Monthly Archives: September 2009

//September

Shrinking/Resizing ext3 Partitions

Shrinking or expanding an ext3 partition is easy but is not without it’s risks. Before starting, you NEED to take a backup of your data. There’s a strong possibility that it will all disappear and your filesystem will become permenantly broken, as with any disk or filesystem procedure. Please note: The steps below are the RAW STEPS required to resize your partition. This is a potentially dangerous procedure that could easily destroy/ruin/damage your partition, data, filesystem or other partitions on the same disk. DO NOT perform these steps on a live/production machine DO NOT perform these steps unless you have a full backup of your data/disk These steps are really for theoretical purposes only. They should work just fine, but tools such as gparted will do this for you. ns3:~# df -h Filesystem            Size  Used Avail Use% Mounted on /dev/sda1             9.4G  6.8G  2.2G  77% / tmpfs                 443M     0  443M   0% /lib/init/rw udev                   10M   92K   10M   1% /dev tmpfs                 443M     0  443M   0% /dev/shm /dev/sdb1              20G  9.8G  9.0G  52% /email In my example, I’m going to resize /dev/sdb1 which is my /email partition. /dev/sdb1 is a partition residing on device /dev/sdb ns3:~# df -h Filesystem            Size  Used Avail Use% Mounted on /dev/sda1             9.4G  6.8G  2.2G  77% / tmpfs                 443M     0  443M   0% /lib/init/rw udev                   10M   92K   10M   1% /dev tmpfs                 443M     0  443M   0% /dev/shm /dev/sdb1              20G  9.8G  9.0G  52% /email 217.10.156.195:/email 31G  3.5G   26G  12% /email/carolesobell.com ns3:~# […]

By | September 26th, 2009|Linux, Technology|0 Comments

Linux – Exim, Avenger and SpamAssassin Tips

Further to Exim, MySQL, Courier IMAP, Courier POP3 & Spamassassin – vdomain and vuser set up, I’ve recently been receiving an increasing amount of spam, and have finally decided to take some positive action. Previously, my account would get hit with about 100 to 150 per day, of which 2 or 3 might get through. Lately, this has quickly increased to about 700+ of which at least 20 to 30 have been getting through, and I’ve been doing nothing but clearing spam day and night for the past few weeks. It is, however, critital that I do not catch any genuine email – I would rather keep on the side of caution and be more generous than not. […]

By | September 17th, 2009|Linux, Technology|0 Comments

Linux Color Directory Listings

How to add color to ‘ls’? Adding color to your ls directory listings is easy enough, just use ls –color. You can set this behavior as the default with alias ls=’ls –color’ which I personally find quite useful. It plays well with PuTTY. The environment variable LS_COLORS dictates what colors are applied to what file types and file extensions. […]

By | September 15th, 2009|Linux, SH/BASH, Technology|0 Comments

Linux DHCP Server

DHCP is an acronym for Dynamic Host Configuration Protocol. It allows a host to broadcast a request for it’s IP settings. Hopefully, a DHCP server like the one we’ll be configuring will respond. Running tcpdump shows a dhcp request looks like: 17:26:02.003956 00:00:00:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request, length 300 Configuration is easy, to start with, just run ‘apt-get install dhcpd’ […]

By | September 15th, 2009|Linux, Technology|0 Comments

Security Consultant – Ports & Port Knocking

Port Knocking is a clever and interesting method of allowing remote firewall manipulation whilst leaving all ports closed to all IPs. When I attempt to initiate a TCP connection to a remote host I send a packet with a ‘SYN’ flag, indicating my intention, along with other information such as a source port, destination port, source IP and destination IP. The target machine has the option of responding by accepting, responding by rejecting, or simply ignoring the packet alltogether, known under iptables and most other firewalls as ACCEPT, REJECT or DROP. […]

By | September 10th, 2009|Security Consultant, Technology|3 Comments

Security Consultant – PHP Developer – SQL Injection Attacks

One of the most common form of attacks against web applications is SQL Injection. In the most part, the language that the web application is written in is irrelevant, be that PHP, ASP, Python, Perl, C, etc. As long as the back end database uses something SQL based, be that MySQL, MSSQL, etc, again, we’re in business. This probably covers over 99% of web applications out there. Both the security consultant and the php developer or web application developer in general has to be aware of the implications of SQL Injection. Here’s how it works: […]

By | September 6th, 2009|Development, MySQL, PHP, PHP, PHP Articles, Security Consultant, Technology|1 Comment

Security Consultant – PHP Developer – Exploiting Common PHP Code Flaws

There are a number of PHP and in fact programming errors in general that PHP Programmers and Security Consultants need to be aware of. Specifically, how can a malicious user use the code to gain access above what he is supposed to. Cross Site Scripting (XSS), Shell Execution and SQL Injection are all issues that programmers need to be aware of. Luckily, buffer overflows in their traditional sense are not something that PHP developers need to concern themselves with. Here in it’s most basic sense is an example of how we can read arbitrary files on the filesystem that we should not have access to. […]

By | September 4th, 2009|Development, PHP, PHP, PHP Articles, Security Consultant|0 Comments

Security Consultant – Basic NMAP Usage

nmap is one of the most useful tools for a security consultant in a penetration testing environment. It has a massive range of options, and only the most basic will be considered in this tutorial. It goes without saying, that nmap should only be run against IPs and ports that you yourself have gained authorization to test. Here goes: […]

By | September 2nd, 2009|Linux, Security Consultant|2 Comments