Thursday, November 21, 2013

what I learned today

Well today was quite fun...I learned:
  1. if you change aliases in postfix you need to run "newaliases" command...postfix restart ain't helping
  2. if you install sslh multiplexer change the config to "run=yes" and not "run=YES"
  3. your webserver needs to be configed that it only listens locally on 443 otherwise you get a port bind fuckup
  4. how to enforce ssl to prevent some nasty MITM (see sslstrip)
  5. enabling HTTP Strict Transport Security
  6. don't drink and config :D <-- I did not, but that's a general tip

Monday, November 18, 2013

Server Security: Crack user passwords to prevent intrusion via a user account

This surely is controversial and should only be done by hash comparison on a business system (if at all)! But I use that for my shell host server where I need the security.

A user account on your server, especially if you have 100+, can be a problem and the first step to a pwnage. To prevent this we just use John the Ripper + password lists with common passwords and bruteforce our way through.

  • Install John the Ripper
  • get this password list http://dazzlepod.com/site_media/txt/passwords.txt (it's 10times bigger than the default one)
  • unshadow /etc/passwd /etc/shadow > ~/pass.txt
  • john -wordlist:passwords.txt ~/pass.txt
This will take some time since it is quite a big list. 
If you find something tell the user to change his password.
That's it.

Monday, November 4, 2013