In the last days i have been playing with Apache and SpeedyCGI to make openwebmail perl scripts to run faster but until now i havet been able to doit on OpenBSD 4.8 machine, i know i have to UPGRADETHEF...SYS but i ll doit i promise but since i was not able to doit i have to look for alternatives and this one is using lighttpd since its a good example for fast and light webserver now im playing to use at the en nginx since OpenBSD crowd has moved to that server, any way here it is the very very basi configuration for lighttpd.conf for serving openwebmail files
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_fastcgi",
"mod_cgi",
"mod_accesslog" )
server.document-root = "/var/www/htdocs/"
alias.url = ( "/cgi-bin/" => "/var/www//cgi-bin/" )
accesslog.filename = "/var/www/logs/access.log"
server.errorlog = "/var/www/logs/error.log"
server.use-ipv6 = "enable"
$SERVER["socket"] == "0.0.0.0:80" { }
url.access-deny = ( "~", ".inc" )
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.pid-file = "/var/run/lighttpd.pid"
# chroot() to directory
#server.chroot = "/var/www/"
server.user = "www"
server.groupname = "www"
cgi.assign = ( ".pl" => "")
i omit the lines that i did not touch so here is the basic for serving openwebmail but thereis nothing with php or fastcgi or any other
|
{|:{
|
The last days i have been trying to use metasplot with proxychains just to play with and learn a little i have just figure out the basic use of proxychains and metasploit but when i went to use metasploit with proxychains the problems came out:
|S-chain|-<>-127.0.0.1:9050-<><>-127.0.0.1:5432-<--denied
[-] Failed to connect to the database: could not connect to server: Connection refused
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 5432?
so i start reading firs over the internet and found that i have to tweak the proxychain.config file in order to fix the problem i got it from this site:
https://forums.kali.org/showthread.php?17233-Proxychains-and-Metasploit
+
~----> /etc/proxychains.conf:::localnet 127.0.0.1 000 255.255.255.255
use the line above with no luck so i check out if postresql were up, and it ware not so i start it up but the problem still there and after several tries to fix the problem using the localnet configurations none of thease seems to work then i try to set up tor over different network so proxychains does not get confused on when to proxying the request but this does not fix the problem
|
[|:¬(
|
after several tries to fix this problem i have just get it fixed and stated that:
check out tor works ok
$ sudo service tor start|status
check out postgre
$ sudo service postgresql start|status
and finally
$ sudo proxychains msfconsole
BINGO!!!
|
[|:¬)
|
so all the time the problem were this the use of sudo wich means that when proxychains tries to bind up with postgres then the system does not allow it why i could not see this on the logs well i was not checking the logs DAMM! but here is the correction
i found this on the log for tor /var/log/tor/log
Nov 07 13:09:39.439 [warn] Your application (using socks4 to port 5432) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS. [1 similar message(s) suppressed in last 5 seconds]
Nov 07 13:09:39.454 [warn] Rejecting SOCKS request for anonymous connection to private address [scrubbed]
Nov 07 13:09:39.462 [warn] Rejecting SOCKS request for anonymous connection to private address [scrubbed]
now using sudo:
Nov 07 13:11:49.728 [warn] Your application (using socks4 to port 53) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.
meaning no complains :0
here are the steps i use to install Metasplot framework on Linux Mint 13 i have just use the tutorial by darkoperator http://www.darkoperator.com/installing-metasploit-in-ubunt/ but in practice when i follow the instructions there were some errors so i put all my steps with the changes! here they are no explanations at all if u want the explanation go to darkoperator tuto : p
UPDATEs
$ sudo apt-get update
$ sudo apt-get upgrade
INSTALLs packages needed
$ sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql-9.1 pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
$ sudo gem install wirble sqlite3 bundler
NMAP
$ mkdir ~/Development
$ cd ~/Development
$ svn co https://svn.nmap.org/nmap
$ cd nmap
$ ./configure
$ make
$ sudo make install
$ make clean
USERSnDBs
$ sudo -s
$ su postgres
$ createuser msf -P -S -R -D
$ createdb -O msf msf
$ exit
$ exit
Framework
$ cd /opt
$ sudo git clone https://github.com/rapid7/metasploit-framework.git
$ cd metasploit-framework
$ sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'
$ curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz
$ sudo tar -xvzf /tmp/armitage.tgz -C /opt
$ sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
$ sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
$ sudo mkdir -p /usr/local/share/armitage
$ sudo su
# echo java -jar /usr/local/share/armitage/armitage.jar \$\* > /usr/local/share/armitage/armitage
# exit
$ touch /usr/local/share/armitage/teamserver
$ perl -pi -e 's/armitage.jar/\/usr\/local\/share\/armitage\/armitage.jar/g' /usr/local/share/armitage/teamserver
$ bundle install
create the database.yml file that will contain the configuration parameters that will be use by framework:
$ sudo joe /opt/metasploit-framework/database.yml
production:
adapter: postgresql
database: msf
username: msf
password:
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5
provide the password you entered in the user creating step in the password field for the database:
$ sudo su
# sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml" >> /etc/profile
# source /etc/profile
# exit
i did not found the pcaprub on /opt/metasploit-framework/external as the tutorial says so i use git as the git web page of pcabrub says
$ git clone git://github.com/shadowbq/pcaprub.git
$ cd /opt/metasploit-framework/external/pcaprub/
$ sudo ruby ext/pcaprub/extconf.rb
$ sudo make && sudo make install
-oxes ~ $ msfconsole
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.8
Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
EFLAGS: 00010046
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
ds: 0018 es: 0018 ss: 0018
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
Stack: 90909090990909090990909090
90909090990909090990909090
90909090.90909090.90909090
90909090.90909090.90909090
90909090.90909090.09090900
90909090.90909090.09090900
..........................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
ccccccccc.................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
.................ccccccccc
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
..........................
ffffffffffffffffffffffffff
ffffffff..................
ffffffffffffffffffffffffff
ffffffff..................
ffffffff..................
ffffffff..................
Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing
=[ metasploit v4.8.0-dev [core:4.8 api:1.0]
+ -- --=[ 1216 exploits - 661 auxiliary - 189 post
+ -- --=[ 322 payloads - 30 encoders - 8 nops
msf >
hummmm (}:{)
-oxes ~ $ msfconsole
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.8
Call trans opt: received. 2-19-98 13:24:18 REC:Loc
Trace program: running
wake up, Neo...
the matrix has you
follow the white rabbit.
knock, knock, Neo.
(`. ,-,
` `. ,;' /
`. ,'/ .'
`. X /.'
.-;--''--.._` ` (
.' / `
, ` ' Q '
, , `._ \
,.| ' `-.;_'
: . ` ; ` ` --,.._;
' ` , ) .'
`._ , ' /_
; ,''-,;' ``-
``-..__``--`
http://metasploit.pro
=[ metasploit v4.8.0-dev [core:4.8 api:1.0]
+ -- --=[ 1216 exploits - 661 auxiliary - 189 post
+ -- --=[ 322 payloads - 30 encoders - 8 nops
msf >
|
yeay ! {|:)
|