banner_525x75

How to install Soyoustart or OVH server without Raid 1

OVH or soyoustart control panel is not very user-friendly to use, recently I’ve been working on a client server with 3 disks on it. The client needed all those disks to be used for space. However ovh/soyoustart usually installs servers in Raid 1. So if a server has 3 * 120GB of disks you can only use 120GB disk space.

Even though its not very good idea to put a server in raid 0, but some times space requirement is more important. In this article, we will see how we can install a server without raid 1 and make sure that we can make use of complete space provided by 3 disks combined.

Step 1: Start installation!

The first step in this process will be to install the operating system with raid 0 only on disk one, later we can use other disks to either create volume groups or mount them directly. Let see how we can do that.

Continue reading…

 

Use Burp Proxy to Intercept HTTP Traffic!

Burp proxy is a very nice tool to intercept HTTP traffic, it normally comes pre-installed with kali linux. In this article we will see how we can use burp proxy on Ubuntu and intercept GET and POST requests. I’am writing this separate article for burp proxy because some of its features are promising like stopping the web requests on fly from their GUI panel. You can also modify HTTP GET or post arguments. That’s is why its considered very useful tool in penetration testing.

We will start with the installation and move further towards intercepting HTTP traffic, so let see how we can use burp proxy to intercept HTTP traffic.

Continue reading…

 

Automate Cross Site Scripting (XSS) attack using Beautiful Soup and Mechanize

Python can be used to develop a small customized application to automate cross site scripting attack, it can be very useful if you are performing a penetration test and need to automate few tasks. We will be using two python libraries Beautiful Soup and Mechanize to parse the website document and than submit forms using Mechanize.

Cross Site Scripting is very old but serious security threat to many of the web applications today, it involves JavaScript , as you know JavaScript is a client side code so that is the reason its a still a serious threat, one can use cross site scripting to stole cookies, stole saved password perform redirects and more. Let see how we can automate the penetration test against this web application vulnerability.
Continue reading…

 

Combine Python Graphical User Interface with SQL Injection

Python is great language for penetration testing, I saw that people mostly develop python applications with command line versions only. How ever python have such a beautiful library named Tkinter to develop a graphical user based application, in this article we will combine Tkinter with sql injection to create a small GUI application that can check a website for SQL Injection vulnerability. In this tutorial we are going to use SQL Injection code from tutorial present at:

Use Python to automate SQL Injection!

Note: Article mentioned above is a must read, without reading the article above it might be hard for you to understand few things, but I’ve tried to explain everything in details.

This article provide you with basic understanding of how you can use python to automate SQL Injection. Now that you have good knowledge of how you can use python for penetration testing purposes we should first learn some basics about the Tkinter module.

Continue reading…

 

Use Python to automate SQL Injection!

Manually testing for SQL Injection on your web application is really a hectic job, and some times the automatic scanners available does not actually fit your needs. Python comes to our rescue with its rich set of available libraries that can easily automate this task for us. You can easily write python scripts that fits your application requirement plus you get the automation as well. In this article we will see how we can use python to automate sql injection tasks.

How to use sqlmap to hack a website through SQL Injection!

Before actually jumping to SQL Injection , we need to explore another python module named ‘requests‘ , this module is really helpful in making web requests towards any web site. We will use  this module to automate our injection tests.
Continue reading…

 

How to install and configure ModSecurity on cPanel/WHM!

Website security is very important matter to date, and ModSecurity is one of the best web application firewall out there helping many web masters around the world securing their web application. Already a lot of hosting companies and individual users are using cPanel/WHM to manage their web servers, in this article we will see how we can install and configure ModSecurity on cPanel/WHM. So lets get to it!
Continue reading…

 

How to install missing PHP Extensions in cPanel/WHM

PHP is one of the most used server side programming language. Mostly PHP becomes the reason for a website to become slow, for that reason PHP is a modular language and all the PHP modules/extensions are not installed by default so that it can be as light weight as possible. Now different kind of applications have their own customized needs that are not included in default PHP installation, so you need to install those missing php extensions for your application to behave normally. In this article we will see how to install missing PHP extensions in cPanel/WHM.

Most web hosting companies or even individual uses cPanel/WHM to control their web server behavior and for ease of use, but cPanel does not install all the extension that may be required to run a PHP application.

Continue reading…

 

How to move Website + Database from cPanel to vestaCP!

In our previous article, we explained how to use vestaCP and explored some of its features. If you haven’t already read the article you can go and read at cPanel Alternative: VestCP. But if you already have an idea on how to use vestCP than its fine to continue with this article. In this article, we will see how to move website + database from cpanel to vestaCP server.  So let’s dive into it.

Step 1: Compress website data and download database!

The first step of the transfer begins with obtaining your data from cPanel server. Log in to your cPanel account and open File manager.
Continue reading…

 

How to install ModSecurity (mod_security) in apache web server on Ubuntu!

ModSecurity is one of the best web application level firewall, it can stop most of the common web attacks before even they reach your web application. If your website is vulnerable to an XSS attack, and ModSecurity is installed in your server than it can easily prevent that attack from reaching your web application, that does not means you should stop securing your web application, but its another layer of security for your web applications. In this article we will see how to install modsecurity in apache server.

We will manually compile it from source, so that we can have all the options available for us to modify and make good use of modsecurity.
Continue reading…