Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 11 (Apache Web Servers)

thanks for the dvwa

Pranab:

Please be patient. There are more coming.

What subjects would you like covered in future articles?

OTW

till now i am able to share picture and text through the virtual host .... i am using no ip service ... but every time i disconnect and reconnect my ppp0 device (3g modem) i get a new ip and i need to manually reset everything to make my small website run ,... is it possible that i can have a constant (static) ip using the same ppp0 interface ???? n please publish part 12 .... waiting for that .. :) tnx

Pranab:

Sorry it took so long to respond. You are behind a DHCP service, so everytime you disconnect, it will issue you a new IP. To get a static IP, contact you ISP.

OTW

search dynamic dns on google.. i think you might have come across the solution for your problem but still wanted to help..

Any idea when the next ones coming OTW??

good work by the way, enjoying every bit!

Chris:

I should have a new one out this week on LKM. What would you like to see covered in future Linux tutorials?

OTW

Your covering everything I want to know at the moment thanks, just keep up the good work and ill be kept happy!!

Cheers

At the end of this excellent tut you stated. 'In my next Linux tutorial, we will set up PHP, MySQL, and configure our Damn Vulnerable Web Application so that we can practice website and database hacking', but the next tut in this series (Part 12) is about LKM? Is there a continuation of this tut as it's sort of left hanging? Thanks.

Graymatter:

First, I want to welcome you to Null Byte!

Second, you are right, I kind of left you hanging. I'll finish up with PHP, MySQL, and DVWA in 2014. I promise!

OTW

In Step 6, I was having issues with
'chmod 755 DVWA-1.0.8'
Until I typed in
'chmod 755 /var/www/DVWA-1.0.8'
Which it seems to have accepted,
Has this granted me execute permissions? - I thought it had.

IT should've. if not. chmod 777. hahaha.
btw issues with chmod 755 dvwa... is because of the directory.

I was wondering if it would be worth mentioning that the last step could be checked by typing
'ls -l'
in the directory, like you (OTW) taught us in an earlier lesson (6?).
Because for me, the step did not appear to work, so I fixed it from there, using that earlier lesson.
Thank you,

Nemesis1512

Once again, it is an issue of which directory you are in when you execute the command.

I'm glad you could use another tutorial to resolve the issue.

Just keep in mind, if you are executing the command in the same directory as the object (file) resides, you do not need the path to the object (file).

Yes, indeed, sorry, it is just that this occurred before your response, hence why it has been brought up again.

Moreover, seeing as I could use one of your earlier tutorials, this suggests that your tutorials are comprehensive and are published in a very useful order.

Thank you very much for your understanding and further explanation,

Nemesis1512.

Bump! on that botnet tut idea!! im craving one that actually makes sense. I have found a great video i believe defcon 20 on making a HUGE botnet quickly through proxy/VPN

I am not able to edit the file index.html. And I am not even able to change the permissions using chmod.

"chmod: changing permissions of 'index.html': Operation not permitted" is the error I get when I try changing any permissions for that file.

And I am also not able to extract this zip file due to some permissions problem.

Are you using BackTrack?

Are logged in as "root"?

ubuntu.
How to log in as root?

Did you install Apache?

yes. I am able to do it now. I tried prefixing all the commands with 'sudo' and it worked for all.

This is now my home page. Hope it pleases you to know.

I'm fairly new to linux and i need a tut on how to hack a webserver this is the objective.
Okay, see if you can put a file in my home folder on my web server. Good luck! (Hint: use the console login.)

and BTW i know how to login to console but what do i do next plz help OTW! and i have kali linux bcz backtrack is obsolete.

Is there a question in there?

yes there is how to hack a webserver
and put the a file onto it while knowing console login or ssh and the ip i know all that info but wht do i do next?

Let me see if I understand. You know the console login and want to upload a file to the webserver? Why not use ftp or tftp?

like i can use filezilla or somthing like that?

Sure, if you have access to console. You can create an ftp account and upload whatever file you want.

You really don't need filezilla though. You can simply use ftp at the command prompt in Windows or Linux.

oh ok thnx OTW ur the best!

would it be possible to host this web server, send someone a link to it, and when they went to the page it would open a meterpreter session with them?

if so, how would I do it?

Deliveryman:

Have you checked out my Metasploit posts using a url? It does exactly what you are asking without having to build the website.

OTW

Okay i'll look thanks

that seems to only work with IE8 though, if I wanted it to work with any browser would I have to build the site?

There are different exploits for different browsers. IE8, though, is still the most widely used browser.

but how can you determine what browser a PC is running?

The new pof3.0 will tell you.

I've been doing some googling and I haven't found anything on how to detect browser types with pof3.0, How would you do it?

Pof is passive. All you do is enable it on your interface and it will tell you the OS, the interface and browser, if one is used.

Oh okay. thanks, and keep up the good work.

Thanks for that DeliveryMan!

OTW selinux. i want to know how to use it how to add policies . Read manual but no idea

Hi guys.

I'm running Ubuntu in VMWare Player.

When I try running Apache, it gives me "Could not open configuration file /etc/apache2/apache2.conf: No such file or directory"

Any pointers or suggestions on how to make Apache work?

Thanks,
Nathan

Nathan:

Every distribution of Linux places the files in different locations. Try using the locate command to find the apache2.conf.

OTW

Okay, I'll try that. I was using find to search for it, that may have been my problem.

hello,
i want to be the best hacker which programming languages should i learn to get my task.

Haroon:

I would recommend that you learn C and Java and then learn to script in BASH, Perl and Python.

OTW

How do i install the DVWA after i gave myself execute permission.

Hello OTW!
Thank a lot for your tutorials! You are helping me more than you can imagine!

have kali Linux 2.0 up and running w/dual boot. Don't see GUI screen from Application - System Services and hence Apache2 start/stop or restart. Anyways, used CLI to start apache2 and leafpad /var/www/index.html based on the wordings above. But, no changes on Iceweasel once http://localhost or 127.0.0.1. Thx for your reply in advance.

MPLEAFS,

On Kali 2 entering 'service apache2 start' into the terminal should start the apache server and display /var/www/html/index.html when pointing the browser to localhost or 127.0.0.1.

Had almost the same problem, only that https://localhost/ showed the edited site, but 127.0.0.1 did not..
A simple restart resolved the issue, but I'm still curious to why that happened..
Any ideas?

if im logged as 'Root" ,do i still need permission or what ??
i am new in linux and need some basic learning

Yes, even root needs permissions to use or execute a file.

On Ubuntu, I can't edit my apache2 index.html file in gedit located in /var/www/html/index.html because it gives a message saying, "could not create a backup file while saving /var/www/html/index.html. I have -rwxrwxrwx permissions which i found out by typing ls -l in terminal. Do you have any advice so i can make a customised page like you? Sorry for the inconvenience.

-DogJones

Never mind. Please excuse my stupid question, as I just sorted it out. So sorry!!!

hi can you assist with a LAB , objective is to access LAN from outside . only details I have is the website and 3 other servers.FTP port closed only 80 is open ...I have Kali Linux..not sure how to approach this with limited info given fro this LAB

hi otw - great introductory series, thanks for writing it! i'm wondering what happened to the follow up to this article re: configuring DVWA though.. is it around somewhere else?

Hi there, i know its 3 years old but i have a problem(i am new to Kali linux and linux generally) I installed LAMP with the link above, but when i type localhost and try to conect on my browser, a bitnami page shows up and not "It works!" page. Please help, what did i do wrong?

Hi, your result is fine and accurate for the instructions we have followed for LAMP. If you would like to create a page for apache, navigate to bitnamiDirectory/apache2/htdocs. You can then put your html file there as filename.html. To navigate there, go to the Bitnami LAMP Stack client and open the Manage Servers tab. Click on Apache Web Server and restart the server. You can now navigate to your html page by going to localhost:8080/filename.html. Hope this helps!

I'll do a tutorial on building a botnet in the near future - where I can read about it?

Hello,

at the end of this tutorial series you said that the next upcoming tutorial will be focused on "In my next Linux tutorial, we will set up PHP, MySQL, and configure our Damn Vulnerable Web Application so that we can practice website and database hacking"

But the following tutorial series #12 is all about LKMs. Where can I find the following tutorial series on this series ?

just trying to add some useful info...
for kali linux 2020 version:

-> to start/stop/restart apache/mysql from terminal:
sudo service apache2/mysql start/stop/restart

felt a lack of information about DVWA!
i hope there is a tutorial about this.

ty,
gogogo!