Categories
HowTos Linux

Highly Anonymous Proxy squid 2.6 stable21 release

Anonymous proxy is used to hide your source information that includes UserAgent, YourIP, and many other header information can be hide easily.

In this Howto, we will configure our proxy to work highly anonymously with squid authentication, We will use CEntOS 5.5 with squid 2.6 stable21 release.

Squid Installation

yum install squid

User Authentication

User authentication is necessary to restrict it for personal use only.

vi /etc/squid/squid.conf

add;

auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl px-users ident testuser
http_access allow all px-users

save the file.

htpasswd -md /etc/squid/passwd testuser

New password:
Re-type new password:

service squid start

Now, set your browser to use this newly configured proxy and go to Verify your proxy header and you should see following header;

HTTP_CACHE_CONTROL:max-age=259200
HTTP_CONNECTION:keep-alive
HTTP_VIA:1.1 hackersgarage.com:2312 (squid/2.6.STABLE21)
HTTP_CONTENT_LENGTH:0
HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_CHARSET:ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING:gzip, deflate
HTTP_ACCEPT_LANGUAGE:en-us,en;q=0.5
HTTP_HOST:www.proxydetect.com
HTTP_USER_AGENT:Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
HTTP_X_FORWARDED_FOR:222.223.32.13

๐Ÿ™ Ops.. It is disclosing all information are we running. Lets make it highly anonymous.

Making it Highly Anonymous Proxy

Before making it highly Anonymous Proxyย  Note WARNING: Doing this VIOLATES the HTTP standard.

vim /etc/squid/squid.conf

add following;

## HackersGarage.com - ACL
forwarded_for transparent
header_access Allow allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Enncoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Cookie allow all
header_access Set_Cookie allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All deny all
header_replace User-Agent anonymous

squid -k reconfigure

Now go to Verify your proxy header and you should see a new header which is highly anonymous.

HTTP_CACHE_CONTROL:max-age=259200
HTTP_CONNECTION:keep-alive
HTTP_CONTENT_LENGTH:0
HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE:en-us,en;q=0.5
HTTP_HOST:www.proxydetect.com
HTTP_USER_AGENT:anonymous

Got a problem? Ask below ๐Ÿ™‚

Categories
HowTos Linux

Running Apache with Multiple PHP Versions

php5Running multiple php version e.g php4 & php5 required some times for old style applications that is dependant on php4 but applications like wordpress you are required to have php5. Let see how we tackle this problem.

In my scenario, i have CentOS 5 running on my server with apache2. I will be installing php4 in CGI mode and php5 as standalone module for apache. You can use the following method for debian distro too.

Installing apache2 & php5

yum install httpd
yum install php

php4 Installation PHP4

Now download the source code of php4, you can chose nearest php4 mirror from here.

wget http://www.php.net/get/php-4.4.9.tar.gz/from/ar.php.net/mirror
tar -zxvf php-4.4.9.tar.gz
cd php-4.4.9

Note : do not add support for apxs2, it will break up the php5 as module for apache2

./configure โ€“prefix=/usr/local/php4
make
make install
cp -v php.ini-recommended /usr/local/php/etc/php.ini

Configuring php4 as CGI script for Apache.

ln โ€“s /usr/local/php4/bin/php /var/www/html/cgi-bin/php
chmod 755 /var/www/html/cgi-bin/php

Configuring Apache for php4

cp โ€“av /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php4.conf

Update these :

vi /etc/httpd/conf.d/php4.conf

Action php4-script /cgi-bin/php
AddHandler php4-script .php4
AddType text/html .php
DirectoryIndex index.php4

Categories
Linux Scripts

Emergency DOS or DDOS stopping script for Linux

DDOS Attack
Click to view in Original size.

If you are under a DOS or DDOS attack and running out of your mind or don’t know what to do, use this script to get ride of this panic situation.

DoS or DDoS is an attempt to make a victim website unavailable by creating hundreds to hundreds thousands of established connections that overflow victim resources and makes a website unavailable to the genuine users/visitors.

Short and useful slide that definite this script can be view on slideshare

You can run script to mitigate a low level ddos attack some how while and can stop DOS attack completely. This script is available under GPL license from the author.

How to mitigate DoS or DDoS attack?

Stop or flush other rules for now :

service apf stop
iptables -F
wget http://www.hackersgarage.com/wp-content/uploads/2011/08/antiDDoS.txt
mv antiDDoS.txt antiDDoS.sh
chmod u+x antiDDoS.sh
./antiDDoS.sh

Categories
HowTos Linux

How to track Linux Shell Users activity?

Linux Shell users loggingQuestion:

I am managing a team of Linux System Administrators, which manages a large number of servers remotely. This admins require root level privileges on servers. Now how can I keep track of each user activity for audit purpose and to keep record of each command is executed on server. Recommend open source application on Linux.

There are couple of available tools/scripts on Linux to achieve this goal. But we have found Rootsh a simple solution to this hitch.

What is rootsh?

rootsh is a shell wrapper that logs all keystrokes of a terminal with output and save it into a file whcih is randmoly generated for each user. rootsh also supports logging into syslog but it is bad idea because syslog file can easily be removed by a root user.

We will create a separate folder for logs where we will apply group level privileges & apply append attribute to restrict the group members to write/read only to this folder so our files would be secured.

How to install rootsh?

cd /tmp/

wget http://sourceforge.net/projects/rootsh/files/rootsh/1.5.3/rootsh-1.5.3.tar.gz/download
tar -zxvf rootsh-1.5.3.tar.gz

Create logs directory :

mkdir -vp /secure/admins-logs
./configure --disable-syslog --disable-linenumbering --with-logdir=/secure/admins-logs/
make && make install

Create a group for your admins so limited users can write to this folder.

groupadd admins

Creating a testadmin user and adding it to the group.

useradd testadmin
usermod -G testadmin admins

Applying appropriate permissions to logs folder & apply attributes.

chmod 770 /secure/admins-logs
chgrp admins /secure/admins-logs
chattr +a /secure/admins-logs

Edit /etc/shells – to allow our new loggable shell.

echo "/usr/local/bin/rootsh" >> /etc/shells

Enable logging for our user “testadmin”

vim /etc/passwd

search for a user testadmin and replace /bin/bash with /usr/local/bin/rootsh

Thats it! Now, try to login in with testadmin and you should see a log file created with username+timestamp e.g /secure/admins-logs/testadmin.3243423432.log

If you have any question, feel free to ask in comments.

Categories
HowTos Linux

How to use WorldCall EVDO USB on Linux?

Few days back, one of our friend from Pakistan requested us to write a recipe to Use WorldCall USB on Linux. By default Linux 2.6 Kernel support USB EVO devices but it required a little configuration in /etc/wvdial.conf.

BTW We are using BackTracK 5 Linux on our stations.

Configuring WorldCall usb on linux :

Install a PPP dialer on Ubuntu/BackTrack Linux

aptitude install wvdial

lsusb

You should see following
Bus 004 Device 002: ID 16d5:6502 AnyDATA Corporation

vim /etc/wvdial.conf

copy & paste following configuration,

[Dialer Defaults]
init1 = ATZ
init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
;init3 = AT+CGDCONT=1,"IP","data:tre:se"
Modem Type = USB Modem
Dial Command = ATDT
Baud = 460800
New PPPD = yes
Modem = /dev/ttyUSB0
Stupid Mode = 1
ISDN = 0
Phone = #777
Username = wcall@worldcall.com
Password = wcall

Run wvdial and start surfing internet ๐Ÿ™‚

wvdial

DONE!

Categories
DNS Analysis Penetration Testing

Fierce – DNS Analysis perl script

Introduction

Fierce is a very lightweight scanner – written by RSnake in perl.. that helps you locate IP space hostnames against specified targeted domain name. It provides different techniques to gather information about your victim. This tool starts with zone transfer technique and quickly switch into brute force mode if zone transfer feature is restricted.

As you know, we are using World most favourite penetration testing distribution BackTrack Linux 5 ๐Ÿ˜‰ and this application is by default available in the distro.

Let see its different usage. I will be analyzing alibaba.com DNS records.

Fierce Usage :

Jump into the application folder

cd /pentest/enumeration/dns/fierce

Usage:

perl fierce.pl [-dns example.com] [OPTIONS]

Some known usage :

-threads ( by default it run using a single thread )
-file ( save output to a file. )
-range ( this is awsome, scan internal ip range.. but it can be only use with -dnsserver option )

In our case ๐Ÿ˜‰

perl fierce -dns alibaba.com -threads 5 -file alibaba-dns.output

You should see the following output :

Now logging to alibaba-dns.output
DNS Servers for alibaba.com:
nshz.alibabaonline.com
nsp2.alibabaonline.com
ns8.alibabaonline.com
nsp.alibabaonline.com
Trying zone transfer first…
Testing nshz.alibabaonline.com
Request timed out or transfer not allowed.
Testing nsp2.alibabaonline.com
Request timed out or transfer not allowed.
Testing ns8.alibabaonline.com
Request timed out or transfer not allowed.
Testing nsp.alibabaonline.com
Request timed out or transfer not allowed.
Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way… brute force
Checking for wildcard DNS…
** Found 97326869336.alibaba.com at 67.215.65.132.
** High probability of wildcard DNS.
Now performing 1895 test(s)…
205.204.112.6 ad.alibaba.com
205.204.112.1 au.alibaba.com
205.204.112.1 cache.alibaba.com
110.75.203.17 billing.alibaba.com
205.204.112.1 co.alibaba.com
110.75.197.7 cn.alibaba.com
205.204.116.17 channel.alibaba.com
205.204.124.3 crm.alibaba.com
—- Bingooo!! bla bla bla hundreds of thousands of records.