)

This form sends a domain name and prints the result back from the linux program whois.

Continue reading

Subversion a security risk?

Subversion allows users to keep track of changes made to source code. It’s very handy and many developers use it everyday, like me.

Some websites have a svn checkout in their public web folder to make faster updates if code change.

Letting the cat out of the bag right now: If the webserver has directory listening on, it’s easy to spy parts of your website.
If you take a closer look to the structure of Subversion you will notice that Subversion creates on every folder a subfolder called “.svn” with some files.

A example is a webshop which uses Subversion on the web server.

The start site of the webshop

Continue reading

Keep sensitive data out of your web tree

A web server’s document structure resembles this:

/htdocs
    /include
        config.inc
    index.php

If you store sensitive data like configuration files, everyone can point
the browser to http://example.com/include/config.inc and read it.

Continue reading

Cheating with obfuscation

Sometimes I find strange lines in my webservers log, like this one:

“GET site.php?id=%3C%73%63%72%69%70%74
%3E%61%6C%65%72%74%28%32%33%29%3B%3C
%2F%73%63%72%69%70%74%3E HTTP/1.1”

Whats that? No it’s not the matrix it looks like someone tried to obfuscate something with Hex.
Let’s write 2 lines using urldecode() to check this string.

Continue reading

The danger of PHP_SELF

The $_SERVER[‘PHP_SELF’] or old syntax $PHP_SELF superglobal gives you the filename of the currently executing script, relative to the document root.
Often used in forms or in links.

<form action=”<? echo $_SERVER[‘PHP_SELF’]; ?>” method=”POST”>

Here you see a normal login form with the form container above.

Continue reading