Search For hacking

FREE THOUGHT · FREE SOFTWARE · FREE WORL

  Search Feed

Google

Clusty

Ask.com

Yahoo

Bing

Technorati

Password Protection Plugin Status

Enumerating Permissions can be Annoying

Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.

Tagged: , , , , , , | 2 Comments | Continue...




Ultimate Htaccess Tutorial for .htaccess files

.htaccess tutorial and htaccess sampleThis is not an introduction to .htaccessThis is the evolution of .htaccess… The BEST, the ORIGINAL, the NEWEST, and the most HIGHEST, FLYEST .htaccess tricks I can find.

Originally known as the “Ultimate .htaccess Guide”, its changed over the years by adding new .htaccess tricks and .htaccess examples to it.. I also add my favorite .htaccess links, the best .htaccess articles on AskApache, the coolest .htaccess experiments, the Web’s best .htaccess hacks, and update this article on the regular.

Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 56 Comments | Continue...


Advanced .htaccess Tricks for Securing Sites

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

Tagged: , , , , , , | 7 Comments | Continue...


Optimize a Website for Speed, Security, and Easy Management

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

Tagged: , , , , , , , | 5 Comments | Continue...


COMPUTER SECURITY TOOLBOX

List of mainly obscure security software geared more for the master pentester. These are mostly for unix, bsd, and mac and many are difficult to install and setup (require custom servers, inside access points, obscure libraries). Only programs that output data are included, so no actual exploits or anything. Most of these output extremely useful albeit extremely technical information.

3 Comments | Continue...


About AskApache

Purpose and Goal of AskApache
To provide free access to knowledge and data with the goal of empowering people.. or more melodramatically: “Power to the People!”
Why the name AskApache? AskApache was chosen to show and pay respect to the contributors of the Apache Web Server. Literally it means to ask Apache when facing a problem, by searching the Open-Source, contacting a board/list, or browsing the documentation.
The Author
I work for a multimedia production / brand development & marketing company here in Indianapolis, the greatest city in the world! I started this blog in Dec., ‘06 to familiarize myself with WordPress as a blogging platform among other things for my job. I help expand/create a growing companies market-share online (and offline) by managing and building the brand and developing high-quality leads and loyal customers by building online funnels fed by SEO traffic and on/offline marketing campaigns. Other than the design and development costs for our minimum 12 month contract, we operate using a gain-share formula where we receive a percentage of the increased revenue that results from our services. This translates to fanatical attention to improving the bottom-line, and focus on long-term sustainable growth and overall success.
It’s important to me to note that unlike most systems set up like this, we are absolutely interested in creating customers/leads/whatever by providing real value for them. It’s much more difficult and takes a lot longer, but it is also self-sustaining as value attracts in an exponential manner. We are likely different than any model you’ve seen before in terms of lead-sales-marketing types.
My Background
I started on DOS, then Windows 2.11 (released 1989), and learned BASIC for my first language… then IBM PC assembly followed by Java, which I used as an excuse to stop learning assembly.. …

5 Comments | Continue...


Automated Folder Backup Shell-Script

This simple unix shell script automatically creates backups of a specific folder at regular hourly, nightly, weekly, and monthly intervals. Instead of the usual method for copying directory trees using tar with fifo, pipes, rsync, or NFS methods this script uses cpio which is much much faster and has cool options like saving m/a/c times, symlinks, relative paths, and weird file names.

Continue...


SEO Secrets of AskApache.com

Learn how in a year, with no previous blogging experience this blog was able to rank so high in search engines and achieve 15,000 unique visitors every day. Uses combination of tricks and tips from throughout AskApache.com for Search Engine Optimization.

Tagged: , , | 5 Comments | Continue...


Mod_Security .htaccess tricks

Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!

Tagged: , , , | 8 Comments | Continue...


Undetectable Sniffing On Ethernet

Invisible Undetected Sniffing on an Ethernet NetworkI have been in some tight spots where I had to sniff a password or two off the wire, or sniff some packets off the wire and based on the packets content perform some action… Accidentally, I stumbled on a method to sniff data while remaining undetected and invisible.

Tagged: , , , , , , | Continue...


.Htaccess rewrites, Mod_Rewrite Tricks and Tips

htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.

Tagged: , , , , , , , | 57 Comments | Continue...


Hacking VLAN switched networks

Bypassing VLAN security on networked switchesThere isn’t much vlan info on the net in terms of specifics and I had to learn all about it because I needed to log in to a switch that was on a different vlan. With the help of the Ettercap developers NaGA and ALoR I figured it out.

Tagged: , | 1 Comment | Continue...


AskApache Password Protection, For WordPress

AskApache Password Protect ScreenShot 1AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving scripts.

90 Comments | Continue...


Hack WP-Cache for Maximum Speed

WP-Cache with Full AskApache HackIf you desire SPEED from your WordPress blog, the #1 speed improvement comes from using the WP-Cache Plugin. If you still desire SPEED after installing the Plugin, you can modify the WP-Cache Plugin code to make your blog even faster!

2 Comments | Continue...


Update: AskApache Password Protect Plugin

The Plugin Control PageWordPress plugin gives you control over HTTP Basic Authentication for your WordPress blog which among other things, stops most automated hacking attempts and exploits being attempted, cutting down on the number of requests, connections, and mysql queries for all WordPress blogs on the Internet.

14 Comments | Continue...


Hacking WP Super Cache for Speed

AskApache Crazy Cache - coming soonA plugin built to generate static files from php+mysql for Apache to serve the way its supposed to be.. My dream. Conclusion: Needs some improvement, pretty sweet though.

11 Comments | Continue...


SetEnvIf and SetEnvIfNoCase Examples

SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.

Tagged: , , , , , | 4 Comments | Continue...


PHP5 Custom Install Shell Script Example

Today I successfully learned how to compile and run multiple custom php installations for a DreamHost account, and to get it working I came upon a simple shell script that I made a couple changes to.

1 Comment | Continue...


Referer Spoofing Using JavaScript

pseudo-flaw.netEven though at the moment I’m more into AJAX and simple behavioural unobtrusive javascript more than java, I still remember how excited I was back in 1995 when Sun released both beta and alpha Java versions to the public.. In fact I still have my Java 1.0 Unleashed book, which I’m looking at right now.

Continue...


Want to know how to really hack?

An interesting post by a computer hacker explaining how to really hack.

5 Comments | Continue...


Rigging the DreamHost Site of the Month Contest

Since I was disqualified and accused of cheating, which is absolutely false, I decided to go ahead and do the crime I have been punished for. That’s right, I’m going to show YOU how I could have rigged the DHSOTM contest to hopefully make the statement that I absolutely did not cheat and I absolutely want to be re-instated as the winner.

Continue...


Install multiple OS Without Cds

I had a CD-RW drive but being a struggling computer security researcher I had no money for blank cd-recordables. What follows is how I managed to install various operating systems on my computer (1 hard drive) without having to burn to a CD the ISO and then boot from that.

7 Comments | Continue...


Apache Variable Fun in htaccess

Server and Environment Variables are used by The Apache HTTP Server by provides a mechanism for storing information. This information can be used to control various operations such as logging or access control.

3 Comments | Continue...


htaccess HTTPS / SSL Tips, Tricks, and Hacks

Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.

1 Comment | Continue...


Security with Apache htaccess Tutorial

Apache Security tips and tricks for securing Apache Web Servers using htaccess, httpd.conf, and other built-in techniques to thwart attackers. This really should be required reading for any Apache admin or user because these little tricks are so easy to do.

Tagged: , , , | 2 Comments | Continue...


Apache Authentication in htaccess

How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work


10 Comments | Continue...


Speed up your site with Caching and cache-control

Caching with .htaccess and Apache will take your website and your web skills to the next level. This is some technical and advanced methods condensed to simple htaccess code examples for you.

5 Comments | Continue...


SEO Redirects without mod_rewrite

Web Professionals use mod_rewrite to issue 301 and 302 Redirects for Search Engines. Sometimes you may not have mod_rewrite.c or you want an alternative redirect method. Using mod_alias RedirectMatch you can use REGEX in Redirect commands!

Tagged: , | 11 Comments | Continue...


PHP htaccess tips and tricks

Htaccess php tips and tricks for the Apache HTTPD Web Server, mostly these tips show you how to run customized versions with customized php.ini files, I require custom php.ini files because they are so useful!

1 Comment | Continue...


Manipulating HTTP Headers with htaccess

Apache .htaccess and httpd.conf have the power to send and manipulate HTTP Header Requests like sending P3P privacy headers, Content-Type: UTF-8, Content-Language, etc. The power is immense and you can do some really cool stuff with HTTP Headers!

13 Comments | Continue...


htaccess Tricks for Webmasters

Some of my favorite htaccess examples from some of my favorite .htaccess tutorials. These cut-and-paste ready htaccess code snippets are very useful for website and server administrators.

Tagged: , | 9 Comments | Continue...


htaccess rewrite, htaccess

Comprehensive .htaccess example file with advanced examples in 1 htaccess sample skeleton .htaccess file with the very best apache htaccess examples… Updated frequently based on detailed info from the Apache htaccess tutorial.

8 Comments | Continue...


Sending POST form data with php CURL

CURL Guide for sending POST data form request with PHP and CURL

Tagged: , , , , | 17 Comments | Continue...


Fight Blog Spam with Apache

Fighting Blog Spam with Apache htaccess and other methods.

1 Comment | Continue...


Port Redirector

can you please suggest me any tiny and good port redirector
for linux and unix like oses ?
so that when I connect to the box to a given port it redirects my connection
to another box and port that I can chose ?
thanx a lot

1 Comment | Continue...


Arp Packet Hacking

Part deux of Want to know how to really hack?
Question: can i arp poison a MAC which is not in my LAN or Network?

What about double-encapsulation? Like embedding the arp within something else..
I’d study the wire capture for awhile and use tools like isic and hping3 to see what types of rules are in place…
Then you can always try random weird protocols like a different vlan header on the packet or something… ettercapNG would allow this to work with some mods.
Maybe you should try accessing the switch/router that is inbetween the lans… that is what I would try first… determine device type and version, research the heck outta it, and see what you come up with… default password maybe? Then you could setup a 2-way mirroring situation on the switch or router.
Anothr little trick I’ve had to do is configure a dhcp or bootp server on a nix box and then turn off and on the power of the building to reboot the device. Usually for the first few seconds of the reboot it will allow things to happen which usually don’t. But if you configure the dhcp or bootp correctly, your in. Like maybe for the first 5 minutes after a reboot, access to a builtin webserver for remote configuration will be running. If so you can then learn the type and version, then find ways to breach with this info.
No switch or router can stop you.. infinite ways to attack this..
If you have unix flavor try messing around with the following programs.. arp, route, ifconfig, vconfig, arping, rarp.
If arp doesn’t go through youcould try and imitate the gateway that is allowed to send arp, and then try again.
arping might be especially useful to you.
#sends an arp reply to dest_ip from source_ip from interface eth0
 
$ arping -A -I…

Continue...




Youtube experiment.. just testing!.. 5 autostarting songs..
My Picks


The love of liberty is the love of others; the love of power is the love of ourselves.
-- William Hazlitt


Someone's Reading
Most Popular 100
Newest Posts
I'm Reading
Tech Topics
Website Speed Tips Series
  1. Turn On Compression
  2. Add Future Expires Header
  3. Add Cache-Control Headers
  4. Turn Off ETags
  5. Remove Last-Modified Header
  6. Use Multiple SubDomains

Good Causes

The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee



It's very simple - you read the protocol and write the code. -Bill Joy

HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C | TLDP | WAI | DISA | ICSI | GIAC | SANS RR | GHOST | DEFCON | NIST | DHS CYBER | NIST | Phrack | GDB | IEEE | GIT | GNU LIBC

↑ TOPExcept where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. HTTPD based on NCSA HTTPd

Site Map | Contact Webmaster | Email AskApache | Glossary | License and Disclaimer | Terms of Service