Integration of Apache-PHP-MySQL on Linux

Most of us know how to integrate and configure Apache-PHP-MySQL on windows. Let’s see the same on Linux. This process is termed as configuring LAMP server- L(inux)-A(pache)-M(ySQL)-PHP/Perl.

I have Windows and CentOS running in my PC so I directly configured LAMP on CentOS by installing each required package. However in case you do not have a linux installed separately you can use the vmware to run linux on your windows machine. Same steps are followed in configuring LAMP whether linux running on separate machine or running on windows using vmware.


Setup#1: How to run linux on windows- simple steps

First requirement: vmware player, download it here and install it just like any other program on windows

Now download your favourite linux flavour, here I have used fedora 13 (fedora-13-i686-live.iso) Download from here.

Now we have to make vmware player talk to linux for which you need to download a small file from wolphination.com site, however that file has been obsolete now from the official website of wolphination. So I am uploading the file here. It’s named as OS.zip file. Download and extract it in your C drive as C:\OS which contains two files OS.vmx and OS.vmdk. Now place your downloaded linux iso file in to this folder. So the folder C:\OS contains OS.vmx, OS.vmdk and fedora-13-i686-live.iso.

Now open OS.vmx using notepad and edit the line that says ide1:0.fileName “C:\Your file”. Edit this line and make it point to the Linux version you downloaded. So mine changes to C:\OS\ fedora-13-i686-live.iso and save this file.

You are all set to launch linux on windows using vmware player

Just double Click on OS.vmx and in a min or less time, depending on your RAM, the Linux will start up.

Setup#2: Installing LAMP using Yum

This is the easiest way to install LAMP using Yum. Make sure your PC has internet connection before starting installation.

Once you logged in, open terminal and type:

yum install httpd php mysql-server mysql

this will install httpd (apache web server) php, mysql-server and mysql

Once installation is complete, start the web server and mysql server by typing

service mysqld httpd start

Once both services are running, you can point your browser to http://localhost and you should see a welcome page from fedora, CentOS (depending on the flavour you are running). If you see that welcome page, you just installed everything successful.

To test if php is running, go to /var/www and create an index.php file with the content below using your favourite editor and save.

<?

   php phpinfo();

?>

and refresh your browser again. If you see a purple PHP information page showing all the php configuration variables, then php is running now.

Congratulation, you just successfully installed LAMP in your machine.  I configured it on fedora and CentOS and the installation steps are same whether you are running on vmware or on separate linux server.

Breaking in to computers- Newbie Series-2

Portà Serviceà Application àErrors >> Vulnerabilitiesè Compromise Security:

Have you got any clue on what I am going to write here by seeing the above equation?

From the result of the equation you might be have got the hint that I am going to write about the factors that compromise security.

My previous post focused on breaking in to computers by re-setting passwords or changing the admin/root passwords and also gaining admin privileges from guest accounts. These are breaking in to computers for which you have physical access. Then, what about remote computers? If the computer is connected to internet then there is every chance of it being attacked. It can be your own computer if connected to internet or LAN.

You see, when you are connected to the Internet, then you have millions of other untrusted systems connected to it as well. If somehow someone found out your IP address, then they could do probably anything to your system. They could exploit any vulnerability existing in your system, damage your data, and even use your system to hack into other computers.

What I mean to say by that is that there are a number of Scripts and utilities available which scan all IP addresses between a certain range for predefined common vulnerabilities. For Example, Systems with File Sharing Enabled or a system running an OS which is vulnerable to the Ping of Death attack etc etc As soon as a vulnerable system is found, then they use the IP to carry out the attacks.

Let’s see how one can break in to a computer at remote location connected to internet.

I will also shed light on how to secure your system whether connected to internet / LAN or simply a standalone system.

Before going further, let’s understand the terms port and port numbers.

What is a port?

In computer networking, the term port can refer to either physical or virtual connection points. Physical network ports allow connecting cables to computers, routers, modems and other peripheral devices. Several different types of physical ports available on computer network hardware include: Ethernet ports, USB ports, serial ports.

Virtual ports are part of TCP/IP networking. These ports allow software applications to share hardware resources without interfering with each other. Computers and routers automatically manage network traffic traveling via their virtual ports. Network firewalls additionally provide some control over the flow of traffic on each virtual port for security purposes.

What is a Port number?

A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server. For the Transmission Control Protocol and the User Datagram Protocol, a port number is a 16-bit integer that is put in the header appended to a message unit. This port number is passed logically between client and server transport layers and physically between the transport layer and the Internet Protocol layer and forwarded on.

Port numbers are the entry and exit points of your computer. Standard services run on standard port numbers and from the port number, you get to know the service running on your computer, service is used to access an application and, any errors in the application is a vulnerability which makes the job of attacker easy. A software/script/code can be written to take advantage of this vulnerability. So, are the open ports a threat to security?  Then, how can I find the open ports on my computer?

We can find out the network statistics using netstat command. In the command prompt, type “netstat –a” without quotes and press enter. The –a option is used to display all open connections on the local machine. It also returns the remote system to which we are connected to, the port numbers of the remote system we are connected to (and the local machine) and also the type and state of connection we have with the remote system.

Here we go,

Let me pick up the last line and explain the output:

Proto Local Address                Foreign Address                                               State

  TCP    prince: 4226             bom01s01-in-f83.1e100.net: https               ESTABLISHED 

lets see what each term means,

Protocol: TCP (This can be Transmission Control Protocol or TCP, User Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.)

Local System Name: prince (This is the name of the local system that you set during the Windows setup)

Local Port opened and being used by this connection: 4226

Remote System: bom01s01-in-f83.1e100.net (This is the non-numerical form of the system to which we are connected.)

Remote Port: https (This is the port number of the remote system bom01s01-in-f83.1e100.net to which we are connected.)

State of Connection: ESTABLISHED

So from the above what we can see is ‘netstat –a’ shows the open ports on my system and anyone can connect to them.

How do I know if an open port is a threat to my system's security or not? How can I close those ports?

Before going in to that, let us know a bit more about the ports

Ports and their ranges:

Standard well known ports range: 0 to 1023.

The ports in this range are bound to services running on them. Each port has usually has a specific service running on it. You see there is an internationally accepted Port Numbers to Services rule, (refer RFC 1700 Here) which specifies as to on what port number a particular service runs. For Example, By Default or normally FTP runs on Port 21. So if you find that Port 21 is open on a particular system, then it usually means that that particular system uses the FTP Protocol to transfer files.

The Registered Ports range: 1024 to 49151.

This range of port numbers is not bound to any specific service. Actually, networking utilities like your Browser, Email Client, FTP software opens a random port within this range and starts a communication with the remote server. A port number within this range is the reason why you are able to surf the net or check your email etc.

If you find that when you give the netstat -a command, then a number of ports within this range are open, then you should probably not worry. These ports are simply opened so that you can get your software applications to do what you want them to do. These ports are opened temporarily by various applications to perform tasks. They act as a buffer transferring packets (data) received to the application and vice-versa. Once you close the application, then you find that these ports are closed automatically. For Example, when you type www.hotmail.com in your browser, then your browser randomly chooses a Registered Port and uses it as a buffer to communicate with the various remote servers involved.

The Dynamic and/or Private Ports: 49152 to 65535.

This range is rarely used, and is mostly used by Trojans, however some application do tend to use such high range port numbers. For Example, Sun starts their RPC ports at 32768.

What we have to do when the netstat command gives us the couple of open ports?

1. Check the Trojan Port List and check if the open port matches with any of the popular ones. If it does then get a Trojan Removal and remove the Trojan.

2. If it doesn't or if the Trojan Remover says: No Trojan found, then see if the open port lies in the registered Ports range. If yes, then you have nothing to worry, so forget about it.

How can you safeguard your system?

How can you know if some one is trying to enter your system through any of the open ports? The answer is a firewall; most anti virus software are providing inbuilt firewalls these days.

What exactly a Firewall do?

Well, in a non-technical language, a firewall is basically a shield which protects your system from the untrusted non-reliable systems connected to the Internet. It is software which listens to all ports on your system for any attempts to open a connection and when it detects such an attempt, then it reacts according to the predefined set of rules. So basically, a firewall is something that protects the network (or system) from the Internet.

Now, for a better 'according to the bible' definition of a firewall: A firewall is best described as software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from the Internet to your private internal network.

NOTE: This was a very brief description of what a firewall is! I would not be going into the details of their working.

The term 'Firewalls', (which were generally used by companies for commerical purposes) has evolved into a new term called 'Personal Firewalls'. Now this term is basically used to refer to firewalls installed on a standalone system which may or may not be networked i.e. It usually connects to an ISP. Or in other words a personal firewall is a firewall used for personal use.

Firewalls listen to all ports for any connection requests received (from both legitimate and fake hosts) and sent (by applications like Browser, Email Client etc.) As soon as such an instance is recorded, it pops up a warning asking you what to do or whether to allow the connection to initiate or not. This warning message also contains the IP which is trying to initiate the connection and also the Port Number to which it is trying to connect i.e. the Port to which the packet was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability attacks etc. So basically it acts as a shield or a buffer which does not allow your system to communicate with the untrusted systems directly.

Most Personal Firewalls have extensive logging facilities which allow you to track down the attackers. Some popular firewalls are:

1. BlackICE Defender: It’s an IDS for PC's. It's available at http://www.networkice.com.

2. ZoneAlarm: The easiest to setup and manage firewall. Get it for free at: www.zonelabs.com

Once you have installed a firewall on your system, you will often get a number of Warnings which might seem to be as if someone is trying to break into your system, however, they are actually bogus messages, which are caused by either your OS itself or due to the process called Allocation of Dynamic IP's. For a detailed description of these two, I will post in my forthcoming posts. This comes to an end of our discussion on breaking in to remote computers and safeguarding our systems from remote attacks. Hope this is useful for you.

Breaking in to computers- Newbie Series-1

Most of us know how to change/reset passwords or gain admin privileges from guest account in windows. So, let’s see how this can be done for Unix/Linux based OS.

Let’s see how to change/reset the root password?

Getting Root on a Linux machine:

Root is nothing but sort of a user, who has maximum privileges, and can do whatever he wants to do on a system. ‘Root’ to Linux is what Administrator is to Windows.

Well, in this section, we are not going to run any C program nor are we going to do any kind of coding, but we will simply exploit a small vulnerability existing in a feature which comes with Linux.

Before we move on, there is one thing that you need to keep in mind. i.e. for this to work, you need to have physical access to the target system.  First boot the target system and wait for the LInux LOader or LILO prompt to come up.

At the LILO prompt type ‘linux single’ (without quotes) or ‘linux 1’ to get the root shell where you can practically do anything.

If you have grub boot loader, re-boot the system and press space bar until you get grub screen, then press ‘e’ to edit it. Press ‘e’ again on Kernel (line starting with Kernel) , in the new window press space bar and type ‘1’ and press enter. Now press ‘b’ to boot OS in run level-1 or to get the root shell.

After re-boot, Linux single is running and you get the root shell where you can type can any command which is accepted by the default shell on your system. Now, here, type ‘linuxconf’. This will bring up a blue screen, which is the Linux Configuration Utility. Then, click on Users > Root Password. This will allow you to change the root password!!! Yes, you read right, change the root password. Scroll down further, and you could also add new accounts with root privileges.

The linux config utility is certainly not a hole in Linux. It was actually designed to help, if the root password was forgotten.

Create a new account with root privileges:

Method-1

Well, there is yet another way in which we can get root. In the first method, we typed ‘linuxconf’ in the bash shell prompt; however, we could type the following to create a new account with root privileges and without any password:

echo “rajkumar::0:0:::” >> /etc/passwd

 This command will basically edit the /etc/passwd file which is the password file which stores the Passwords and Usernames of all accounts on the machine. One thing to remember here is that you can edit the /etc/passwd file only if you are logged in as root, however, in this case we are not logged in as root, but we have booted into linux single which gives us the root shell. Hence, we can still edit it.

Anyway, to understand how exactly the above command works and how it is able to create a new account without a password, we need to learn the /etc/passwd file is structured.

The following is a line from a password file:

 rajkumar:my_password:2:3:Rajkumar Godi:/home/rajkumar:/bin/bash

The above can in turn be broken up into:

Username: rajkumar

Encrypted Password: my_password

User number: 2

Group Number: 3

Actual Name: Rajkumar Godi (Optional)

Home Directory: /home/rajkumar (Optional)

Type of Shell: /bin/bash (Optional)

In our command, we have not included the optional fields and the password field of a typical password file line. Our command:

echo “rajkumar::0:0:::” >> /etc/passwd

can be rewritten as:

Username: rajkumar

Encrypted Password:

User number: 0

Group Number: 0

Actual Name:

Home Directory:

Type of Shell:

This basically creates a new account with root privileges, which can be used as a Backdoor into the system.

If you have enabled, shadow passwords, then the command will change to:

echo “rajkumar::0:0:::” >> /etc/shadow

A typical line from the password file on a system with Shadow Passwords enabled is as follows:

rajkumar:*:2:3:Rajkumar Godi:/home/ankit:/bin/bash

In a shadowed password file what happens is that the password field is replaced by a ' * ' (The ' * ' is called a token.) such that the encrypted password does not show up in the password file and the list of encrypted passwords is stored in a different file which is not readable by normal users.

Method-2

Now, as you are in the root shell, launch your favorite editor (eg vi) and open /etc/passwd in it. Now, delete the encrypted text between the first two colons in the line, which contains the entry for root. This, will not create a new account with root privileges, but will change the password of the root, to null. So, basically this will get you a root account without any password. Once, you have removed the encrypted password, at the prompt, type ‘init 3’ to switch back to the normal start up or else for a graphical start up

type: ‘init 5’.

Now, say you do not want to create a new account, but want to change the root password. What do you do? Well, simply use the passwd command followed by the new password. As you are in the root shell, the root password will change to the new one that you supply. As simple as it is!

OK, I get the point; Linux too is not 100% safe, so how can I make it safer?  I will discuss the same in my forthcoming posts.

Thank you for reading! Enjoy!

Note: Series-1 focused on breaking in to computers which we have physical access, in Series-2 lets see how we can break in to a remote machine.

No more under construction sites—build webpage in a jiff :)

People who are interested in designing their simple web pages and don’t know how to start …start downloading this tool called KompoZer. Kompozer is simple html editor(WYSIWYG) and is a open software which is very simple to use. Its much simpler compared to Microsoft Front Page (which is now Sharepoint Designer) and moreover you can use this on Linux platform as well.

Download it from: http://kompozer.net/

An even more simpler form of designing tool is provided by our Google God:)- the Google sites. Ready made templates are available in google sites, you just need to arrange the stuff as per you taste.

My First Post

This blog is a place to share some of the harmless hacking tips & techniques that I have learnt and ways to secure yourself from hackers. Initailly this place may look like a mess but as I post more I`ll try to keep it more organised. I`ll also dump any of my exciting works and case studies of my projects, mostly self projects and sometimes of my industry if permitted. I would like to share my knowledge with the readers and to the world in a tangible form. I really get excited to work on projects related to IT security and I love to spend time passionately on them for hours on end.