'PHP'에 해당되는 글 3건

  1. 2010.03.04 BASE 2010.3.3. Wed by CEOinIRVINE 1
  2. 2009.06.10 URL Encoding by CEOinIRVINE
  3. 2009.03.14 Hacking Quiz (too easy.. for beginners) by CEOinIRVINE

BASE 2010.3.3. Wed

Hacking 2010. 3. 4. 09:03

BASE is a graphical interface written in PHP used to display the logs generated by the Snort IDS and sent into the database. It stands for Basic Analysis and Security Engine.
You can find the BASE website here: http://base.secureideas.net/



1. DOWNLOAD BASE:

Download the latest version.

We now have to uncompress the files and put them in the correct folder:

#tar -xvf base-1.4.4.tar.gz
#mv /home/user/Desktop/base-1.4.4 /var/www/base/


2. CONFIGURE BASE:

We need ADOdb (Active Data Objects Data Base) for BASE. AdOdb is in fact a database abstraction library for PHP.
Informations about ADOdb can be found here: http://adodb.sourceforge.net/

Download "ADOdb for PHP": http://adodb.sourceforge.net/#download
Again we now have to uncompress the files and put them in the correct folder:

#tar -xvf adodb504.tgz
#mv /home/user/Desktop/adodb /var/www/base
There are two ways to configure BASE:
Either you use a wizard or you change the config file by yourself.

A) Using the wizard

#chown -R www-data /var/www/base/
The change above will be needed to let the web server user (www-data) write in the BASE directory. Open a web browser and select the BASE directory:
http://localhost/base

Here you are entering a wizard:

Step 0: Check if everything is okay to begin the wizard.

Tutorial setup BASE settings Basic Analysis Security Engine Snort

Step 1: Language and path to ADOdb: /var/www/base/adodb/ .

Tutorial setup BASE step 1  Basic Analysis Security Engine Snort

Step 2: MySQL settings.

Tutorial setup BASE step 2  Basic Analysis Security Engine Snort

Step 3: BASE authentification settings.

Tutorial setup BASE step 3  Basic Analysis Security Engine Snort

Step 4: Create the MySQL database and tables (click on Create BASE AG).

Tutorial setup BASE step 4  Basic Analysis Security Engine Snort

B) Change the config file

It's not mandatory to use the wizard, you can do everything manually.
The first thing to do is to set the file base_conf.php.dist.
Open base_config.php.dist in the BASE directory and change the lines as shown below.

$DBlib_path="./adodb";

$DBtype="mysql";

$alert_dbname = snort;
$alert_host = localhost;
$alert_port = "";
$alert_user = snortuser;
$alert_password = snortpassword;

$archive_dbname = snort;
$archive_host = localhost;
$archive_port = "";
$archive_user = snortuser;
$archive_password = snortpassword;
Then you must rename the file from base_conf.php.dist to base_conf.php

#mv /var/www/base/base_conf.php.dist /var/www/base/base_conf.php
Second thing to do is to import the BASE MySQL tables into the snort database:

# mysql -u root -p snort < /var/www/base/sql/create_base_tbls_mysql.sql


3. CONNECT TO BASE:

Just access the BASE web link:
http://localhost/base
You will be prompted for a new password for the admin user.



4. BASE GRAPHS:

First we have to install the graphics library php5-gd for handling graphics directly from PHP scripts.

# apt-get install php5-gd
Then restart the apache webserver:

# /etc/init.d/apache2 restart
Second thing to do is to download three php PEAR libraries.
PEAR stands for "PHP Extension and Application Repository".

To download and install the librairies easily, the best thing to do is to install the php-pear package:

# apt-get install php-pear
Then we have to install the following packages:
Image_Graph, Image_color and Image_Canvas.

#pear install --force Image_Color
#pear install --force Image_Canvas
#pear install --force Image_Graph
Since there are some dependencies, you need to install the scripts in the order above.
Now, you have access to the graphs ...

Here are two typical error messages:

1 - Php5-gd is not installed:

PHP ERROR: PHP build incomplete: the prerequisite GD support required to generate graphs was not build into PHP. Please recompile PHP with the necessary library (--with-gd).

BASE  Basic Analysis Security Engine Snort PHP ERROR: PHP build incomplete
2 - Php-pear and/or its extensions are not installed correctly:

Error loading the Graphing library:
Check your Pear::Image_Graph installation!
Image_Graph can be found here:at http://pear.veggerby.dk/. Without this library no graphing operations can be performed.


BASE  Basic Analysis Security Engine Snort Image_Graph can be found here:at http://pear.veggerby.dk/


5. BASE OPTIONAL SETTINGS:

To customize the BASE tool, edit /var/www/base/base_config.php

There are two useful settings to activate:

A/Enabling DNS resolution

$resolve_IP= 1;
B/ Enabling colored alerts
Strangely, it seems that when you use the wizard procedure, the lines concerning the colored alerts are lost.
So if you used the manual install procedure, just active the $colored_alerts variable, or (ie: you used the wizard procedure) copy the lines below in your base_config.php file.

/**
* This option is used to set if BASE will use colored results
* based on the priority of alerts
* 0 : no
* 1 : yes
*/
$colored_alerts = 1;

// Red, yellow, orange, gray, white, blue
$priority_colors = array ('FF0000','FFFF00','FF9900','999999','FFFFFF','006600');

'Hacking' 카테고리의 다른 글

Computer Security Consulting  (0) 2010.04.02
Update Snort  (0) 2010.03.04
Snort IDS Installation  (0) 2010.03.04
TMAC V5 R3 MAC CHANGE  (0) 2009.11.20
d3d9 coding  (0) 2009.11.05
Posted by CEOinIRVINE
l

URL Encoding

Hacking 2009. 6. 10. 14:47

HTML URL Encoding Reference

Previous Next

URL encoding converts characters into a format that can be safely transmitted over the Internet.


URL - Uniform Resource Locator

Web browsers request pages from web servers by using a URL.

The URL is the address of a web page like: http://www.w3schools.com.


URL Encoding

URLs can only be sent over the Internet using the ASCII character-set.

Since URLs often contains characters outside the ASCII set, the URL has to be converted. URL encoding converts the URL into a valid ASCII format.

URL encoding replaces unsafe ASCII characters with "%" followed by two hexadecimal digits corresponding to the character values in the ISO-8859-1 character-set.

URLs cannot contain spaces. URL encoding normally replaces a space with a + sign.


Try It Yourself

If you click the "Submit" button below, the browser will URL encode the input before it is sent to the server. A page at the server will display the received input.

 

Try some other input and click Submit again.


URL Encoding Functions

In JavaScript, PHP, and ASP there are functions that can be used to URL encode a string.

In JavaScript you can use the encodeURI() function. PHP has the rawurlencode() function and ASP has the Server.URLEncode() function.

Click the "URL Encode" button to see how the JavaScript function encodes the text.

 

Note: The JavaScript function encodes space as %20.


URL Encoding Reference

ASCII CharacterURL-encoding
space %20
! %21
" %22
# %23
$ %24
% %25
& %26
' %27
( %28
) %29
* %2A
+ %2B
, %2C
- %2D
. %2E
/ %2F
0 %30
1 %31
2 %32
3 %33
4 %34
5 %35
6 %36
7 %37
8 %38
9 %39
: %3A
; %3B
< %3C
= %3D
> %3E
? %3F
@ %40
A %41
B %42
C %43
D %44
E %45
F %46
G %47
H %48
I %49
J %4A
K %4B
L %4C
M %4D
N %4E
O %4F
P %50
Q %51
R %52
S %53
T %54
U %55
V %56
W %57
X %58
Y %59
Z %5A
[ %5B
\ %5C
] %5D
^ %5E
_ %5F
` %60
a %61
b %62
c %63
d %64
e %65
f %66
g %67
h %68
i %69
j %6A
k %6B
l %6C
m %6D
n %6E
o %6F
p %70
q %71
r %72
s %73
t %74
u %75
v %76
w %77
x %78
y %79
z %7A
{ %7B
| %7C
} %7D
~ %7E
  %7F
%80
  %81
%82
ƒ %83
%84
%85
%86
%87
ˆ %88
%89
Š %8A
%8B
Œ %8C
  %8D
Ž %8E
  %8F
  %90
%91
%92
%93
%94
%95
%96
%97
˜ %98
%99
š %9A
%9B
œ %9C
  %9D
ž %9E
Ÿ %9F
  %A0
¡ %A1
¢ %A2
£ %A3
  %A4
¥ %A5
| %A6
§ %A7
¨ %A8
© %A9
ª %AA
« %AB
¬ %AC
¯ %AD
® %AE
¯ %AF
° %B0
± %B1
² %B2
³ %B3
´ %B4
µ %B5
%B6
· %B7
¸ %B8
¹ %B9
º %BA
» %BB
¼ %BC
½ %BD
¾ %BE
¿ %BF
À %C0
Á %C1
 %C2
à %C3
Ä %C4
Å %C5
Æ %C6
Ç %C7
È %C8
É %C9
Ê %CA
Ë %CB
Ì %CC
Í %CD
Î %CE
Ï %CF
Ð %D0
Ñ %D1
Ò %D2
Ó %D3
Ô %D4
Õ %D5
Ö %D6
  %D7
Ø %D8
Ù %D9
Ú %DA
Û %DB
Ü %DC
Ý %DD
Þ %DE
ß %DF
à %E0
á %E1
â %E2
ã %E3
ä %E4
å %E5
æ %E6
ç %E7
è %E8
é %E9
ê %EA
ë %EB
ì %EC
í %ED
î %EE
ï %EF
ð %F0
ñ %F1
ò %F2
ó %F3
ô %F4
õ %F5
ö %F6
÷ %F7
ø %F8
ù %F9
ú %FA
û %FB
ü %FC
ý %FD
þ %FE
ÿ %FF


URL Encoding Reference

The ASCII device control characters %00-%1f were originally designed to control hardware devices. Control characters have nothing to do inside a URL.

ASCII CharacterDescriptionURL-encoding
NUL null character %00
SOH start of header %01
STX start of text %02
ETX end of text %03
EOT end of transmission %04
ENQ enquiry %05
ACK acknowledge %06
BEL bell (ring) %07
BS backspace %08
HT horizontal tab %09
LF line feed %0A
VT vertical tab %0B
FF form feed %0C
CR carriage return %0D
SO shift out %0E
SI shift in %0F
DLE data link escape %10
DC1 device control 1 %11
DC2 device control 2 %12
DC3 device control 3 %13
DC4 device control 4 %14
NAK negative acknowledge %15
SYN synchronize %16
ETB end transmission block %17
CAN cancel %18
EM end of medium %19
SUB substitute %1A
ESC escape %1B
FS file separator %1C
GS group separator %1D
RS record separator %1E
US unit separator %1F

'Hacking' 카테고리의 다른 글

SQL Vulnerability Leaves Passwords In The Clear, Researchers Say  (0) 2009.09.04
Penetration Testing Service  (0) 2009.09.04
Hacking with Javascript 2005.FEB.  (0) 2009.06.09
How to find Addresses in Gunz  (0) 2009.06.09
Lolhackerstic.dll (godmode)  (0) 2009.06.09
Posted by CEOinIRVINE
l
http://yangws13.myfeelclub.com/webhacking_game/quest3/index.htm


답:?

 <script language="VBscript">
 dim agesub button_onclick
 if form1.id.value = "Yangws13" then   
 if form1.pw.value = "MyNameisY.w.sImHacker" then      
 msgbox "%uAD00%uB9AC%uC790%uB2D8 %uD658%uC601%uD569%uB2C8%uB2E4.",
 vbinformation, "%uC131%uACF5"        
 age=form1.birth.value 
 if age=<80000 then  
 msgbox "%uD3EC%uD2B8(Port) %uAC00 %uC77C%uCE58%uD558%uC9C0%uC54A%uC2B5%uB2C8%uB2E4.",
 vbinformation, "%uC811%uC18D%uCC28%uB2E8"   
 location.href="from_no.htm"  
 exit sub 
 else  
 location.href="from_ok_areyou_wins.html" 
end if   
else     
 msgbox "%uB85C%uADF8%uC778%uC744 %uC2E4%uD328 %uD558%uC600%uC2B5%uB2C8%uB2E4.", vbcritical, "%uC2E4%uD328"   
end if  
else   
 msgbox "%uB85C%uADF8%uC778%uC744 %uC2E4%uD328 %uD558%uC600%uC2B5%uB2C8%uB2E4.", vbcritical, "%uC2E4%uD328"
end if
end sub
</script>

Posted by CEOinIRVINE
l