Tag: server

Hardening, Microsoft Windows server 2016

Windows Server Hardening – Account Policies

The following were tested on Windows Server 2016 (Screenshots included). Account Policies Password Policy 1. Ensure ‘Enforce password history’ is set to ’24 or more password(s) Description: This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value …

Linux

Quick FTP Server Installation

Installation sudo apt-get install vsftpdsudo apt-get install vsftpd Upload files By default vsftpd is configured to authenticate system users and allow them to download files. If you want users to be able to upload files, edit configuration file: sudo nano / etc/vsftpd.confsudo nano / etc/vsftpd.conf write_enable=YES Restart vsftpd sudo service vsftpd restartsudo service vsftpd restart …

Add-ons, Browsers, Firefox, Monitor, Proxy

Monitor the data you send to the remote server

TamperData is a Firefox addon to view and modify HTTP/HTTPS headers and post parameters, trace and time http response/requests and security test web applications by modifying POST parameters. TamperData allows you to see and/or modify the requests as they are sent to the website you navigate. It is a useful tool to discover the structure …

Databases, MSSQL

Hardening a SQL Server

Below are some quick tips that you should follow to secure your SQL Server. Secure sa account with a strong password. Do not use LocalSystem or Administrator accounts for SQL Service. Apply all service packs, updates and hot fixes to Windows system and SQL Server. Delete setup files after installation. Review all passwords for all …

Microsoft SQL Server

Check for null passwords in Sql Server

One of the many ways to secure SQL Server is to review all passwords. You must also check for null passwords and if you locate any, change them. To list all users with null passwords, execute the following sql command: USE master GO   SELECT name, password FROM syslogins WHERE password IS NULL;use master go …

C#

Wait for server to become available

If you are using TcpClient to connect to a Tcp server and you are dealing with Server connections problems but you’d like to allow your TcpClient to connect when the Server becomes available try the following code: while (!client.Connected) { try { client.Connect(server_address, server_listening_port); } catch (Exception) { Thread.Sleep(1000); } }while (!client.Connected) { try { …

Metasploit, Phishing

MSSQL Phishing with metasploit

Metasploit has a mssql capture module, called mssql. This module provides a fake MSSQL service that is designed to capture MSSQL server authentication credentials. The module supports both the weak encoded database logins as well as Windows logins (NTLM).   To select the capture module type: use auxiliary/server/capture/mssqluse auxiliary/server/capture/mssql   Options You can set CAINPWFILE …