Practical Web Defense Course VIDEO-LAB XML-RPC LAB 1 WEB SERVICES MODULE 11
|
|
- Alexandra Chase
- 6 years ago
- Views:
Transcription
1 Practical Web Defense Course VIDEO-LAB XML-RPC LAB 1 WEB SERVICES MODULE 11
2 1. LAB You need to secure the following XML-RPC web service from the vulnerabilities explained in the Web Services module: INSTALL #echo " example.com" >> /etc/hosts # Set example.com to localhost (if you didn't before) grep example.com /etc/hosts mkdir -p /var/www/web_services/xml_rpc # Prepare the expected directory for the example cd /var/www/web_services/xml_rpc # Install dependencies in the right directory curl -s php./composer.phar require zendframework/zend-xmlrpc:2.2.4 WEB SERVER TO SECURE: PING_SERVER.PHP <?php require "vendor/autoload.php"; //Composer sorts out the Zend Framework dependencies for us class Pinger { //dummy class to ping a host //IMPORTANT: Zend Framework follows type-hinting in PHP comments for XML-RPC //For a full list of XML-RPC data types please see: /** * Pings a $host using $num_packets and returns the command result * string $host string $num_packets string */ public function Ping($host, $num_packets) { $command = "ping -c". $num_packets. " ". $host; $delimiter = "\n". str_repeat('-', 50). "\n"; return $delimiter. implode($delimiter, array("command:", $command, "Returned:", shell_exec($command))); } } //Instantiates the Zend Framework XML-RPC server $server = new Zend\XmlRpc\Server(); 1
3 //Maps our vulnerable Pinger class to handle XML-RPC requests $server -> setclass('pinger', 'Pinger'); //Returns the response for each XML-RPC request echo $server -> handle(); 2. GOALS Identify the functionality of the web service Create a web service client Identify security vulnerabilities in the current web service Develop exploits for the vulnerabilities found Fix the vulnerabilities found Verify that the exploits no longer work 3. WHAT YOU WILL LEARN How to enumerate functionality in an XML-RPC web service How to create an XML-RPC web service client How to identify and exploit vulnerabilities How to fix vulnerabilities in XML-RPC web services 4. RECOMMENDED TOOLS curl Wireshark ZAP 2
4 5. TASKS Task 1. Identify exposed methods in the XML-RPC web service Task 2. Identify how to call each exposed method in the web service Task 3. Create a web service client. Now that you know how to call the XML-RPC web service, you can create your own client. Task 4. Identify vulnerabilities in the web service Task 5. Demonstrate each vulnerability with a PoC exploit. Keep these exploits handy to verify the fixes later. Task 6. Fix security vulnerabilities Task 7. Verify security fixes: Do the exploits still work? Are there new vulnerabilities? Does the previous functionality still work? EXTRA MILE Identify and disable the fix, then exploit the Zend XXE patch 3
5 SOLUTIONS IMPORTANT This is a video-lab, the solutions are explained in more detail on the video itself. 4
6 IDENTIFY EXPOSED METHODS IN THE XML-RPC WEB SERVICE Triggering XML-RPC errors: curl -x :8080 ' --data '' vi curl -x :8080 ' vi - Listing available methods curl -x : data '<methodcall><methodname>system.listmethods</methodname><params></params></methodcall>' vi - Learning what a method is for: system.methodhelp curl -x : data '<?xml version="1.0" encoding="utf- 8"?><methodCall><methodName>system.methodHelp</methodName><params><param><value><string >Pinger.Ping</string></value></param></params></methodCall>' vi - Learning how to call a method: system.methodsignature curl -x : data '<?xml version="1.0" encoding="utf- 8"?><methodCall><methodName>system.methodSignature</methodName><params><param><value><s tring>pinger.ping</string></value></param></params></methodcall>' vi -.TO BE CONTINUED 5
XML-RPC Server. Porting. List of currently implemented methods. DomotiGa - XML-RPC - # 40
DomotiGa - XML-RPC - # 40 XML-RPC Server DomotiGa has a minimal XML-RPC server included. The implemented methods are described below. They are used by various web clients, and the DomotiGa GUI in client
More informationPRACTICAL WEB DEFENSE VERSION 1
PRACTICAL WEB DEFENSE VERSION 1 The most practical and comprehensive training course on web application defense elearnsecurity has been chosen by students in over 140 countries in the world and by leading
More informationDrupal Drivers Documentation
Drupal Drivers Documentation Release 1.0 Jonathan Hedstrom September 03, 2015 Contents 1 Installation 3 2 Comparison of Drivers 5 3 Usage 7 3.1 Drupal API driver............................................
More informationLAMP Stack with VirtualHosts On Centos 6.x
LAMP Stack with VirtualHosts On Centos 6.x This article illustrates how to install the Apache Mysql PHP Stack on Centos 6.x. Additionally, with this configuration, you can serve Multiple Domains using
More informationbash Scripting Introduction COMP2101 Winter 2019
bash Scripting Introduction COMP2101 Winter 2019 Command Lists A command list is a list of one or more commands on a single command line in bash Putting more than one command on a line requires placement
More informationPhp Scripts If Then Else Linux Bash Shell
Php Scripts If Then Else Linux Bash Shell I am using awk as part of and if then else statement. KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and shell scripts and shell scripting languages here. I just wrote
More informationAPIs and API Design with Python
APIs and API Design with Python Lecture and Lab 5 Day Course Course Overview Application Programming Interfaces (APIs) have become increasingly important as they provide developers with connectivity to
More informationMagister 6 API Documentation
Magister 6 API Documentation Release 2.0 magister-api November 15, 2017 Contents 1 User Guide 3 1.1 Installation................................................ 3 1.1.1 Server Requirements......................................
More informationContent index. Request and Response Request types Errors Error codeṣ Response types DH Api Documentation
Content index DH Api Documentation Request and Response... 12 Request types... 13 Xmlrpc... 13 Jsonrpc... 13 Simplẹ... 13 Response types... 14 Xmlrpc... 14 Jsonrpc... 14 Tesṭ... 14 Simplẹ... 14 Debug...
More informationWEB VULNERABILITIES. Network Security Report Mohamed Nabil
WEB VULNERABILITIES Network Security Report Mohamed Nabil - 2104 1 Web vulnerabilities Contents Introduction... 2 Types of web vulnerabilities... 2 Remote code execution... 2 Exploiting register_globals
More informationSetting Up OpenIMS Core for Your Network
Setting Up OpenIMS Core for Your Network Note: This Document will help you in setting up OpenIMSCore for your network. On top of which you can add an application server and setup your IMS application.
More informationMagister 6 API Documentation
Magister 6 API Documentation Release 2.0 magister-api September 22, 2018 Contents 1 User Guide 3 1.1 Installation................................................ 3 1.1.1 Server Requirements......................................
More informationLinux Systems Administration Getting Started with Linux
Linux Systems Administration Getting Started with Linux Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International
More informationAn Introduction to Puppet Enterprise
An Introduction to Puppet Enterprise Exercise & Lab Guide Puppet Education www.puppetlabs.com/education 2013 Puppet Labs 2013 Puppet Labs Lab 3.1: Pre-installation Objective: Assign a hostname to your
More informationPaypal XXE Sean https://www.linkedin.com/in/meliasean https://www.hackerone.com/meals
Paypal XXE Sean Melia @seanmeals https://www.linkedin.com/in/meliasean https://www.hackerone.com/meals Introduction I was able to find three XML External Entity (XXE) attacks on PayPal s externally facing
More informationfind starting-directory -name filename -user username
Lab 7: Input and Output The goal of this lab is to gain proficiency in using I/O redirection to perform tasks on the system. You will combine commands you have learned in this course using shell redirection,
More informationUsing XML-RPC in Secure Database Administration on the Web
Using XML-RPC in Secure Database Administration on the Web Silvana Solomon Department of Digital Communications University Al.I.Cuza of Iasi, Romania Catalin Varvara RoeduNet, Iasi, Romania Remote Procedure
More informationPractical 02. Bash & shell scripting
Practical 02 Bash & shell scripting 1 imac lab login: maclab password: 10khem 1.use the Finder to visually browse the file system (single click opens) 2.find the /Applications folder 3.open the Utilities
More informationUsing PHP to Plot PART I Updated: 10/1/17
Using PHP to Plot PART I Updated: 10/1/17 A. Objectives Learn about Dynamic URL Request Learn about curl and HTTP Request Methods How to access and FTP server automatically How to use sshpass and scp Understanding
More informationNetwork softwarization Lab session 2: OS Virtualization Networking
Network softwarization Lab session 2: OS Virtualization Networking Nicolas Herbaut David Bourasseau Daniel Negru December 16, 2015 1 Introduction 1.1 Discovering docker 1.1.1 Installation Please launch
More informationLab 4: ICMP Pinger Lab
Lab 4: ICMP Pinger Lab In this lab, you will gain a better understanding of Internet Control Message Protocol (ICMP). You will learn to implement a Ping application using ICMP request and reply messages.
More informationWeb Attacks Lab. 35 Points Group Lab Due Date: Lesson 16
CS482 SQL and XSS Attack Lab AY172 1 Web Attacks Lab 35 Points Group Lab Due Date: Lesson 16 Derived from c 2006-2014 Wenliang Du, Syracuse University. Do not redistribute with explicit consent from MAJ
More informationCache Warmer How to install the extension. How to upgrade extension. Disabling the Extension
Cache Warmer 1.0.48 How to install the extension 1. Backup your store's database and web directory. 2. Login to the SSH console of your server and navigate to the root directory of the Magento 2 store.
More informationCS160A EXERCISES-FILTERS2 Boyd
Exercises-Filters2 In this exercise we will practice with the Unix filters cut, and tr. We will also practice using paste, even though, strictly speaking, it is not a filter. In addition, we will expand
More informationbash Tests and Looping Administrative Shell Scripting COMP2101 Fall 2017
bash Tests and Looping Administrative Shell Scripting COMP2101 Fall 2017 Command Lists A command is a sequence of commands separated by the operators ; & && and ; is used to simply execute commands in
More informationJohn the Ripper on a Ubuntu MPI Cluster
John the Ripper on a Ubuntu 10.04 MPI Cluster Pétur Ingi Egilsson petur [at] petur [.] eu 1 Table of Contents Foreword...3 History...3 Requirements...3 Configuring the Server...3 Requirements...3 Required
More informationIntroduction To. Barry Grant
Introduction To Barry Grant bjgrant@umich.edu http://thegrantlab.org Working with Unix How do we actually use Unix? Inspecting text files less - visualize a text file: use arrow keys page down/page up
More informationFull Stack Web Framework with BBG
Full Stack Web Framework with BBG *** This guide will be for mac/linux (All commands will be UNIX). Try Windows at your own risk. Intro to Meteor 1 Why Meteor 1 Installation 1 Mac 1 Creating Your First
More informationIntroduction to the UNIX command line
Introduction to the UNIX command line Steven Abreu Introduction to Computer Science (ICS) Tutorial Jacobs University s.abreu@jacobs-university.de September 19, 2017 Overview What is UNIX? UNIX Shell Commands
More informationThis lab exercise is to be submitted at the end of the lab session! passwd [That is the command to change your current password to a new one]
Data and Computer Security (CMPD414) Lab II Topics: secure login, moving into HOME-directory, navigation on Unix, basic commands for vi, Message Digest This lab exercise is to be submitted at the end of
More informationLab Working with Linux Command Line
Introduction In this lab, you will use the Linux command line to manage files and folders and perform some basic administrative tasks. Recommended Equipment A computer with a Linux OS, either installed
More informationSecurity. https://outflux.net/slides/2015/osu-devops.pdf. DevOps Bootcamp, OSU, Feb 2015 Kees Cook (pronounced Case )
https://outflux.net/slides/2015/osu-devops.pdf, Feb 2015 Kees Cook (pronounced Case ) Who is this guy? Fun: DefCon CTF team won in 2006 & 2007 Debian Ubuntu Jobs: OSDL (proto Linux Foundation)
More informationmacos High Sierra Apache Setup: Multiple PHP Versions First part in a multi-part blog series for Mac developers
macos 10.13 High Sierra Apache Setup: Multiple PHP Versions First part in a multi-part blog series for Mac developers Andy Miller posted on 10/22/2017 in macos + sierra + apache + homebrew + php 14 mins
More informationIntroduction to Linux. Woo-Yeong Jeong Computer Systems Laboratory Sungkyunkwan University
Introduction to Linux Woo-Yeong Jeong (wooyeong@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu What is Linux? A Unix-like operating system of a computer What is an
More informationOracle WebLogic Server (WLS) 11gR1 ( and ) Installation on Oracle Linux 5 and 6
1 of 11 8/25/2016 11:19 AM Back to normal view: https://oracle-base.com/articles/11g/oracle-weblogic-server-11gr1-1036-installation-on-oracle-linux-5-and-6-11gr1 Oracle WebLogic Server (WLS) 11gR1 (10.3.5
More informationA detailed analysis of files downloaded by the min.sh script
A detailed analysis of files downloaded by the min.sh script The script downloads two archives. Once extracted, there will be two directories: ".bin" is for Monero cryptocurrency-mining set of files, and
More informationBy Lucas Marshall. All materials Copyright Developer Shed, Inc. except where otherwise noted.
By Lucas Marshall All materials Copyright 1997 2002 Developer Shed, Inc. except where otherwise noted. Using XML RPC with PHP Table of Contents Introduction...1 Compiling PHP with XML RPC Support...2 Dissection
More informationThe input can also be taken from a file and similarly the output can be redirected to another file.
Filter A filter is defined as a special program, which takes input from standard input device and sends output to standard output device. The input can also be taken from a file and similarly the output
More informationioncube Loader 6.0 User Guide
ioncube Loader 6.0 User Guide This document describes the available php.ini configuration options of the ioncube Loader that relate to processing of PHP encoded files, and also the ioncube24 service. It
More informationSet 1 MCQ Which command is used to sort the lines of data in a file in reverse order A) sort B) sh C) st D) sort -r
1. Which symbol will be used with grep command to match the pattern pat at the beginning of a line? A) ^pat B) $pat C) pat$ D) pat^ 2. Which command is used to sort the lines of data in a file in reverse
More informationICT PHP Coding Standards
esolutions ICT Volume 3 : Application Standards ICT 3.2.1.1-2014 PHP Coding Standards Abstract This document defines the standards applicable to PHP coding. Copyright Deakin University All rights reserved.
More informationWeb Application Firewall (WAF) Evasion Techniques #2
themiddle Follow Security Researcher Jan 3 9 min read Web Application Firewall (WAF) Evasion Techniques #2 String concatenation in a Remote Command Execution payload makes you able to bypass rewall rules
More informationLab #8: Introduction to UNIX and GMT
Geol 335.3 1 Lab #8: Introduction to UNIX and GMT In this lab, you ll familiarize yourself with some of the leading components of scientific computing: UNIX operating system, and a free, open-source, GIS/plotting
More informationApart from mounting miscellaneous data sources, the other two goals of libferris are metadata handling and filesystem
Syncing a libferris filesystem with an XML file or database SYNCING IT micjan, photocase.com With libferris, FUSE, and rsync, you can synchronize a filesystem with a dissimilar data source. BY BEN MARTIN
More informationUsing CVS to Manage Source RTL
Using CVS to Manage Source RTL 6.375 Tutorial 2 February 1, 2008 In this tutorial you will gain experience using the Concurrent Versions System (CVS) to manage your source RTL. You will be using CVS to
More informationBeginning PHP. and MySQL. Fourth Edition. From Novice to Professional. W. Jason Gilmore. mmm
Beginning PHP and MySQL From Novice to Professional Fourth Edition mmm W. Jason Gilmore Contents * About the Author xxix * About the Technical Reviewer xxx a Acknowledgments Introduction xxxi xxxii Chapter
More informationSecurity Guide. Configuration of Permissions
Guide Configuration of Permissions 1 Content... 2 2 Concepts of the Report Permissions... 3 2.1 Security Mechanisms... 3 2.1.1 Report Locations... 3 2.1.2 Report Permissions... 3 2.2 System Requirements...
More informationADVANCED LINUX SYSTEM ADMINISTRATION
Lab Assignment 1 Corresponding to Topic 2, The Command Line L1 Main goals To get used to the command line. To gain basic skills with the system shell. To understand some of the basic tools of system administration.
More informationHotfix 913CDD03 Visual Data Explorer and SAS Web OLAP Viewer for Java
Hotfix 913CDD03 Visual Data Explorer and SAS Web OLAP Viewer for Java BEFORE DOWNLOADING: The hot fix 913CDD03 addresses issue(s) in 9.1.3 of Component Design and Development Components on Windows as documented
More informationApache Solr PHP Integration
Apache Solr PHP Integration Jayant Kumar Chapter No. 1 "Installing and Integrating Solr and PHP" In this package, you will find: A Biography of the author of the book A preview chapter from the book, Chapter
More informationPlease choose the best answer. More than one answer might be true, but choose the one that is best.
Introduction to Linux and Unix - endterm Please choose the best answer. More than one answer might be true, but choose the one that is best. SYSTEM STARTUP 1. A hard disk master boot record is located:
More informationLab 1: Introduction to Linux Networking
CMPE 150: Introduction to Computer Networks Fall 2011 http://courses.soe.ucsc.edu/courses/cmpe150/fall11/01/ Lab 1: Introduction to Linux Networking Materials: Please bring a USB drive to each lab section.
More informationhttps://tale.sh/mlin17
First Steps to Building Secure Magento Extensions https://tale.sh/mlin17 Page 1 Talesh Seeparsan CTO Bit79 Page 2 There is no such thing as an unhackable site You just need to be able to run faster than
More informationBCS Level 3 Award in Coding and Logic Syllabus QAN 603/0523/X
Making IT good for society BCS Level 3 Award in Coding and Logic Syllabus QAN 603/0523/X Version 3.1 September 2017 This is a United Kingdom government regulated qualification which is administered and
More informationIntroduction to Linux
Introduction to Linux Prof. Jin-Soo Kim( jinsookim@skku.edu) TA - Dong-Yun Lee (dylee@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu What is Linux? A Unix-like operating
More informationInstagram PHP Documentation
Instagram PHP Documentation Release 0.1.0 Marvin Osswald Feb 12, 2018 Contents 1 Overview 3 1.1 Requirements............................................... 3 1.2 Installation................................................
More informationInstall Apache, PHP And MySQL On CentOS 7 (LAMP)
Install Apache, PHP And MySQL On CentOS 7 (LAMP) Version 1.0 Authors: Till Brehm , Falko Timme Updates: Srijan Kishore Follow Howtoforge
More informationCS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
More informationAssignment 1. Due date February 6, 2007 at 11pm. It must be submitted using submit command.
Assignment 1 Due date February 6, 2007 at 11pm. It must be submitted using submit command. Note: submit 4213 a1 . Read the manpages ("man submit") for more details on the submit command. It is
More informationWeek Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development
Weekly Tasks Week 5 Rich Macfarlane 2013 Week Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development Aim: The aim of these labs are to further investigate the Snort, network IDS, and methods
More informationbash Tests and Looping Administrative Shell Scripting COMP2101 Fall 2017
bash Tests and Looping Administrative Shell Scripting COMP2101 Fall 2017 Command Lists A command is a sequence of commands separated by the operators ; & && and ; is used to simply execute commands in
More informationAssuming you have Icinga 2 installed properly, and the API is not enabled, the commands will guide you through the basics:
Icinga 2 Contents This page references the GroundWork Cloud Hub and the Icinga 2 virtualization environment. 1.0 Prerequisites 1.1 Enable the API The Icinga 2 system you run needs to have the API feature
More informationBIOINFORMATICS POST-DIPLOMA PROGRAM SUBJECT OUTLINE Subject Title: OPERATING SYSTEMS AND PROJECT MANAGEMENT Subject Code: BIF713 Subject Description:
BIOINFORMATICS POST-DIPLOMA PROGRAM SUBJECT OUTLINE Subject Title: OPERATING SYSTEMS AND PROJECT MANAGEMENT Subject Code: BIF713 Subject Description: This course provides Bioinformatics students with the
More informationContainers: Exploits, Surprises, And Security
Containers: Exploits, Surprises, And Security with Elissa Shevinsky COO at SoHo Token Labs Editor of Lean Out #RVASec @ElissaBeth on twitter @Elissa_is_offmessage on Instagram this was Silicon Valley in
More informationUsing DNS Service for Amplification Attack
Using DNS Service for Amplification Attack Outline Use DNS service to achieve load balancing for a server cluster Carry out an amplification attack by taking advantage of DNS service Enforce firewall rules
More informationRESTful SCA with Apache Tuscany
RESTful SCA with Apache Tuscany Luciano Resende lresende@apache.org http://lresende.blogspot.com Jean-Sebastien Delfino jsdelfino@apache.org http://jsdelfino.blogspot.com 1 Agenda IBM Software Group What
More informationUSER MANUAL DELIVERY DATE SCHEDULER TABLE OF CONTENTS. Version: 1.0.0
USER MANUAL TABLE OF CONTENTS Introduction...1 Benefits of Delivery Date Scheduler...1 Installation & Activation...2 Installation Steps...2 Installation via Composer...4 Installation (Custom theme)...6
More informationExercises. Notes: Exercise 1. Install the Cacti Plugin Architecture (Cacti PA)
AfNOG 2010 Network Management Tutorial Cacti Additional Exercises: - Plugin Architecture - Settings Plugin o Email to Request Tracker - Installing and Configuring the thold Plugin - CDEFs (Control DEFinitions)
More informationNEST Kali Linux Tutorial: Burp Suite
NEST Kali Linux Tutorial: Burp Suite Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
More informationioncube Loader 10 User Guide
ioncube Loader 10 User Guide This document describes the available php.ini configuration options of the ioncube Loader that relate to processing of PHP encoded files, and also the ioncube24 service. It
More informationWhat is Bash Shell Scripting?
What is Bash Shell Scripting? A shell script is a script written for the shell, or command line interpreter, of an operating system. The shell is often considered a simple domain-specic programming language.
More informationTivoli Netcool Support's Guide to the Message Bus Integration by Jim Hutchinson Document release: 3.0
Tivoli Netcool Support's Guide to the Message Bus Integration by Jim Hutchinson Document release: 3.0 Table of Contents 1Introduction...3 1.1Overview...3 1.2Requirements...3 2Apache ActiveMQ...4 2.1Downloading
More informationManual Shell Script Linux If Not Equal String Comparison
Manual Shell Script Linux If Not Equal String Comparison From the Linux ping manual: If mkdir d failed, and returned a non-0 exit code, Bash will skip the next command, and we will stay in the current
More informationA1 (Part 1): Injection Command and Code injection
A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application into executing commands or code embedded in data Data and code mixing! Often injected into interpreters SQL, PHP,
More informationLecture 12: Shell Scripting, SSH, Super-Computing. LING 1340/2340: Data Science for Linguists Na-Rae Han
Lecture 12: Shell Scripting, SSH, Super-Computing LING 1340/2340: Data Science for Linguists Na-Rae Han Objectives Batch processing through for loop Shell scripting Server access through SSH Pitt's timeshare
More informationZend Zend PHP 5.
Zend 200-500 Zend PHP 5 http://killexams.com/exam-detail/200-500 D. krsort() E. Array_multisort () Question: 206 In the following code, which class can be instantiated? 1
More information2. UDP Client, UDP Server
2. UDP Client, UDP Server VI Case study on designing network topology A case study to design and configure any organization network eg. College network or campus network, using any packet tracer or network
More informationApplication Deployment With Zend Server 5.5 Beta
Application Deployment With 5.5 Beta Kevin Schroeder Technology Evangelist Zend Technologies About Kevin Past: Programming/Sys Admin Current: Technology Evangelist/Author/Composer @kpschrade Follow us!
More informationCreating an Online Catalogue Search for CD Collection with AJAX, XML, and PHP Using a Relational Database Server on WAMP/LAMP Server
CIS408 Project 5 SS Chung Creating an Online Catalogue Search for CD Collection with AJAX, XML, and PHP Using a Relational Database Server on WAMP/LAMP Server The catalogue of CD Collection has millions
More informationCS 307: UNIX PROGRAMMING ENVIRONMENT KATAS FOR EXAM 2
CS 307: UNIX PROGRAMMING ENVIRONMENT KATAS FOR EXAM 2 Prof. Michael J. Reale Fall 2014 COMMAND KATA 7: VARIABLES Command Kata 7: Preparation First, go to ~/cs307 cd ~/cs307 Make directory dkata7 and go
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationSELinux Workshop Redux Jamie Duncan, Red Hat RVaLUG 19 April 2014
SELinux Workshop Redux Jamie Duncan, Red Hat RVaLUG 19 April 2014 Introduction The expectation is that you will either have a virtual machine to use, or that you will revert any changes made to your machine
More informationLab 6: OWASP, Backdoors and Web Discovery
Lab 6: OWASP, Backdoors and Web Discovery Aim The first aim of this lab is to use Metasploit modules to exploit backdoor vulnerabilities on Metasploitable VM and get a shell. The second aim of this lab
More informationSecurity Research Advisory ToutVirtual VirtualIQ Pro Multiple Vulnerabilities
Security Research Advisory ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Table of Contents SUMMARY 3 REMOTE COMMAND EXECUTION 4 VULNERABILITY DETAILS 4 TECHNICAL DETAILS 4 INFORMATION LEAKAGE 5 VULNERABILITY
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationHow To Configure Web Access To Subversion Repositories Using Apache
By Edwin Cruz Published: 2007-03-12 17:47 How To Configure Web Access To Subversion Repositories Using Apache This how to is going to describe the steps to get the mod_dav_svn module to work on an Apache
More informationOpen up a terminal, make sure you are in your home directory, and run the command.
More Linux Commands 0.1 wc The Linux command for acquiring size statistics on a file is wc. This command can provide information from line count, to bytes in a file. Open up a terminal, make sure you are
More informationCSC 564: SQL Injection Attack Programming Project
1 CSC 564: SQL Injection Attack Programming Project Sections copyright 2006-2016 Wenliang Du, Syracuse University. Portions of this document were partially funded by the National Science Foundation under
More informationBldr.io Documentation
Bldr.io Documentation Release 0.0.2 Aaron Scherer February 10, 2017 Contents 1 Content 5 1.1 Installation................................................ 5 1.2 Usage...................................................
More informationInternet infrastructure
Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 04/03/2014 1 Topic Vulnerability and patch management (c) A. Mariën 04/03/2014 2 Requirements Security principle: Everything can and will
More informationSearching for a contact in the Directory
Searching for a contact in the Directory You may want to search for someone in the Directory to view their contact details or to add them to your personal contacts To search for a contact in the Directory:
More informationUnix for Poets (in 2016) Christopher Manning Stanford University Linguistics 278
Unix for Poets (in 2016) Christopher Manning Stanford University Linguistics 278 Operating systems The operating system wraps the hardware, running the show and providing abstractions Abstractions of processes
More information8.9.2 Lab: Configure an Ethernet NIC to use DHCP in Windows Vista
8.9.2 Lab: Configure an Ethernet NIC to use DHCP in Windows Vista Introduction If Vista is not available in your classroom, you may complete this lab by viewing the figures in this document. Print and
More informationAutomating Administration with Windows PowerShell 2.0
Automating Administration with Windows PowerShell 2.0 Course No. 10325 5 Days Instructor-led, Hands-on Introduction This course provides students with the knowledge and skills to utilize Windows PowerShell
More informationREST Web Services Objektumorientált szoftvertervezés Object-oriented software design
REST Web Services Objektumorientált szoftvertervezés Object-oriented software design Dr. Balázs Simon BME, IIT Outline HTTP REST REST principles Criticism of REST CRUD operations with REST RPC operations
More informationInterfacing with Raspberry Pi 3 Model B Updated: 9/19/17
Interfacing with Raspberry Pi 3 Model B Updated: 9/19/17 A. Objectives 1. Learn about basics of Python programming 2. Learn how to use Python and Shell scripts to control GPIO ports on the Pi B. Time of
More informationLab #10: Using Linux with Microsoft Windows
CTEC1863/2017F Lab #10 Samba Page 1 of 11 Lab #10: Using Linux with Microsoft Windows In this lab, we turn Linux into a Microsoft Windows network server using Samba, "the free SMB and CIFS client and server
More informationIntroduction to UNIX I: Command Line 1 / 21
Introduction to UNIX I: Command Line 1 / 21 UNIX Command line The UNIX Shell: command line interface Navigating Directories and Files Running applications Reminder about helpful tutorial: http://korflab.ucdavis.edu/unix_and_perl/current.html
More informationDependency Injection Container Documentation
Dependency Injection Container Documentation Release v1.0.0 Filipe Silva Dec 08, 2017 Contents 1 Getting started 3 1.1 Introduction...............................................
More informationPractical Network Defense Labs
Practical Network Defense Labs ABOUT This document showcases my practical hands-on engagements in the elearnsecurity HERA labs environment for the Network Defense Professional certification course. I utilized
More information