Apache, PHP, Servers/Services

Hide PHP version from hachers!

Another small step to a more secure web server is to hide PHP version. To do this you have to locate your php.ini file in your server. Usually php.ini is located in /etc or /etc/php5/apache2. 1. Make a backup of your php.ini file. 2. Open php.ini file for edit. 3. Locate line: expose_php = On …

Cross-Platform, Java

Create XML file with JAVA

If you would like to create an XML file similar to this: 1 2 3 <customers> <customer id="124587956" firstname="George" lastname="Karpouzas"/> </customers><customers> <customer id="124587956" firstname="George" lastname="Karpouzas"/> </customers> you can do it by using the following JAVA method: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 …

Linux, proFTPD, Servers/Services

Hide ProFTPD version from hachers

Lets edit proftpd.conf 1. Keep a backup first of /etc/proftpd.conf file 2. sudo nano /etc/proftpd.conf To hide proftpd version we add a line above ServerName ServerIdent Off We can also change proftpd service name for the outside world: ServerName “MyFTPServer” or put something else 3. Restart proftpd service sudo /etc/init.d/proftpd restart

Apache, Servers/Services

Hide Apache version from hackers

A first line of defense in web application world is to hide as much info as possible from HTTP headers! In this article we will see how easy it is to hide apache’s version number. 1. Keep a backup of file /etc/apache2/apache2.conf. 2. Open /etc/apache2/apache2.conf file for edit. For ubuntu users issue the following command: …

Windows 7

Change user password from the command line – Win7

If you would like to quickly change user password without having to enter the control panel: 1. Open command line with administrative rights 2. Issue the following command: net user username password examples: net user akarpouzas 12345678 do not use so simple passwords, this is just an example and, net user “Thanos Karpouzas” 12345678 if …

PHP, WEB

How to secure passwords in PHP

We are going to use sha1 algorithm(build-in php function), md5 algorithm(build-in php function) and salt to secure the password.   1 2 3 4 5 function securePassword($plaintext) { $salt = substr(md5(uniqid(rand(), true)), 0, 8); return sha1($salt . sha1($salt . $plaintext)); }function securePassword($plaintext) { $salt = substr(md5(uniqid(rand(), true)), 0, 8); return sha1($salt . sha1($salt . $plaintext)); …

Linux, NMAP, Tor

Anonymous port scanning through the tor network

To accomplish this task you have to install privoxy and proxychains on your system. For ubuntu users just issue the following command: sudo apt-get install privoxy proxychains proxychains is configured by default to work with the Tor network. Now that we have privoxy and proxychains installed we can issue the following command in the terminal: …

Linux, Network

Enable the promiscuous mode on the physical NIC

You can put your Network Interface Controller/Card into promiscuous mode by using ifconfig. A. To enable promiscuous mode issue the command (needs administrative rights): ifconfig eth0 promisc after this if you execute the command ifconfig eth0 and if everything worked as expected and your NIC supports promiscuous mode, you will notice this line: UP BROADCAST …