Paros Web Proxy

As this semester wraps up at both universities I found myself rapidly trying to grade papers as well as complete my own projects. One of the projects I needed to complete was a network and web security course at DSU. I used nikto in a previous post to discuss the use of the software in vulnerability assessment.

I have used proxy software in the past, but never in the capacity of vulnerability assessment. Now the project was to break a PHP script and gain remote access. This actually turned out to be more simplistic than I anticipated, but what was surprising was how useful the paros proxy software was in accomplishing that particular goal.

The software is designed to allow you to see all the GET and POST messages, content, delivery of regular web traffic between your host and the remote server. It has two nifty features though; cookie storage and spider crawl. I used the spider functionality to grab the listing of html the did a directory grep for *.php to find my script call. This saved hours of time looking though the site and really let me get to the heart of the assignment.

Paros should be added to any suite of network vulnerability tools for use in pen testing. I highly recommend it.

Fall Personal Project: Update 4 PHP/MySQL Install

So we have discussed the need to watch the install order. I have found that when installing things which require LAMP, inevitably you will need to make a change to the database at some point.

Since BASE, the software which stores and provides segmented analysis of the snort traffic, uses a MySQL backend (you can use postgres), it is a good idea to install an interface to the database if you are unfamiliar with the command line. This is even more useful if you are like me and have forgotten almost everything about the open source database systems (although MySQL isn't really open anymore). I prefer the phpmyadmin GUI. Of course there is a specific order to getting things installed here too, if you want it to work programmatically.

Step 1: PHP5
The current PHP core is 5, so make sure that is fully installed first. A full install of PHP will usually cover the database dependencies for MySQL, postgres and Apache2. Here are useful commands:
sudo apt-get install php5
sudo apt-get install php5-mysql
sudo apt-get install libapache2-mod-php5

Once you have this install completed. Run the phpinfo.php script we discussed in the last post. Verify. I know I have said the instructions for this before, but 20 seconds of verification can save you time later.

Step 2: MySQL 
The MySQL install is just as simple. Since you have already run the installer for the PHP libraries, this will just consist of the DBMS itself. The current version of MySQL DBMS is 5.1.x.
sudo apt-get install mysql-server


That's it. Seriously that is all it takes. Verify in the command line that the DBMS is working by typing mysql or sudo mysql depending on the user level. If you get "MYSQL>" it is working.

Step 3: phpmyadmin
The next step for easier DBMS manipulation is to install phpmyadmin located here: http://www.phpmyadmin.net. This will allow you to have a web front end to the DBMS and it makes the lives of visual people a lot nicer. Installing this uses (yes you guessed it) apt-get
sudo apt-get install phpmyadmin


I will not go into the configuration of it because this is well documented here on the Ubuntu Server Forums.

Follow that guide for the configuration and you will be ready to configure snort having your DB backend ready, your dependencies ready, and a front end to all of it. The next (and last installment) will cover the actual snort installation as well as the configuration guide and the resources I used to get it all working.

Fall Personal Project: Update 3

As promised today's post will be about some of the things I learned during the installation of Snort on my Ubuntu box. The things I learned are more about the process of the setup more than anything else and the correct order in which to run the installs. You have to love dependencies right? Let's get started.


Acquired Knowledge Bit #1: Client install over Server install
The client install went a little better for me on the Zino for one reason only, I have to install a second NIC. On the Zino that is an issue because of it's form factor and the lack of a second ethernet port. I used the Cisco 300M USB to RJ45 adapter. This functions as a second NIC. Although all the documentation I read said that this would work hands down on the server install, I could only get it to work easily in the client install of ubuntu. This is not to say it will not work, just that I could not get it to work in a reasonable amount of time. On the client install the process was simple. I plugged it in, scanned for new hardware, and let the updater download and install the drivers. This was my primary reason for sticking with the client install over the server install. Installation on the Zino was nice, fast, and easy.

Acquired Knowledge Bit #2: LAMP, Package Manager, and apt-get
The nice thing about a server install for the ubuntu distro is that it comes ready to install LAMP. In fact it's a toggle option during package selection. For those of you who do not know LAMP is an acronym for Linux Apache MySQL PhP. The four basic packages which will accomplish most anything. On the client this is not an option but the installation of the necessary components can be run after the OS is running. If you want a decent install guide, there's an app...un site for that...head over to www.lamphowto.com to get some guidance. Now here is what I learned in my post install LAMP, nothing works quite right unless you learn to love the apt-get command. Learn to use this over the package manager in the GUI. The command is faster, easier to script and chain, and leaves nothing to question. I found that the feedback from the terminal session was more informative than that of the GUI. Stick to apt-get install, you will be thankful.

Acquired Knowledge Bit #3: LAPM 
LAMP should really be called LAPM. The order matters. I like to make sure things are working. Apache 2.0 first. Be sure to check the browser first to make sure the host is responding on that port and that you can see the default index.html page in your browser. PHP is second. This is critical in my opinion. Installing PHP next will allow you to make sure that it is working and that you can install the necessary tools you will need to maintain your MySQLDB, mainly phpmyadmin. Even if you are missing some dependencies, you will want to follow Apache with PHP. Next you will want to create the phpinfo.php page with the following code:

This will show you all the php configurations you have running. A great tool to use when trying to install LAMP (LAPM).  Call this page (phpinfo.php or whatever you called it) in your browser. This will verify that Apache and PHP are talking and that you have PHP installed correctly.

MySQL deserves it's own time, so I will talk about that in the next installment as well as setting the snort.conf file and some of the pitfalls I learned there as well. So in the meantime have a great one!

phpMyAdmin

If you are doing any type of web development and you are planning on using a mysql table, do yourself a real favor and install phpMyAdmin. I have been using this solution for a few years now (since the move from postgreSQL to MySQL) and I gotta say it is a really nice tool to have.

There are several versions available, the OS X version comes in a nice mpkg installer as well as a easy to start script which will generate your blowfish key and get you going (that was a nice feature add on). I keep browzar (windows) or safari open to manage the tables and databases while I am working in other applications, it just makes it really nice.

For that matter make sure you at least try out MySQL. The latest versions come in a variety of installer packages complete with scripting to make sure the daemon is configured for launch at startup.