Entries by nefrit

Disable ROOT access to phpmyadmin

Buka  config file phpmyadmin /etc/phpmyadmin/config.inc.php menggunakan text editor (nano, vi, etc..) Cari line yang berisikian  $cfg[‘Servers’][$i][‘AllowRoot’] dan pastikan value-nya FALSE bukan TRUE. Before: $cfg[‘Servers’][$i][‘AllowRoot’] = TRUE;    #root diijinkan untuk login ke phpmyadmin After : $cfg[‘Servers’][$i][‘AllowRoot’] = FALSE;   #root tidak diijinkan login ke phpmyadmin Jika tidak menemukan $cfg seperti diatas silahkan ditambahkan pada config.inc.php.  

Daftar Perintah Linux untuk Mengetahui Informasi Sistem

uname -a Mnampilkan semua informasi uname -m Mendapatkan informasi arsitektur 32 bit atau 64 bit uname -n Mendapatkan informasi hostname uname -v Mendapatkan informasi release dari kernel uname -r Menampilkan informasi release dari kernel cat /etc/issue Mendapakan informasi distributor linux apa yang digunakan cat /proc/partitions Menampilkan partisi yang terdaftar pada sistem   Btw jangan tanya […]

Pentest XSS Vulnerability (Web) With XSSight

Download XSSight root@arbitrary:~/Desktop/exploit # git clone https://github.com/UltimateHackers/XSSight.git root@arbitrary:~/Desktop/exploit # cd XSSight/ root@arbitrary:~/Desktop/exploit/XSSight # ls LICENSE README.md xssight.py root@arbitrary:~/Desktop/exploit/XSSight # python xssight.py Traceback (most recent call last): File “xssight.py”, line 22, in <module> import custom ImportError: No module named custom Bila ditemukan error seperti diatas No module named custom disebabkan karena modul python custom yg belum terinstall. Untuk […]

Sql Injection For Web Penetration Testing (Web Hacking) Part I

Melakukan peetration testing dengan menggunakan methode Sql Injection, singkatnya seorang pentester dapat melakukan injeksi syntax sql pada website yang diuji keamanannya. Cara mengetahui apakah website tersebut memiliki vulnerability Sql Injection dengan cara manmbahkan (‘\”) pada URL, apabila browser menampilkan error kira-kira seperti ini: Contoh : http://www.somewebsite.com/photo-gallery.php?id=38′ You have an error in your SQL syntax; check the […]

Enable Gzip Compression in Apache on Debian Server, Ubuntu, etc …

Open your Linux Shell/Terminal as root Syntax : root@server1:/etc/apache2# a2enmod deflate root@server1:/etc/apache2# /etc/init.d/apache2 restart Checking : root@server:/etc/nginx# curl -I http://server-ip/css.css -H “Accept-Encoding: gzip” HTTP/1.1 200 OK Date: Tue, 28 Mar 2017 10:21:04 GMT Server: Apache/2.4.10 (Debian) Last-Modified: Mon, 27 Mar 2017 13:18:22 GMT ETag: “13a2-54bb62d7e1dab-gzip” Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 642 Content-Type: text/css When […]

Best Way to redirect HTTP to HTTPS in NGINX Server Configuration

Edit your vhost config domain in Nginx direfctory ex: /etc/nginx/site-available/your-domain.com.vhost server { listen *:80; server_name your-domain.com www.your-domain.com; return 301 https://your-domain.com$request_uri; } server { listen *:443 ssl; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /var/www/web4/ssl/your-domain.com-le.crt; ssl_certificate_key /var/www/web4/ssl/your-domain.com-le.key; server_name your-domain.com www.your-domain.com; root /var/www/your-domain.com/web/; try_files $uri $uri/ /index.php; index index.php; error_log /var/log/httpd/your-domain.com/error.log; access_log /var/log/httpd/your-domain.com/access.log combined; location = /favicon.ico { log_not_found […]

Block Outgoing & Incoming ICMP (PING) with IPTABLES

To block ICMP request just run this syntax on your server Based on Linux, actually it is just for optional to hardening your server. root@server5:~# iptables -A OUTPUT -p icmp –icmp-type echo-reply -j DROP root@server5:~# iptables -A OUTPUT -p icmp –icmp-type echo-reply -j DROP Result: root@server1:~# ping google.com PING google.com ( 56(84) bytes of data. […]

Migration Codeigniter PHP Framework from HTTP to HTTPS in NGINX

Go to the document_root of Codeigniter on the server /public_html/ We need to edit config.php file in publich_html/application/config/config.php Before $config[‘enable_hooks’] = FALSE; After $config[‘enable_hooks’] = TRUE; $hook[‘post_controller_constructor’][] = array(                                 ‘function’ => ‘redirect_ssl’,                                 ‘filename’ => ‘ssl.php’,                                 ‘filepath’ => ‘hooks’                                 ); Now go to hooks folder and create “ssl.php” and add this script function check_ssl(){ $CI =& […]

Standard Configuration Apache (httpd.conf) on Windows Server

#I just share it for my documentation #Just copy this all and paste in your httpd.conf #DocumentRoot D:\www #It’s just standard configuration ServerRoot “C:/xampp/apache” Listen 80 LoadModule access_compat_module modules/mod_access_compat.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule allowmethods_module modules/mod_allowmethods.so LoadModule asis_module modules/mod_asis.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_groupfile_module […]