what I learned today

Well today was quite fun...I learned:

1. if you change aliases in postfix you need to run "newaliases" command...postfix restart ain't helping
2. if you install sslh multiplexer change the config to "run=yes" and not "run=YES"
3. your webserver needs to be configed that it only listens locally on 443 otherwise you get a port bind fuckup
4. how to enforce ssl to prevent some nasty MITM (see sslstrip)
5. enabling HTTP Strict Transport Security
6. don't drink and config :D <-- I did not, but that's a general tip

Server Security: Crack user passwords to prevent intrusion via a user account

This surely is controversial and should only be done by hash comparison on a business system (if at all)! But I use that for my shell host server where I need the security.

A user account on your server, especially if you have 100+, can be a problem and the first step to a pwnage. To prevent this we just use John the Ripper + password lists with common passwords and bruteforce our way through.

• Install John the Ripper
• get this password list http://dazzlepod.com/site_media/txt/passwords.txt (it's 10times bigger than the default one)
• unshadow /etc/passwd /etc/shadow > ~/pass.txt
• john -wordlist:passwords.txt ~/pass.txt

This will take some time since it is quite a big list. 

If you find something tell the user to change his password.

That's it.

Hurricane Electric IPv6 Certification

Well I have done it and I even got my shirt *hurray*. THANKS HE!