openssl rsa -in input_file -out output_file
HSTS is enforced by the web server. To proceed to the website regardless carry out the following:
1: Go to chrome://net-internals/#hsts
2: Search domain under “Query domain” and lookout for the information from the cache.
3: To clear the cache of a domain, you need to delete the domain under “Delete domain” heading.
4: Website now accessible
Credit goes to https://techglimpse.com/chrome-https-website-hsts-failed/
Pre-req – CURL is installed on your server
curl -v -3 -X HEAD http://www.example.com
Not vulnerable – * SSL peer handshake failed, the server most likely requires a client certificate to connect
Vulnerable – * SSL 3.0 connection using SSL_NULL_WITH_NULL_NULL
Installation instructions for malwaredetect on a Debian 6 server with ISPConfig3:
Installation
Install pre-reqs:
apt-get install inotify-tools
Install maldetect:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xzvf maldetect-current.tar.gz cd maldetect-* sh install.sh
Configure
Edit the main maldet script to work with Debian:
vim /usr/local/maldetect/maldet
Replace the line that starts with $nice in the main maldet script with the following:
$nice -n $inotify_nice $inotify -d -r -o $inotify_log --fromfile $inotify_fpaths $exclude --timefmt "%d %b %H:%M:%S" --format "%w%f %e %T" -m -e create,move,modify >> /dev/null 2>&1 &
Edit internals.conf – Find inotify= and change the value to /usr/bin/inotifywait:
vim /usr/local/maldetect/internals.conf
Next delete inotifywait and libinotifytools.so.0
rm -rf /usr/local/maldetect/inotify/inotifywait rm -rf /usr/local/maldetect/inotify/libinotifytools.so.0
Now edit the cronjob:
vim /etc/cron.daily/maldet
Comment out:
- /usr/local/maldetect/maldet -d >> /dev/null 2>&1
- /usr/local/maldetect/maldet -b -r /home?/?/public_html 2 >> /dev/null 2>&1
- if [ -d “/var/www/html” ]; then
/usr/local/maldetect/maldet -b -r /var/www/html 2
fi
if [ -d “/usr/local/apache/htdocs” ]; then
/usr/local/maldetect/maldet -b -r /usr/local/apache/htdocs 2
fi
Add this:
# Instead use ISPConfig 3 path var/www /usr/local/maldetect/maldet -b -r /var/www
Below this:
#/usr/local/maldetect/maldet -b -r /home?/?/public_html 2 >> /dev/null 2>&1
Now configure maldetect to run daily and send report to email address of your choice:
Set toggle to 1, update subject line and enter email address:
vim /usr/local/maldetect/conf.maldet
# [ EMAIL ALERTS ] ## # The default email alert toggle # [0 = disabled, 1 = enabled] email_alert=1 # The subject line for email alerts email_subj="Malware Detect Subject Line $(hostname)" # The destination addresses for email alerts # [ values are comma (,) spaced ] email_addr="you@domain.com"
**Cron should run daily with an email report. Report only sent if malware found**
Manual Scanning
Scan specific directory:
maldet -a /home/homedir/public_html/
Scan all directories using a wildcard:
maldet -a /home/?/public_html/
Simple guide to installing WPScan on Debian.
Installation
Install git to grab source code from Github:
apt-get install git
Install dependencies for wpscan:
apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev ruby1.9.3
Clone wpscan form Github:
git clone http://github.com/wpscanteam/wpscan.git
Change into directory and install wpscan:
cd wpscan gem install bundler && bundle install --without test development
Scanning
Scan WordPress plugins:
ruby wpscan.rb --url http(s)://www.yoursiteurl.com --enumerate p
Scan Vulnerable plugins:
ruby wpscan.rb --url http(s)://www.yoursiteurl.com --enumerate vp
Scan themes:
ruby wpscan.rb --url http(s)://www.yoursiteurl.com --enumerate t
Scan vulnerable themes:
ruby wpscan.rb --url http(s)://www.yoursiteurl.com --enumerate vt
Scan user accounts:
ruby wpscan.rb --url http(s)://www.yoursiteurl.com --enumerate u
Scan for timthumb installations:
ruby wpscan.rb --url http(s)://www.yoursiteurl.com --enumerate tt
Update wpscan:
ruby wpscan.rb --update
Recent Comments