Tuesday, April 02, 2013

Multiple Desktop Screen 2 Monitor + 1 Ipad

Today i can build multiple Dekstop Screen on My PC with 2 Monitor ( Laptop + Monitor Display ) and 1 Ipad Monitor

 What i need :

1. Laptop 2 Monitor

 - 1 Build in 1 Extended - Windows 7
 - Install Air Display http://avatron.com/apps/air-display
 - Ultramon http://uploaded.net/file/riww1p43/izajb.UltraMon.3.2.2.x86x64.rar

2. Ipad Jailbreak 6.0.1-6.1 :

 - www.evasi0n.com , evasi0n - iOS 6.0-6.1.2 Jailbreak ( Didnt work in iOS > 6.1.3 ) - Install Zeusmos or Vshare in Cydia ( Search ).
 - Install Air Display From Zeusmos or Vshare This My Screen Shoot



Monday, April 01, 2013

Defend Pushdo and Cutwail - Iptables - Proxy Reverse Server - Nginx + Naxsi


Why you are buy expensive device when all is opensource ? 



Topology 



Router ( 192.168.1.1 ) - Nginx Proxy Reverse + Naxsi ( 192.168.1.2 ) - Nginx Web Server ( 192.168.1.3 )


Nginx Proxy Reverse + Naxsi ( 192.168.1.2 ) 

This step how to defend Pushdo/Cutwail where i put naxsi in proxy reverse 

Configure Iptables : 


This block in 4 layer "POST /?ptrxcz" on this situation block pattern string "ptrxcz"




[root@proxy ~]# vi /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [12204116:2175223599]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13308164:1687844257]
-A INPUT -p tcp -m string --string "ptrxcz" --algo bm --to 65535 -j DROP
COMMIT


Install Nginx + Naxsi


[root@proxy ~]# cd /usr/local/src/
[root@proxy ~]# wget http://nginx.org/download/nginx-x.x.xx.tar.gz 
[root@proxy ~]# wget http://naxsi.googlecode.com/files/naxsi-x.xx.tar.gz 
[root@proxy ~]# tar xvzf nginx-x.x.xx.tar.gz 
[root@proxy ~]# tar xvzf naxsi-x.xx.tar.gz 
[root@proxy ~]# cd nginx-x.x.xx/
[root@proxy ~]# ./configure --conf-path=/etc/nginx/nginx.conf  
--add-module=../naxsi-x.xx/naxsi_src/ --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body     --http-fastcgi-temp-path=/var/lib/nginx/fastcgi     --http-log-path=/var/log/nginx/access.log     --http-proxy-temp-path=/var/lib/nginx/proxy  --lock-path=/var/lock/nginx.lock     --pid-path=/var/run/nginx.pid     --with-http_ssl_module     --without-mail_pop3_module     --without-mail_smtp_module     --without-mail_imap_module     --without-http_uwsgi_module     --without-http_scgi_module     --with-ipv6  --prefix=/usr
[root@proxy ~]# make;make install 
[root@proxy ~]# cp /usr/local/src/naxsi-x.xx/naxsi_config/default_location_config.example /etc/nginx/test.rules

[root@proxy ~]# vi /etc/nginx/test.rules; #LearningMode;
SecRulesEnabled;
#SecRulesDisabled;
DeniedUrl "/RequestDenied";
include "/tmp/naxsi_rules.tmp";
## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;

[root@proxy ~]# cp /usr/local/src/naxsi-x.xx/naxsi_config/naxsi_core.rules /etc/nginx/naxsi_core.rules


Configure Nginx.conf


[root@nginx ~]# vi /etc/nginx/nginx.conf user nginx;
worker_processes  4;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include /etc/nginx/naxsi_core.rules;
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    access_log /var/log/nginx/access.log;
    server_names_hash_bucket_size 64;
    sendfile        on;
    tcp_nopush     on;
    keepalive_timeout  65;
    tcp_nodelay        on;
        gzip              on;
  ignore_invalid_headers   on;
  gzip_comp_level   5;
  gzip_http_version 1.0;
  gzip_min_length   0;
  gzip_types        text/plain text/css image/x-icon application/x-javascript;
  gzip_vary         on;
  include /etc/nginx/conf.d/*.conf;
}

[root@proxy ~]# vi /etc/nginx/conf.d/default.conf
server {
 listen   80;
 server_name  domain.com;
 access_log  /var/log/nginx/access.log;
 error_log  /var/log/nginx/error.log notice;

 #set your default location



 location / {

   include            /etc/nginx/test.rules;
   proxy_pass         http://192.168.1.3;
   proxy_read_timeout 60s;

  # May not need or want to set Host. Should default to the above hostname.

  proxy_set_header          Host            $host;
  proxy_set_header          X-Real-IP       $remote_addr;
  proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;
  }

   location /RequestDenied {

     error_page  404  /404.html;
  }



 #set your static folder location without the proxy pass so Nginx

 #will server those files. We also set expires max to add an
 #expires to have the client cache the files.  You will
 #have to  #set a version on your css and js files to prevent
 #the user who has cached files from not receiving new versions.
 location /static {
  root   /home/domain/www/media;
  expires     max;
  }
  #error_page  404  /404.html;
  # redirect server error pages to the static page /50x.html
 #
 error_page   500 502 503 504  /50x.html;
 location = /50x.html {
  root   /var/www/html;
}
}



[root@proxy naxsi]# vi /etc/nginx/conf.d/proxy.conf
proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
client_header_buffer_size 64k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size   16k;
proxy_buffers       32   16k;
proxy_busy_buffers_size 64k;


nginx ssl configure, enable or disable in ssl keep on your situation ....


[root@proxy src]# cat /etc/nginx/conf.d/ssl.conf
#
# HTTPS server configuration
#

server {

        ### server port and name ###
        listen          443;
        ssl             on;
        server_name     domain.com;

        ### SSL log files ###

        access_log      /var/log/nginx/ssl-access.log;
        error_log       /var/log/nginx/ssl-error.log;

        ### SSL cert files ###


        ssl_certificate      "/etc/ssl/certs/domain/domain.crt";

        ssl_certificate_key  "/etc/ssl/certs/domain/domain.key";



         ssl_protocols SSLv3 TLSv1;

         ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;

        ssl_prefer_server_ciphers on;

        keepalive_timeout    60;
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;





 set $my_https "off";

  if ($http_x_forwarded_proto = "https") {
      set $my_https "on";
  }

#  passenger_enabled on;

#  passenger_set_cgi_param HTTPS $my_https;

   server_name_in_redirect off;




location / {

       # include    /etc/nginx/test.rules;
        proxy_pass  https://192.168.1.3;

        proxy_redirect off;

        proxy_set_header Host $host ;
        proxy_set_header X-Real-IP $remote_addr ;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
        proxy_set_header X-Forwarded-Proto https;
}
}

[root@proxy src]# tail -f /var/log/nginx/error.log

2013/04/01 15:41:49 [error] 11322#0: *323567 NAXSI_FMT: 

ip=123.50.36.241&server=domain.com&uri=/&learning=0&total_processed=9072&total_blocked=8135&zone0=HEADERS&id0=1402&var_nam


e0=content-type, client: 123.50.36.241, server: domain.com, request: "POST / HTTP/1.1", host: "domain.com"

2013/04/01 15:41:49 [error] 11322#0: *323582 NAXSI_FMT: 

ip=222.254.120.159&server=domain.com&uri=/&learning=0&total_processed=9073&total_blocked=8136&zone0=HEADERS&id0=1402&var_n


ame0=content-type, client: 222.254.120.159, server: domain.com, request: "POST / HTTP/1.1", host: "domain.com"

2013/04/01 15:41:49 [error] 11322#0: *323586 NAXSI_FMT: 

ip=105.228.161.78&server=domain.com&uri=/&learning=0&total_processed=9075&total_blocked=8137&zone0=HEADERS&id0=1402&var_na


me0=content-type, client: 105.228.161.78, server: domain.com, request: "POST / HTTP/1.1", host: "domain.com"

2013/04/01 15:41:49 [error] 11322#0: *323587 NAXSI_FMT: 

ip=76.67.72.71&server=domain.com&uri=/&learning=0&total_processed=9076&total_blocked=8138&zone0=HEADERS&id0=1402&var_name0


=content-type, client: 76.67.72.71, server: domain.com, request: "POST / HTTP/1.1", host: "domain.com"

2013/04/01 15:41:49 [error] 11322#0: *323588 NAXSI_FMT: 

ip=37.79.119.192&server=domain.com&uri=/&learning=0&total_processed=9077&total_blocked=8139&zone0=HEADERS&id0=1402&var_nam


e0=content-type, client: 37.79.119.192, server: domain.com, request: "POST / HTTP/1.1", host: "domain.com"


Error Log id0=1402 


[root@proxy src] cat /etc/nginx/naxsi_core.rules


MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-


form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4"

id:1402;

In Webserver nginx ( 192.168.1.3 )



[root@web root]# vi /etc/nginx/nginx.conf

 user       nginx;  

 worker_processes 4;  
 pid    /var/run/nginx.pid;  
 events {  
   worker_connections 1024;  
 }  
 http {  
    open_file_cache max=1000 inactive=20s;  
    open_file_cache_valid  30s;  
    open_file_cache_min_uses 2;  
    open_file_cache_errors  on;  
    keepalive_timeout 20;  
   client_max_body_size 15m;  
   client_body_timeout 60;  
   client_header_timeout 60;  
   client_body_buffer_size 1K;  
   client_header_buffer_size 1k;  
   large_client_header_buffers 4 8k;  
   send_timeout 60;  
   error_log /var/log/nginx/error.log;  
   access_log /var/log/nginx/access.log;  
   include /etc/nginx/naxsi_core.rules;  
   include    /etc/nginx/mime.types;  
   default_type application/octet-stream;  
   log_format main '$remote_addr - $remote_user [$time_local] "$request" '  
            '$status $body_bytes_sent "$http_referer" '  
            '"$http_user_agent" "$http_x_forwarded_for"';  
 sendfile     on;  
 tcp_nopush    on;  
 tcp_nodelay    off;  
 autoindex     off;  
 keepalive_requests 100000;  
   error_log /var/log/nginx/error.log ;  
   access_log /var/log/nginx/access.log main;  
   server_tokens off;  
   fastcgi_buffers 8 16k;  
   fastcgi_buffer_size 32k;  
   limit_req_zone $binary_remote_addr zone=blitz:10m rate=10r/s;  
  gzip on;  
  include /etc/nginx/conf.d/*.conf;  
  server {  
     proxy_set_header Proxy-Connection "";  
     listen    80;  
     listen    443 ssl;  
     server_name domain.com;  
     root /home/domain/www;  
     ssl_certificate   "/etc/ssl/certs/server.crt";  
     ssl_certificate_key "/etc/ssl/certs/server.key";  
      ssl_session_timeout 5m;  
      ssl_protocols SSLv3 TLSv1;  
      ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;  
   ssl_prefer_server_ciphers on;  
  client_body_timeout  10;  
  client_header_timeout 10;  
  keepalive_timeout   5 5;  
  send_timeout     10;  
  set $my_http "http";  
  set $my_ssl  "off";  
  set $my_port "80";  
 #Block this too   
  if ($http_user_agent ~ "curl") { return 403; }  
   if ($http_referer ~* (ptrxcz) ) {  
    return 404;  
   }  
   location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {  
   access_log    off;  
   log_not_found   off;  
   expires      360d;  
 }  
     location / {  
     proxy_set_header Host $host;  
     proxy_set_header X-Real-IP $remote_addr;  
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
     # Most web apps can be configured to read this header and understand that the current session is actually HTTPS.  
     proxy_set_header X-Forwarded-Proto https;  
     proxy_redirect   off;  
     index index.php;  
     try_files $uri $uri/ @handler;  
     }  
  error_page 403 /403.html;  
  location = /403.html {  
  root /home/domain/www;  
  internal;  
  }  
   # Deny access to specific directories no one  
   location /app/ { deny all; }  
   location /includes/ { deny all; }  
   location /lib/ { deny all; }  
   location /media/downloadable/ { deny all; }  
   location /pkginfo/ { deny all; }  
   location /report/config.xml { deny all; }  
   location /var/ { deny all; }  
   # Allow only those who have a login name and password  
   # to view the export folder. Refer to /etc/nginx/htpassword.  
   location /var/export/ {  
     auth_basic "Restricted";  
     auth_basic_user_file htpasswd;  
     autoindex on;  
   }  
   # Deny all attempts to access hidden files  
   # such as .htaccess, .htpasswd, etc...  
   location ~ /\. {  
      deny all;  
      access_log off;  
      log_not_found off;  
   }  
   if ($http_x_forwarded_proto = "https") {  
   set $my_http "https";  
   set $my_ssl "on";  
   set $my_port "443";  
   }  
   # This redirect is added so to use Magentos  
   # common front handler when handling incoming URLs.  
   location @handler {  
     rewrite / /index.php;  
   }  
   # Forward paths such as /js/index.php/x.js  
   # to their relevant handler.  
   location ~ .php/ {  
     rewrite ^(.*.php)/ $1 last;  
   }  
      if (!-e $request_filename) {  
      rewrite . /index.php last;  
      }  
      location ~ \.php$ {  
       fastcgi_param HTTPS on;  
       fastcgi_pass  127.0.0.1:9000;  
       fastcgi_index index.php;  
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;  
       include    fastcgi_params;  
     }  
       location ~* \.(htm|html|js|css|png|jpg|jpeg|gif|ico)$ {  
         expires max;  
         log_not_found off;  
        }  
     # deny access to .htaccess files, if Apache's document root  
     # concurs with nginx's one  
     #  
     location ~ /\.ht {  
       deny all;  
     }  
 error_page 404 /notfound.html;  
 }  
 }