Thursday, 29 November 2012

How To Secure Your Admin Panel Using .htaccess and .htpasswd

Posted By: Security Geeks on 20:33

Hello guys,
Today I'm going to show you how to protect your admin panel with a username and password, and make it only accessible for admin IP addresses only!
And, if you have a login page outside of the admin panel, we will look it as well!
To start this, we first need the code bellow to secure the panel:


AuthUserFile /home/admin/.htpasswd
AuthName EnterPassword
AuthType Basic

require valid-user


order deny,allow
deny from all
allow from 111.222.333.444


Now change that code to suit your website, first change the path /home/admin/.htpasswd to the path that you have.
and change the IP address 111.222.333.444 to your IP address!

after editing the code, paste it into .htaccess file inside the admin directory, or just upload it!

Now we need the code bellow:

Security:Geeks
admin:password

You can add as many as you want in the same way.
after you're done, paste that code in the .htpasswd that you mentioned in the .htaccess code /home/admin/.htpasswd
Paste it there, or just upload it!

Finally, for those who doesn't have an "Admin directory" you can lock you admin page/login and make it only accessible for your IP address only!
To lock it, you need the code bellow:
<Files login.php>
Order Deny,Allow
Deny from all
Allow from 111.222.333.444
</Files>

in the code above, the login page is called "login.php" change the name to whatever your admin login page is called.

Now change the 111.222.333.444 to your IP address, then paste the code to the same directory of your login page. or upload it.

That's it guys, hope this was helpful for you.
Read More


Saturday, 10 November 2012

ASCII Art Generators Linux | Backtrack

Posted By: Security Geeks on 08:01
Hello again guys, today I'm going to show you how to generate ASCII Art in your Linux terminal. Things like this:                 
and even more!
Today I have three programs for you, two for ASCII fonts, and one for changing pictures.

# Figlet:
The above ASCII font is generated using Figlet. To install Figlet, run the following command:
sudo apt-get install figlet
Now all you have to do is type "figlet" in the terminal, and then type whatever text you want to generate! Just like the pictur bellow:

You can type "figlet --help" in your terminal for more options!

# Toilet:
Toilet is another program with the same idea as figlet, but with more cool options!
With this one, you can generate with colors, and more fonts!
In Toilet, you can use the same fonts that are available in figlet, but in this one you can change the colors.
In this program, you can also generate your colored font in an HTML code.
To install this program, type this in the terminal:

sudo apt-get install toilet


here are some examples for the fonts, and commands:

Different fonts:

Different colors:

HTML code generator:
and here are some of fonts names:

  • banner
  • big
  • bigmono12
  • bigmono9
  • block
  • bubble
  • circle
  • future
  • ivrit
  • lean
  • mini
  • script
  • shadow
  • slant
  • small
  • smblock

# Jp2a
Jp2a is a program to change any picture that you want, to ASCII art, and it generates HTML codes as well.

To install jp2a, run the following command in your terminal:
sudo apt-get install jp2a

now to change the picture to ASCII, just enter the directory of the picture, and run this command:


jp2a Picture.jpg


and if your picture is in .PNG, you have to convert it to .JPG first to change to ASCII. to convert run this command:
convert Picture.PNG Converted-Pictrue.JPG
Now just have fun!

if you want to generate an HTML code, run the following command:

jp2a --html Picture.jpg





Thats it guys :)
have fun, I hope you liked it!
Read More


Sunday, 4 November 2012

How To Scan A Website For Vulnerabilities Using BackTrack - Uniscan

Posted By: Security Geeks on 10:51
Hello guys, today I'm going to show you how to scan for vulnerabilities in a website, or all the websites in the server.
In this tutorial I will use a program in BackTrack called UniScan. it's very easy to use, but very good in scanning.
First of all, open your terminal and type this command:
cd /pentest/web/uniscan && ./uniscan.pl




Something like this will be printed on your terminal. Now all we have to do is follow the instructions.

First of all we need a target to scan, I've chose one already and I will use it in my pictures.
To start the scan, first you have to check the options which you want to use in your scan.

# HOW TO USE OPTIONS:

Check the letter beside your option, and include it after the URL like this:
./uniscan.pl -u http://www.website.com/ -b -q -d -w

or put them all together.

./uniscan.pl -u http://www.website.com/ -bqdw

This will start your scan with all the different options you included.
NOTE:- NEVER FORGET THE FORWARD SLASH AT THE END OF THE LINK IN THE COMMEND!!

 Now the scan will start, and the terminal will look something like this:

This scan will scan for vulnerabilities like SQL-i / LFI / RFI and so on. It also searches for Webshells, backdoors, PHP info disclosure, Emails, and much more.

Here are some examples:

PHP.info() disclosure:



External Links/Hosts:
Source Code disclosure:
Dynamic Scan, Vulnerability Identification:

This program can also get all the sites in a server, and then you will be able to scan all of them.
To do that, run this command:

./uniscan.pl -i "ip:127.0.0.1"


Change 127.0.0.1 to your target server. All the websites will be stored in "sites.txt" in the same directory.

Now to scan those sites in the list, run this command:

./uniscan.pl -f sites.txt -bqwd

You can change the options to whatever you want.

Thats it guys, thank you for reading :)

Download Uniscan HERE
Read More


Subscribe to: Posts (Atom)