Howto enable WAP in your apache

waplogo
This is some information to share, on how to enable WAP on your apache web server. WAP will just works with your ordinary apache web server, it just need some additional code to be inserted into the configuration file.

Add the following code into your httpd.conf file, between <IfModule mod_mime.c> and </IfModule> tag.
AddType text/vnd.wap.wml .wml .wml
AddType Application/vnd.wap.wmlc .wmlc
AddType text/vnd.wap.vmlscript .wmls
AddType Application/vnd.wap.wmlscriptc .vmlsc
AddType image/vnd.wap.wbmp .wbmp

You also have to locate “DirectoryIndex” in the config file, and add index.wml. This is to make apache will read index.wml inside a folder, so that you can access it easily like http://wap.farhanfaisal.com, where it will immediatey read index.wml inside wap.farhanfaisal.com

Thats all, hope in future we will have more something in common to share, WAP site! ๐Ÿ™‚

Wassalam

Enable WAP in apache – mrEriksson-Network

Appearing in 642-436 is not an issue for a 70-293 professional, whether he has done 350-018 and 70-647 or not.

httptop for live monitoring for your domains

I downloaded an ebook, Linux Server hacks [O’reilly], hacks #65, “Monitoring Web Traffic in Real Time with httptop. Its quite interesting, you can view the traffic, but in CLI, just a black screen. But you can see who’s hitting your web server up to the second.

Firstly, this is my reference,
cat
You can also download a full ebook from here. The file is quite big, 34MB! But… I found the Window help file version for the ebook!

The server used to setup all this things up is using FreeBSD 4.11, using DirectAdmin control panel. Mod_perl update were managed by DirectAdmin, and it makes my job easier to add additional Perl modules for httptop to works. Httptop need Time::HiRes and File::Tail Module installed to mod perl.

The first thing to do is to create additional information in httpd.conf for my domain, farhanfaisal.com. I just add these 2 additional line in the file. (Find the suitable place your own :D)
CustomLog /var/log/httpd/domains/total_log vhost
LogFormat “%v %h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” vhost

“total_log” is a newly created file, where the new log data will dumped into, using these specified format. chmod it to 644.

Then we go to our httptop file. You can get the source code from O’reilly official website, or just download it from here.

In order to make sure the scripts will work, we have to install Time::HiRes module and File::Tail perl module.
cd /usr/ports/devel/p5-DateTime-HiRes
make install clean
cd /usr/ports/devel/p5-File-Tail
make install clean
/usr/local/directadmin/customapache/build mod_perl

I just restarted apache using DirectAdmin control panel, and issue this command to initiate httptop

httptop -f vhost -r 2 /var/log/httpd/domains/total_log

Walla, now you can see the result.
httptop small pics

Linux server hacks [pdf]
Linux server hacks [chm]

Certificates like 640-816 and 650-393 are important for a 70-284 professional’s career, particularly if he is planning on a future in 642-552 and 646-588.

Overlook an exploit in metasploit.

Last Sunday, UiTM held a Open Source Expo and National Hacking Competition. I was one of the participant ๐Ÿ™‚
Me and Wahida

One of the challenge is to view the source code of a ASP file. I run nikto, and below is the result:

————————————————————————
root@budihost-box:~# perl /usr/bin/nikto.pl -h 192.168.0.3
---------------------------------------------------------------------------
- Nikto 1.32/1.23 - www.cirt.net
+ Target IP: 192.168.0.3
+ Target Hostname: 192.168.0.3
+ Target Port: 80
+ Start Time: Fri Aug 26 13:52:56 2005
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ IIS may reveal its internal IP in the Content-Location header. The value is "http://192.168.0.3/Default.htm". CAN-2000
-0649.
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is
allowed but a default page exists.
+ HTTP method 'SEARCH' may be used to get directory listings if Index Server is running.
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_s
creen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mir
ror/WhitePaper_screen.pdf for details (TRACK)
+ /scripts - Redirects to http://192.168.0.3/scripts/ , Remote scripts directory is browsable.
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists
' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170
is installed. MS00-006. (GET)
+ /NULL.printer - Internet Printing (IPP) is enabled. Some versions have a buffer overflow/DoS in Windows 2000 which al
lows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0.
Disabling the .printer mapping is recommended. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (
GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (
GET)

+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbi
trary system commands, though a vulnerability in this version could not be confirmed. CAN-1999-1376. BID-2252. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-041
3, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a
DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-041
3, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplore
rDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false
&listBorders=false - Needs Auth: (realm NTLM)
+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplore
rDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false
&listBorders=false - Needs Auth: (realm NTLM)
+ /_vti_inf.html - FrontPage may be installed. (GET)
+ /login/ - This might be interesting... (GET)
+ /localstart.asp - Needs Auth: (realm "192.168.0.3")
+ /localstart.asp - This may be interesting... (GET)
+ 2645 items checked - 15 item(s) found on remote host(s)
+ End Time: Fri Aug 26 13:53:16 2005 (20 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

————————————————————————-
The server runs IIS 5, with source code dislosure vulnerability.

I didn’t notice that Metasploit Framework already have the exploit. The task should be more easy with Metasploit.

Quite a few advertising agencies are making use of cheap web hosting and free web design templates by saving there and spending on seo like email marketing.

Happy Merdeka Day!

Merdeka announcement

Happy Merdeka Day!!

Merdeka! Merdeka! still can be heard today. Last night IIUM students also celebrating Merdeka Day in the campus. Many peoples were there, students, lecturers and many other people around the area.

Just few hours before the 12 o’clock, i was in KL, lift a friend to PuduRaya, balik kampung ๐Ÿ™‚
There were many people in KL last night. I saw a family with their children planning to celebrate Merdeka in KL. It makes me remember, I was never being outside at night during my young ages.

I still agree that we still cannot know the value of Merdeka, since we have already been in all the harmony, and have all the peaceful life. How can be protect our country, without knowing the value of independence?

Peace be among the warriors, who strive for our independence.

Auditor security linux

Auditor Security Linux

Auditor security linux, must try linux for anyone who interested in security aspects of networking and administration. Auditor provides full of application needed information gathering, vulnerability assesment, and many more.

The application have been arrange in categorical, so that you can go to specific application specific to what purpose. There are many more tools that not included in the category, you can search for it.

You can download it from here:
http://new.remote-exploit.org/index.php/Auditor_mirrors

New IM – Google Talk

As all of us wait and all the rumours spread, now Google come out with its new IM for its users, Google Talk.

Google Talk client application

All you need is just a Google account, and the client application. The application is just 900KB in size, and can be downloaded from here

The application is simple, small in size, and the file is all the software that you need. You dont need to redownload other program to use it. Google Talk support Voice Call with your buddies.

Download now, and start inviting your Google friends to your Buddy list!

Budihost being an official technology partner of Convest 2005.

Budihost Web Hosting & Services
This year, 2005, Budihost Web Hosting & Services will be the Technology Partner of IIUM Convocation Fiesta 2005.

We will be delivering content management of the official website. There’s some problem with the website, where we have to use IIUM server to host the website. The new policy this year disalow them to take other hosting provider to host their official website.

You can have a visit to their official website, http://www.iiu.edu.my/convest/.

The website is still under development. Need to have more modification on the design and features.

Bekelah waterfall trip (Maran, Pahang)

bekelahLast week was a great weekend, i went to Bekelah waterfall, in Maran, Pahang. Quite popular place for picnic and recreational activities, but its just me who didn’t noticed about that.

The program was organized by ARC (Adventure Club) of International Islamic University. The program just 2 days, and 2 nights.

We based at a point, where we have to walk around 2 hours to reach there. The route was quite difficult at the other end, where we have to walk through rocks, just besides the big streams of water. If we fall into the water with the heavy bags, I couldn’t imagine what to do.

The place was very nice, was very very very nice.. ๐Ÿ™‚ You should go there once in your life time. The camping site is quite small, its really tight enough for 80, our group. But the river have a big area to swim and having any activities like water confidence, river crossing and flyisng fox.

We plan to do flying fox, but we do not bring a static rope, we just have a dynamic rope. So, the plan just drowned ๐Ÿ™

I’ll post some pictures after this, not ready yet.

Next week insya-Allah I’ll be there again, with ARC from IIUM matriculation center. ๐Ÿ™‚ wanna join me?