Author: Dasun Hegoda

Linux Command

Top 10 Linux Command Examples

Today let’s focus on a Linux command list that will be useful to a newbie who is just starting off with Linux. It doesn’t matter whether you are a web developer or software engineer if you are going to use Linux you have to learn these. These commands are used day to day to get done work.

I don’t want to talk about the typical command list that is on the internet rather I would like to go beyond that and introduce couple of useful Linux commands. For the below commands you can find tons of tutorials.

  • cd
  • mv
  • cp
  • ls
  • pwd
  • ifconfig,
  • mkdir

So let’s move on.
– Read More –

High Availability Deployment Architecture

What’s High Availability

High availability is a critical success factor for any given enterprise application. Today we’ll go through how to design and deploy an application with high availability. First things first. Let’s see what’s high availability.

High availability is a characteristic of a system, which describes the duration (length of time) for which the system is operational. – Wikipedia

In simple words high availability can be defined as running a system 24*7 without a downtime even if there are hardware and software failures. In other way a fault tolerance application. This helps ensure uninterrupted use of the application for it’s intended users. If you need more information you can read this article. Also you might be thinking when is the right time to introduce high availability in your application? The answer is here.

Following is an architecture that supports high availability. It’s the minimal requirement to implement high availability in your application(Note that in the database cluster you can have master-slave instead of master-master depending on your requirement).

High Availablity Deployment Architecture

High Availablity Deployment Architecture

– Read More –

SSH Tunnelling – Local Port Forwarding

Introduction

Today we are going to experience the power of the SSH(Secure Shell) command. Yes Linux. I recently wrote an article on X11 forwarding that allows to map your local computer’s GUI to server where SSH is used underneath. It’s time for you read it if you haven’t. To understand the today’s topic let’s 1st look at what’s tunnelling that’s the foundation. In wikipedia tunnelling is defined as follows.

In computer networks, a tunneling protocol allows a network user to access or provide a network service that the underlying network does not support or provide directly. – wikipedia

SSH tunnelling can be created using three kinds of port forwarding mechanisms as mentioned below.

  • Local port forwarding – Today’s topic
  • Remote port forwarding
  • Dynamic port forwarding

Local Port Forwarding via SSH

Today we are going to focus on local port forwarding. This can be used to access a network that is not accessible directly. Let’s take an example and see. The following image is used to elaborate the scenario.

Local Port Forwarding Using SSH

– Read More –

Apache Access Logs to MySQL Database

Apache Access Logs

Centralising Apache logs can be useful in many scenarios. Let’s get the basics 1st. So Apache logs can be defined as

In order to effectively manage a web server, it is necessary to get feedback about the activity and performance of the server as well as any problems that may be occuring. The Apache HTTP Server provides very comprehensive and flexible logging capabilities.
Today we’ll setup Apache to log each access request to MySQL database rather than storing it in a flat file. Unlike logging to a flat text file, a SQL-based log exhibits tremendous flexibility and power of data extraction. Let’s dive in.

and Apache access logs can be defined as

The server access log records all requests processed by the server. The location and content of the access log are controlled by the CustomLog directive.

Today let’s see how to setup Apache to use MySQL to store the all the logs. Apache access logs will be sent to MySQL database through the Apache log module.

Apache Access Logs to MySQL

Apache Access Logs to MySQL

– Read More –

Web Shell – WSO – Security – #ImAWhiteHat

So WSO!!!

By attempting any of the things listed in this blog post you accept full responsibility for your actions and I will not be held responsible whatsoever. This tutorial is strictly for penetration testers only. 

Today we are going to talk about a slightly different topic. I’m pretty sure you are going to love it if you are techie like me. This post is strictly dedicated to security personals out there who are white hats(neither black hats nor grey hats). Hacking or in other terms exploiting a vulnerability is an interesting topic that is also a massive area to be studied. The topic comes under computer security. This blog post will focus on controlling a remote server via a small script which is called a web shell. A popular one has a variation and is known as the ‘WSO Web Shell’. Today we’ll see what we can do with it and how.

So a web shell can also be defined as a type of Remote Administration Tool (RAT) or Backdoor. The web shell can be a full featured administrative GUI which has all the features you need to own/run/destroy a server or as simple as a single line of code that simply takes commands through a browser’s URL and execute it in the server. Beauty is web shells can be written in any language that a server supports. As an example WSO, the one we are going to look at today is written in PHP. So let’s assume that you are running Apache with PHP you will be vulnerable for PHP web shells such as this mighty WSO if you don’t have proper security in place. Most dangerous part is when the shell is installed, it will have the same permissions and abilities as the user who put it on the server. Now you know what’s a web shell is. If you are looking for a list of web shells that are being used in the tech world you can find them right here. Also makes sure that you have harden the Apache server as given this this blog post. – Read More –

Older Posts
Newer Posts