Categories
HowTos Linux

How to install Memcache on CPanel / WHM running CEntOS

PHP

Few days back I was working for a client where I had to transfer one application to a new server. Application had memcache php extension need and the following error appeared in apache error log ;

PHP Fatal error: Class ‘Memcache’ not found in

If you are having difficulties in same situation you should stay away from recompiling your php using /scripts/easyapache – BAD IDEA.

Solution is simple, build memcache and include it in php.ini. Let see, how we do it.

Step 1 – Download memcache

mkdir repo
cd repo
wget http://pecl.php.net/get/memcache-3.0.6.tgz
tar -xvfz memcache-3.0.6.tgz

Step 2 – Compilation & installation

cd memcache-3.0.6
phpize

you should see something like this;

Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519

./configure
make
make install

Step 3 – Load in php.ini

Enable memcache in php.ini.

echo "extension=memcache.so" >> /usr/local/lib/php.ini
service httpd restart

Categories
HowTos Linux Troubleshootings

CPanel / WHM Troubleshootings & Short HowTos

CPanel / WHM

CPanel is a popular WHM solution. In past few days, i faced trouble while working with it. Thought to share with you if you face the same problem.

/scripts/easyapache

Not a HASH reference at /var/cpanel/perl/easy/Cpanel/Easy.pm line 340

Solution
/scripts/checkperlmodules --full

How to Disable ConfigServer Security & Firewall
/etc/csf/uninstall.sh

How to Disable Mandatory SSL (Web Login to WHL)
vim /var/cpanel/cpanel.config

Find,

alwaysredirecttossl=1
requiressl=1

And change the “1” to “0”, and save the file changes.
Now execute the following command to effect the changes;
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings

How to Install RRDTOOL
Download the required packages and execute rpm to install it.
wget http://dag.wieers.com/rpm/packages/rrdtool/rrdtool-1.2.23-1.el5.rf.x86_64.rpm
wget http://dag.wieers.com/rpm/packages/rrdtool/perl-rrdtool-1.2.23-1.el5.rf.x86_64.rpm
wget http://dag.wieers.com/rpm/packages/rrdtool/rrdtool-devel-1.2.23-1.el5.rf.x86_64.rpm
rpm -ivh rrdtool-1.2.23-1.el5.rf.x86_64.rpm rrdtool-devel-1.2.23-1.el5.rf.x86_64.rpm perl-rrdtool-1.2.23-1.el5.rf.x86_64.rpm

[ipcheck] Problem with DNS setup on

When your server hostname doesn’t resolve to IP address and you don’t want to add ‘A’ record in your dns, you will have to disable this script to stop sending these alerts.

ls -l /scripts/ipcheck

-rwxr-xr-x 1 root root 7428 Jun 28 18:47 /scripts/ipcheck

chmodΒ  000 /scripts/ipcheck

Make it write protected, so its permission won’t change.

chattr +i /scripts/ipcheck

ls -l /scripts/ipcheck

———- 1 root root 7428 Jun 28 18:47 /scripts/ipcheck

Categories
Penetration Testing

Penetration Testing Execution Standard

Click on Image, to view it in full size.

PTEST – Penetration Testing Execution Standard provides set of rules which helps you to do successful penetration testing. This is a technical talk stage show which offers direction on where we need to head in the security industry. David talks in-depth on the future of PEST.

Watch video and share your thoughts with us. We will be posting some very nice megazines that can help you improve your skills.

Categories
Penetration Testing Web Application Analysis

WPScan – WordPress Security Scanner

 

Exploiting, Injecting WordPress
Wordpress Blackbox testing

What is WPScan?

WPScan is wonderful and super fast wordpress vulnerability scanner written in ruby language, sponsored by RandomStorm and hosted by Googlecode. It provides you an easy way to penetrate wordpress blogs using blackbox techniques.

You can find the following stuff about any wordpress blog using this ruby application:

  • List of plugins
  • Name of theme
  • Bruce forcing Weak Password for specific user
  • Brute force username
  • Directory listings
  • Version details
  • Possible vulnerabilities.

How to Install WPScan?

Before you install WPScan, you have to install number of dependencies essential by this tiny ruby application. BTW i am using BackTrack5 Linux.

Dependencies :

apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus

WPScan Installation :

cd /pentest/web/
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
cd wpscan

How to use WPScan?

It is almost cooked. One more thing we need here; is to download keywords database which will be used for brute forcing.

wget http://static.hackersgarage.com/darkc0de.lst.gz
gunzip darkc0de.lst.gz

Example usage of this ant application :

Do ‘non-intrusive’ checks…
ruby ./wpscan.rb --url www.hackersgarage.com

Do wordlist password brute force on enumerated users using 50 threads…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the ‘admin’ username only…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --username admin

Generate a new ‘most popular’ plugin list, up to 150 pages…
ruby ./wpscan.rb --generate_plugin_list 150

Enumerate instaled plugins…
ruby ./wpscan.rb --enumerate p

Still in trouble with configuration ? Ask in comments.

Categories
Linux Troubleshootings

Openx – configuration file is locked for security reasons

Openx is enterprise class ad inventory solution for your business. Normally I carry out its configuration from command line interface but this moment I decided to enable one plugin using UI (Web based Interface) but it failed and the following error appeared on screen:

It is not possible to edit all settings because the configuration file is locked for security reasons. If you want to make changes, you may need to unlock the configuration file for this installation first.

 

I tried to see all option but didn’t find a way to unlock the configuration file. Finally I found that its config file should be writable by your apache user.

To UnLock Configuration File :

chmod 666 /home/hackersgarage/public_html/var/ads.hackersgarage.com.conf.php

To Lock Configuration file back :

chmod 644 /home/hackersgarage/public_html/var/ads.hackersgarage.com.conf.php

It is recommended to lock it back when you are finished with your web based configuration.

Categories
Linux Troubleshootings

VLC is not supposed to be run as root. Sorry. – Solution

Today i captured one tutorial using recordmydesktop utility on my backtrack and decided to view it but unfortunately backtrack 5 Linux didn’t include a good media player to do entertainment πŸ˜€ when you get bored with dirty work.

Anyways, i installed vlc using following command ;
aptitude install vlc

And tried to run vlc as root i got error on my terminal ;
vlc

VLC is not supposed to be run as root. Sorry.
If you need to use real-time priorities and/or privileged TCP ports
you can use vlc-wrapper (make sure it is Set-UID root and
cannot be run by non-trusted users first).

This error says straight forward vlc can not be run as root privileged user. What to do now? Don’t be panic. Here is the hacked solution πŸ˜€
vi /usr/bin/vlc
search for geteuid and replace it with getppid

Save file & Exit.

Now it should work, try to run it again πŸ˜‰

Note : This is a very bad practice to run certain application with administrative rights. Do it at your own risk! πŸ˜‰