Category Archives: sysadmin

sysadmin

Firewall Security Testing

Firewall Security Testing | Check out this article on Firewall Security Testing: If this topic is relevant to your interests, you may want to check out related training options: Assessing & Securing the Perimeter “Mastery of multiple security techniques are required to defend your network from remote attacks. InfoSec Institute’s Assessing and Securing the Perimeter takes you there.” Complete

Install nmap 6 on Debian or Ubuntu Linux

Install nmap 6 on Debian or Ubuntu Linux | nmap 6 is out! It will be a couple of centuries before this is available in Debian, so I’ll show you how to easily create a .deb package right now. The following steps will provide a .deb package which is easy to cleanly uninstall at anytime as needed. Updated 19 June 2012! 1. First install

Use Curl to Fetch ASP.NET Version Banner

Use Curl to Fetch ASP.NET Version Banner | The version of ASP.NET is sent in a banner with http requests and can be viewed with a curl command. I’ll show you how! X-AspNet-Version: 2.0.50727 To view this with curl, use tack capital I and fetch any url ending in .aspx. A random url ending in .aspx works as well: $ curl -I 10.112.12.67/asdfsaf.aspx

Perform DNS Lookups with the host command

Perform DNS Lookups with the host command | The dig command is commonly used to make DNS queries. However, a much overlooked command is the host command. Here are some quick tips for a useful tool to add to your bag of tricks or to impress your friends. The syntax is: $ host [domain.com] When run with no options, a simple quick summary

The Importance of Securing a Linux Web Server

The Importance of Securing a Linux Web Server | Linux web hosting is popular but that also makes Linux a target for malware and other malicious hacking. Here is a write up pointing out some general best practices for Linux web servers: The Importance of Securing a Linux Web Server If you find this topic interesting, you may also be interested in Linux Boot

Fun with SHODAN

Fun with SHODAN | Shodanhq.com is awesome. These are fun: http://www.shodanhq.com/search?q=X-Powered-By%3A+PHP%2F5.1.2 Many sites running old PHP from 2006. Edit as desired to find an old php target. http://www.shodanhq.com/search?q=X-AspNet-Version%3A+1.1.4322 Incredible how many sites still use ASP .NET 1.x http://www.shodanhq.com/search?q=%22cisco-ios%22+%22last-modified%22 Web management pages for Cisco devices that have authentication disabled. http://www.shodanhq.com/search?q=Server%3A+Microsoft-IIS%2F5.0+ IIS 5.0 http://www.shodanhq.com/search?q=Server%3A+Apache%2F1. Ancient versions of Apache still in use

Security Dangers of Web Management Interfaces

Security Dangers of Web Management Interfaces | Web management interfaces are an often neglected area in regards to security. Here is a good write up demonstrating how easy it is to find vulnerable web management logins for hacking as well as some best practices: Security Dangers of Web Management Interfaces If you find this topic interesting, you may also be interested in