PHP, WEB

Create a zip file using PHP and ZipArchive class

You can create zip archives in PHP using ZipArchive class. public function createZipArchive($files, $archive, $overwrite) { $zip = new ZipArchive (); if ($overwrite) $flags = ZipArchive::CREATE | ZipArchive::OVERWRITE; else $flags = ZipArchive::CREATE; if (($zip->open ( $archive, $flags )) !== true) { return false; } else { foreach ( $files as $file ) { if (file_exists …

Linux, Netcat, Tools

Banner grabbing with netcat!

To gather more information about a service running on a system’s open port we are going to use a known technique, known as banner grabbing and netcat network tool.  nc -nvv x.x.x.x 80 -n        Suppress name/port resolutions -v        Verbose You will get an answer like this: Connection to 85.25.132.39 80 port [tcp/*] succeeded! …

Firewall, Ubuntu, Ubuntu Server, UFW

Iptables made easy with ufw

UFW is a front-end for iptables and is here to make your life easier!  Default Rule To deny all incoming connections: sudo ufw default denysudo ufw default deny To allow all incoming connections: sudo ufw default allowsudo ufw default allow   Enable or Disable ufw To enable ufw: sudo ufw enablesudo ufw enable To disable …

Apache, PHP, Servers/Services

Hide PHP version from hachers!

Another small step to a more secure web server is to hide PHP version. To do this you have to locate your php.ini file in your server. Usually php.ini is located in /etc or /etc/php5/apache2. 1. Make a backup of your php.ini file. 2. Open php.ini file for edit. 3. Locate line: expose_php = On …

Cross-Platform, Java

Create XML file with JAVA

If you would like to create an XML file similar to this: 1 2 3 <customers> <customer id="124587956" firstname="George" lastname="Karpouzas"/> </customers><customers> <customer id="124587956" firstname="George" lastname="Karpouzas"/> </customers> you can do it by using the following JAVA method: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 …

Linux, proFTPD, Servers/Services

Hide ProFTPD version from hachers

Lets edit proftpd.conf 1. Keep a backup first of /etc/proftpd.conf file 2. sudo nano /etc/proftpd.conf To hide proftpd version we add a line above ServerName ServerIdent Off We can also change proftpd service name for the outside world: ServerName “MyFTPServer” or put something else 3. Restart proftpd service sudo /etc/init.d/proftpd restart

Apache, Servers/Services

Hide Apache version from hackers

A first line of defense in web application world is to hide as much info as possible from HTTP headers! In this article we will see how easy it is to hide apache’s version number. 1. Keep a backup of file /etc/apache2/apache2.conf. 2. Open /etc/apache2/apache2.conf file for edit. For ubuntu users issue the following command: …

Windows 7

Change user password from the command line – Win7

If you would like to quickly change user password without having to enter the control panel: 1. Open command line with administrative rights 2. Issue the following command: net user username password examples: net user akarpouzas 12345678 do not use so simple passwords, this is just an example and, net user “Thanos Karpouzas” 12345678 if …

PHP, WEB

How to secure passwords in PHP

We are going to use sha1 algorithm(build-in php function), md5 algorithm(build-in php function) and salt to secure the password.   1 2 3 4 5 function securePassword($plaintext) { $salt = substr(md5(uniqid(rand(), true)), 0, 8); return sha1($salt . sha1($salt . $plaintext)); }function securePassword($plaintext) { $salt = substr(md5(uniqid(rand(), true)), 0, 8); return sha1($salt . sha1($salt . $plaintext)); …