BASE is a graphical interface written in PHP used to display the logs generated by the Snort IDS and sent into the database. It stands for Basic Analysis and Security Engine.
You can find the BASE website here: http://base.secureideas.net/

---

1. DOWNLOAD BASE:

Download the latest version.

We now have to uncompress the files and put them in the correct folder:

#tar -xvf base-1.4.4.tar.gz #mv /home/user/Desktop/base-1.4.4 /var/www/base/

---

2. CONFIGURE BASE:

We need ADOdb (Active Data Objects Data Base) for BASE. AdOdb is in fact a database abstraction library for PHP.
Informations about ADOdb can be found here: http://adodb.sourceforge.net/

Download "ADOdb for PHP": http://adodb.sourceforge.net/#download
Again we now have to uncompress the files and put them in the correct folder:

#tar -xvf adodb504.tgz #mv /home/user/Desktop/adodb /var/www/base

There are two ways to configure BASE:
Either you use a wizard or you change the config file by yourself.

A) Using the wizard

#chown -R www-data /var/www/base/

The change above will be needed to let the web server user (www-data) write in the BASE directory. Open a web browser and select the BASE directory:
http://localhost/base

Here you are entering a wizard:

Step 0: Check if everything is okay to begin the wizard.


Step 1: Language and path to ADOdb: /var/www/base/adodb/ .


Step 2: MySQL settings.


Step 3: BASE authentification settings.


Step 4: Create the MySQL database and tables (click on Create BASE AG).


B) Change the config file

It's not mandatory to use the wizard, you can do everything manually.
The first thing to do is to set the file base_conf.php.dist.
Open base_config.php.dist in the BASE directory and change the lines as shown below.

$DBlib_path="./adodb"; $DBtype="mysql"; $alert_dbname = snort; $alert_host = localhost; $alert_port = ""; $alert_user = snortuser; $alert_password = snortpassword; $archive_dbname = snort; $archive_host = localhost; $archive_port = ""; $archive_user = snortuser; $archive_password = snortpassword;

Then you must rename the file from base_conf.php.dist to base_conf.php

#mv /var/www/base/base_conf.php.dist /var/www/base/base_conf.php

Second thing to do is to import the BASE MySQL tables into the snort database:

# mysql -u root -p snort < /var/www/base/sql/create_base_tbls_mysql.sql

---

3. CONNECT TO BASE:

Just access the BASE web link:
http://localhost/base
You will be prompted for a new password for the admin user.

---

4. BASE GRAPHS:

First we have to install the graphics library php5-gd for handling graphics directly from PHP scripts.

# apt-get install php5-gd

Then restart the apache webserver:

# /etc/init.d/apache2 restart

Second thing to do is to download three php PEAR libraries.
PEAR stands for "PHP Extension and Application Repository".

To download and install the librairies easily, the best thing to do is to install the php-pear package:

# apt-get install php-pear

Then we have to install the following packages:
Image_Graph, Image_color and Image_Canvas.

#pear install --force Image_Color #pear install --force Image_Canvas #pear install --force Image_Graph

Since there are some dependencies, you need to install the scripts in the order above.
Now, you have access to the graphs ...

Here are two typical error messages:

1 - Php5-gd is not installed:

PHP ERROR: PHP build incomplete: the prerequisite GD support required to generate graphs was not build into PHP. Please recompile PHP with the necessary library (--with-gd).

2 - Php-pear and/or its extensions are not installed correctly:

Error loading the Graphing library:
Check your Pear::Image_Graph installation!
Image_Graph can be found here:at http://pear.veggerby.dk/. Without this library no graphing operations can be performed.

---

5. BASE OPTIONAL SETTINGS:

To customize the BASE tool, edit /var/www/base/base_config.php

There are two useful settings to activate:

A/Enabling DNS resolution

$resolve_IP= 1;

B/ Enabling colored alerts
Strangely, it seems that when you use the wizard procedure, the lines concerning the colored alerts are lost.
So if you used the manual install procedure, just active the $colored_alerts variable, or (ie: you used the wizard procedure) copy the lines below in your base_config.php file.

/** * This option is used to set if BASE will use colored results * based on the priority of alerts * 0 : no * 1 : yes */ $colored_alerts = 1; // Red, yellow, orange, gray, white, blue $priority_colors = array ('FF0000','FFFF00','FF9900','999999','FFFFFF','006600');

http://yangws13.myfeelclub.com/webhacking_game/quest3/index.htm


답:?

<script language="VBscript">  dim agesub button_onclick  if form1.id.value = "Yangws13" then     if form1.pw.value = "MyNameisY.w.sImHacker" then        msgbox "%uAD00%uB9AC%uC790%uB2D8 %uD658%uC601%uD569%uB2C8%uB2E4.",  vbinformation, "%uC131%uACF5"          age=form1.birth.value   if age=<80000 then    msgbox "%uD3EC%uD2B8(Port) %uAC00 %uC77C%uCE58%uD558%uC9C0%uC54A%uC2B5%uB2C8%uB2E4.",  vbinformation, "%uC811%uC18D%uCC28%uB2E8"     location.href="from_no.htm"    exit sub   else    location.href="from_ok_areyou_wins.html"  end if    else       msgbox "%uB85C%uADF8%uC778%uC744 %uC2E4%uD328 %uD558%uC600%uC2B5%uB2C8%uB2E4.", vbcritical, "%uC2E4%uD328"    end if   else     msgbox "%uB85C%uADF8%uC778%uC744 %uC2E4%uD328 %uD558%uC600%uC2B5%uB2C8%uB2E4.", vbcritical, "%uC2E4%uD328" end if end sub </script>