Monthly Archives: February 2018

Instalasi w3af

w3af (Web Application Attack and Audit Framework) adalah software yang bisa Anda gunakan untuk memeriksa keamanan aplikasi / website Anda.

Cara instalasi & penggunaannya sangat mudah, silakan ikuti panduan ini :


sudo apt-get update ; sudo apt-get -y install python-pip git

git clone https://github.com/andresriancho/w3af.git
cd w3af/
./w3af_console
# install semua paket yang diminta, lalu

./tmp/w3af_dependency_install.sh

Maka kini w3af & semua paket software yang dibutuhkannya telah terpasang.

Lalu buat file bernama MyScript.w3af, dengan isi sbb :

(CATATAN : jangan gunakan dulu plugin “redos” – terakhir saya gunakan, plugin redos ini berjalan selama 2 hari dan menghabiskan disk space di server saya. Hati-hati)


# -----------------------------------------------------------------------------------------------------------
# W3AF AUDIT SCRIPT FOR WEB APPLICATION
# -----------------------------------------------------------------------------------------------------------
#Configure HTTP settings
http-settings
set timeout 30
back
#Configure scanner global behaviors
http-settings
set timeout 20
set max_requests_per_second 100
back
misc-settings
set max_discovery_time 20
set fuzz_cookies True
set fuzz_form_files True
set fuzz_url_parts True
set fuzz_url_filenames True
back
plugins
#Configure entry point (CRAWLING) scanner
crawl web_spider
crawl config web_spider
set only_forward False
set ignore_regex (?i)(logout|disconnect|signout|exit)+
back
#Configure vulnerability scanners
##Specify list of AUDIT plugins type to use
audit blind_sqli, buffer_overflow, cors_origin, csrf, eval, file_upload, ldapi, lfi, os_commanding, phishing_vector, response_splitting, sqli, xpath, xss, xst
##Customize behavior of each audit plugin when needed
audit config file_upload
set extensions jsp,php,php2,php3,php4,php5,asp,aspx,pl,cfm,rb,py,sh,ksh,csh,bat,ps,exe
back
##Specify list of GREP plugins type to use (grep plugin is a type of plugin that can find also vulnerabilities or informations disclosure)
grep analyze_cookies, click_jacking, code_disclosure, cross_domain_js, csp, directory_indexing, dom_xss, error_500, error_pages,
html_comments, objects, path_disclosure, private_ip, strange_headers, strange_http_codes, strange_parameters, strange_reason, url_session, xss_protection_header
##Specify list of INFRASTRUCTURE plugins type to use (infrastructure plugin is a type of plugin that can find informations disclosure)
infrastructure server_header, server_status, domain_dot, dot_net_errors
#Configure target authentication
#Configure reporting in order to generate an HTML report
output console, html_file
output config html_file
set output_file /tmp/W3afReport.html
set verbose False
back
output config console
set verbose False
back
back
#Set target informations, do a cleanup and run the scan
target
###### GANTI DENGAN SITUS YANG INGIN ANDA TES ###############
set target https://google.com
set target_os unix
set target_framework php
back
cleanup
start

Simpan file tersebut, lalu jalankan perintah sbb :


./w3af_console ­-s MyScript.w3af

Kini tinggal Anda tunggu sampai selesai, dan setelah itu laporannya bisa dilihat di /tmp/W3afReport.html

Enjoy !

Setup Varnish on Port 80

Sometimes you need to quickly setup Varnish, usually in an emergency (like, your website got featured on Reddit’s frontpage 😀 ), to quickly absorb most of the hits hitting your website.

But the webserver is already using port 80.
Now what ?

Pretty easy actually :

  1. Setup Varnish on other port, say, 6081
  2. Run an iptables command : to forward incoming traffic from port 80 to port 6081
  3. Make sure Varnish uses 127.0.0.1:80 as the backend

Presto – now all the traffic hits Varnish first – which will process them in lightning speed.

Alright, so here’s the gory detail, also available on Pastebin.com : https://pastebin.com/2UBD7s05

Enjoy !

========

apt-get update ; apt-get -y install varnish

# Varnish should be already configured to list on port 6081
# if in doubt, check /etc/default/varnish,
# and look for the following line :
# DAEMON_OPTS="-a :6081

# edit varnish config
vi /etc/varnish/default.vcl

# make sure the .port line is set to 80, like this :
# .port = "80";
# then save & exit

# enable Apache's expires & headers module
a2enmod expires
a2enmod headers

# setup caching for static files
# via .htaccess file
echo "Header unset ETag" >> /var/www/.htaccess
echo "FileETag None" >> /var/www/.htaccess
echo "<ifmodule mod_expires.c>" >> /var/www/.htaccess
echo "<filesmatch \"(?i)^.*\\.(ico|flv|jpg|jpeg|png|gif|js|css)$\">" >> /var/www/.htaccess
echo "ExpiresActive On" >> /var/www/.htaccess
echo "ExpiresDefault \"access plus 2 minute\"" >> /var/www/.htaccess
echo "</filesmatch>" >> /var/www/.htaccess
echo "</ifmodule>" >> /var/www/.htaccess

# enable caching in php.ini
vi /etc/php/7.0/apache2/php.ini

# make sure session.cache_limiter = public
# save & exit

# restart Apache
/etc/init.d/apache2 restart

###### now let's start forwarding traffic to Varnish ######

# enable port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
vi /etc/sysctl.conf

# add this line at the end of the file :
# net.ipv4.ip_forward = 1

# now here's the command that will actually forward the traffic from port 80 to Varnish
# change eth0 to your computer's network interface name
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 6081

# make sure this iptables setting will become permanent
apt-get -y install iptables-persistent

WordPress Auto-Backup via SSH

This script will enable you to backup your WordPress websites automatically. Just put it in a crontab / automatic scheduling software somewhere.

Also available on Pastebin : https://pastebin.com/nZ2fiL8j

Enjoy.

#!/bin/bash

# wordpress-auto-backup.sh

### THIS SCRIPT ASSUMES THE FOLLOWING
# 1/ You can do SSH password-less login to the server
# How : https://easyengine.io/tutorials/linux/passwordless-authentication-ssh/
# 2/ You have created a correct ~/.my.cnf file
# How : https://easyengine.io/tutorials/mysql/mycnf-preference/

### RUNTIME PARAMETERS
# wordpress-auto-backup.sh <server address> <home directory> <backup directory>

### HOW IT WORKS 
# 1/ SSH to server
# 2/ read wp-config file & get details
# 3/ create backup_dir/web
# 4/ rsync home_dir backup_dir/web 
# 5/ backup database to backup_dir/web/today.mysql
# 6/ compress backup_dir/web to backup_dir/backup_today.bz2 

### choose backup retention
# backup retention: weekly
today=`date +%A`
# backup retention: monthly
#today=`date +%d`

compressor1='gzip'
compressor2='pbzip2'

#============= START BACKUP =======================

# to help making this code more readable
server=$1
home_dir=$2
backup_dir=$3

# get the variables
ssh $server "cat $home_dir/wp-config.php" > /tmp/$server$today.txt

db_name=`cat /tmp/$server$today.txt | grep DB_NAME | cut -d"'" -f 4`

db_user=`cat /tmp/$server$today.txt | grep DB_USER | cut -d"'" -f 4`

db_pass=`cat /tmp/$server$today.txt | grep DB_PASSWORD | cut -d"'" -f 4`

db_host=`cat /tmp/$server$today.txt | grep DB_HOST | cut -d"'" -f 4`

table_prefix=''
table_prefix=`cat /tmp/$server$today.txt | grep table_prefix | cut -d"'" -f 2`

# debug
#echo $db_name $db_user $db_pass $db_host $table_prefix


# delete temporary file
rm /tmp/$server$today.txt

# backup database
ssh $server "mysqldump -h $db_host -u $db_user --password=\"$db_pass\" $db_name \$(mysql -h $db_host -u $db_user --password=\"$db_pass\" -D $db_name -Bse \"show tables like '$table_prefix%'\") > $home_dir/db-$today.mysql"

# compress database dump
ssh $server "$compressor1 $home_dir/db-$today.mysql"

# download everything 
mkdir $backup_dir/web/
rsync -avuz $server:$home_dir/* $backup_dir/web/

# make backup file
tar cvf $backup_dir/$server-$today.tar $backup_dir/web/

$compressor2 $backup_dir/$server-$today.tar &

# clean up
ssh $server "rm $home_dir/db-$today.mysql.gz"

# done !