Khi "kết thân" với Linux, nếu không nắm được một số câu lệnh cần thiết thì công việc quản trị của bạn sẽ gặp không ít khó khăn. Dưới đây là một số lệnh Linux cơ bản giúp cho việc...

Read More

Như chúng ta đã biết, Linux có 1 nền tảng hỗ trợ phần cứng khá đa dạng, nhưng bạn sẽ làm gì nếu hệ điều hành Linux đang sử dụng không nhận diện chính xác một thiết bị nào đó....

Read More

Trong quá trình sử dụng linux hay xem các bài hướng dẫn bảo mật chắc các bạn đã từng nghe nhiều đến một file đặt biệt trong hệ thống các file của linux là file /dev/null. Hôm nay tớ xin viết một bài giới thiệu về file này để các bạn cùng hiểu thêm về hệ thống file của linux, ngoài ra có thể áp dụng nó trong việc bảo mật. 1. Trong...

Read More

INSTALL THE SYSTEM PREREQUISITES # yum install mysql-server httpd nano php php-mysql # chkconfig httpd on # chkconfig mysqld on # service mysqld start # service httpd start CREATE THE DATABASE # mysqladmin create wordpress # mysql mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'please+use+a+strong+password'; mysql>...

Read More

The installation of WordPress is simple and straightforward. Really. So I’m not going to detail the installation process, which is well documented here. However, the permalink feature does not work out of the box on a standard CentOs 5 distribution. Some changes have to be made in the apache configuration files to enable mod_rewrite...

Read More

To get your USB drives to work with VirtualBox when using Ubuntu as a host, you need to add your user to the vboxusers group. Please note that this doesn’t work with VirtualBox...

Read More

This framework helps you to pentest a system. Step by step ! Penetration Testing Framework 0.58 And this is Wireless Penetration Testing Framework ...

Read More

BeEF has release new version : 0.4.2.4-alpha BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing...

Read More

Some years ago, everything just went crazy from the Error-based MySQL, and unserialize seemed somewhat complicated and do not occur in real life. Now it’s the classic technique. What...

Read More

1 - Standard SQL injection (not blind) 1.1 - Information gathering Get server version: ' OR 1 in (select @@version) -- Get server name: ' OR 1 in (select @@servername) -- Get current username: ' OR 1 in (select USER_NAME()) -- Get current database name: ' OR 1 in (select DB_NAME()) -- 1.2 - Database structure MSSQL is a very...

Read More

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password...

Read More

There are many distributions of linux, and they all do things a little different regarding default security and built-in tool sets. Which means when engaging these different...

Read More

Last week I wrote a simple exploit module for Metasploit to attack PHP applications with LFI vulnerabilities. It uses php://input to inject the code or the webserver logs in...

Read More

Originally posted here: http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/Over here, Jorge Escobar is writing about how he got hacked with the latest version...

Read More

Attackers have been using the .htaccess file for a while. They use this file to hide malware, to redirect search engines to their own sites (think blackhat SEO), and for many other purposes (hide backdoors, inject content, to modify the php.ini values, etc). Why do they use the .htaccess file? For multiple reasons....

Read More

The “bug” has been tested on the torrent trackers that use the torrentbits source code (I don’t know if it works on other trackers).The idea of this this “bug” is that you will...

Read More

Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. 1. Install Nikto apt-get install nikto 2. Test the local web server nikto -h localhost Nikto...

Read More

EHCP is a powerful, yet easy to install control panel that allows the user to manage services such as Web, FTP, Database and DNS servers. The install script handles the installation and configuration of the required services. I recommend starting with a clean Debian system to avoid conflicts. 1. Download required EHCP files wget...

Read More

In this tutorial we'll create a simple one-way master/slave database replication. You must have at least one master and one slave but you can use multiple slaves. Master 1. Configure master to listen on all ip addresses (pico /etc/mysql/my.cnf) #bind-address = 127.0.0.1 Comment out this line or remove it 2. Configure server...

Read More