Nov 182013

Openx has been a pain in my ass for some time now (5 years).  Even if you have the latest most up to date software release, you will still get append and prepend infections.  I’m not sure if it comes from client browsers when they log in or some other reason.  What I can assure you is that the file system in which openx resides is as secure as it can be while leaving openx functional (all files are owned by a different user than the web server process and are only readable by the web server.  All directories, except two, are also owned by a different process than the web server and are read only….while two have to be writable by the web server process.  The lamp stack is also up to date.).  Anyways, even with these restrictions, clean code, clean db, limited plugins, and even checked the meta data of all image files for backdoors (I first learned about this technique in approx 2010 but here is an article from 2011 detailing this – PHP Code into JPEG Metadata: From hide to unhide ) we still get an occasional append/prepend infection.

How to stop it?  This is pretty easy, I simply wrote a script that checks for append/prepend problems, logs if clean, logs and alerts if infected, and also disinfects.  This only works, if the append and prepend is NOT being used in your ads.

Continue reading »

May 182013

A long time ago, I created a database to hold passwords and their respective hashes for some 16 various hash types.  It has approximately 310,261,848 passwords for each type and is growing nearly every day as more password lists become available.  I found a pretty quick way to generate the hashes for these wordlists and wanted to share how it is done.  These hashes only work with unsalted/unpeppered passwords.

First, lets look at my table schema, which is very simple and very effective.  It uses an index on the hash + password column so there can not be any two hashes+passwords that are the same.  The types table is a  simple lookup table that references data.type 1 to a name like DES.  The primary key is on the name column.  I don’t claim to be a db administrator so if you spot any errors, let me know.

Continue reading »

Jul 272012

Glastopf is a web application honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications.  The principle behind it is very simple:  Reply the correct response to the attacker exploiting the web application.

This article is mostly to cover the installation, setup, usage, etc


Continue reading »

Jul 092012

Backtrack has dbpwaudit in /pentest/database/dbpwaudit, however, it does not come with the java jar files required.  So, first you have to go download them.  The easiest way I found out to do that is by simply searching for the aliases and then googling them.  You can get the aliases with the -L option:

user@HOST:/pentest/database/dbpwaudit$ ./ -L
DBPwAudit v0.8 by Patrik Karlsson <>
Oracle - oracle.jdbc.driver.OracleDriver
MySQL - com.mysql.jdbc.Driver
MSSql -
DB2 -

Continue reading »

May 052011

Did you ever wish you could start certain scripts only when you are bringing the network up and then stop them when bring the network down?

For the longest time, I was using wicd to manage network connections.  At some point and time I decided to take a look at NetworkManager.

Using network manager, you can use the dispatcher to run scripts based on network connection, runlevel, etc.

This is how I got it working in gentoo linux and a few example scripts.

Continue reading »

Aug 152006

I am teaching three Distance Learning Classes for the Maysville Community & Technical College beginning in the fall semester.

The two courses are:
NIS230 – Introduction to Unix (using Fedora Core Linux)
CIS200 – MySQL & PHP Programming

The first course, NIS230, is a repeat of the Winter course using a revised edition of the book with an additional chapter on Linux System Security. The book includes Fedora Core 2 installation CD’s which have a bug if it is installed on a dual-boot system and since the latest version of Fedora Core 4 is out, I will be handing these CD’s out to students and recommend they use this edition instead (or any other Linux distribution of their choice). As an alternative to installing Fedora Core Linux, we also offer the option of using the Adios bootable Linux distribution (or any bootable Linux distribution will suffice). The book & lecture content will be updated, as needed, since Linux is a rapidly changing operating system that remains in constant development.

The combined MySQL + PHP course will be split into two 8 week courses, and using the excellent book Build Your Own Database Driven Website Using PHP & MySQL from SitePoint.

Aug 052005

The two presentations I will be giving cover MySQL Database Administration (August 1 & 2) and PHP Programming Basics (August 3 – 5).

MySQL Database Administration: (from the web site): This two-day, instructor-led course will provide an overview of MySQL database administration tasks. MySQL is an open source relational database product that is available for both the Windows and Unix operating system platforms. MySQL is frequently used to support data-driven web sites. This workshop will provide an overview of what MySQL is and how it works; coverage of the MySQL installation process on the Windows platform, and basic MySQL database administration tasks.

Prerequisite knowledge: Familiarity with fundamental database design concepts and SQL (Structure Query Language).

Audience: This course is intended for IT professionals who are responsible for developing and/or administering a MySQL database.

PHP Programming Basics: (from the web site) This three-day, instructor-led course is designed to provide an overview of PHP server-side programming. Topics include: PHP server installation and configuration; PHP statement syntax, data types and variables; control structures; functions; integrating PHP and HTML; passing data between pages; and creating and testing PHP server-side scripts.

Prerequisite knowledge: Basic knowledge of HTML.

Audience: This course is intended for IT professionals who are responsible for developing and maintaining PHP/HTML web applications.

Information about the KCTCS (from the web site): The Kentucky Community and Technical College System (KCTCS) recognizes the need for skilled instructors to teach emerging technologies. This need will be addressed during the Working Connections Institute 2005, a one week training session at West Kentucky Community and Technical College in Paducah Kentucky. After two successful Working Connections Institutes in 2003 and 2004, KCTCS is once again very proud to offer this technical training opportunity to KCTCS IT faculty & staff. Choose from 2-day, 3-day, and 5-day workshop sessions; each of which is designed to help prepare you to teach in the constantly changing world of Information Technology.