Follow by Email

Find Us On Social Platform

Pages

Saturday, 28 January 2017

Fixing Anonymous Access in vsftpd (CentOS 7)


Fixing Anonymous Access in vsftpd (CentOS 7) 

Description
In this tutorial, we are going to create a scenario where we:

  1. Install the vsftpd application on CentOS 7.
  2. Scan the 'vsftpd' application from kali linux and observe the issues / vulnerability reported by Nessus or Nmap scans.
  3. Fixing issues by hardening configuration.
Installing 'vsftpd' application on CentOS 7


 Open Configuration file


Start 'vsftpd' service


Adding rule in firewall


 Nmap Scanning to check running services on CentOS 7


Hardening Issues 

During testing, you will observe that anonymous access is allowed in most of the servers. These are just a small issues but it can impact more if any sensitive data are placed here.


Fixing Issue 

Resolving Issue (Anonymous Access)
1. Go to vsftpd configuration file (vim /etc/vsftpd/vsftpd.conf)
2. Change anonymous access from 'Yes' to 'No'.


3. Save the configuration file
4. Restart the service

Anonymous Access Fixed
Below you can see Authentication required to access FTP data over the internal network.



END 
Adding at-least a small level of security helps internal network to make it secure rather than giving anonymous access.

Although using FTP (clear text protocol) is  not safe. Attacks such as Man-in-the-Middle attack can disclosed too much information if an attacker can get access to the internal network.

Think safe, be safe and thanks for reading and keep following us for more security fixes.

THIS TUTORIAL IS JUST FOR EDUCATIONAL PURPOSE ONLY/- 

Wednesday, 16 December 2015

HOW TO DISABLE ECHO DISCARD DAYTIME QOTD AND CHARGEN SERVICES ON WINDOWS SERVER 2003


HOW TO DISABLE ECHO DISCARD DAYTIME QOTD AND CHARGEN SERVICES ON WINDOWS SERVER 2003 


DESCRIPTION
  • This tutorial is to fix the services which are reported by the various scanner during network assessment. These services are not in use these days and make operating systems vulnerable to different attacks such as Denial of Service etc.
  • Mostly these services found running on the older Operating systems such as Windows XP, Windows Server 2003, 2000. Unfortunately, still these issues are found open while testing. So i decided to create a tutorial on how to close these unused services.
NETWORK SETUP
  • For this tutorial, we used Oracle Virtual Box, Windows Server 2003 and Kali Linux.
  • Below image shows the environment of my virtual setup:


UNUSED SERVICES 

Following are the Services detected by the various scanners. And below is the result of Nessus: 

ECHO
DISCARD
DAYTIME
QOTD 

TCP SCAN: Scan shows all the running services on the remote server. See the below image for more details:


FIXING 

To close the services, go to the registry and follow the path:

HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\

BEFORE CHANGING REGISTRY KEY VALUE



AFTER CHANGING REGISTRY KEY VALUE



MANUALLY CROSSED CHECKED

After changing the registry values of all the services from 1 to 0. We successfully closed all the services ( echo, discard, daytime, qotd and chargen) on the Windows Server machine.

The below image shows the stealth scan output. See the below image for more details:

THIS TUTORIAL IS JUST FOR EDUCATIONAL PURPOSES ONLY/-

Monday, 30 November 2015

How To Disable OPTIONS Methods On IIS Server


HOW TO DISABLE OPTIONS METHOD ON IIS SERVER

DESCRIPTION
  • In this tutorial, we are going to learn how to disable OPTIONS and TRACE methods on the IIS 8.0 Server.
  • These are problems which unnecessary disclosing information such as disclosing of HTTP methods allowed on the Web Server.
  • These problems are also reported in the VAPT (Vulnerability Assessment and Penetration Testing) report. 
  • Lots of recommendation on the internet, but that don't work many times. So I decided to make this work easier by creating a blog post.
  • Also i'll try to explain the whole scenario with demos.
OBJECTIVE 
The main objective of this article  to disable the OPTIONS method on the IIS Server and to maintain the server integrity and confidentiality.
NETWORK SETUP

For this task, we setup our scenario as shown below:
  1. Windows Server 2012: Running on Oracle Virtual Box.
  2. Burp Suite: Use the burp proxy to capture the request and responses.
  3. Accessing Default Pages: We access default page of IIS 8.0 through our laptop browser.


DEFAULT PAGE IS RUNNING

EXAMPLE 

  • The below image shows that default page is running on the remote server. This is common when we install IIS role in the server. But the problem arises when we go with security testing.
  • This default page discloses all the HTTP methods which are supported by the remote server. Methods such as OPTIONS, TRACE, PUT DELETE etc.
  • Although the impact is low but it helps an attacker to craft the further attacks.

SENDING REQUEST

  • Image 1: Observe the below image, after capture the request using Burp Suite, we change the request method from GET to OPTIONS and in the response we get all the HTTP methods supported by the remote Web Server.
  • This confirms that OPTIONS method is disclosing some information.


HOW TO FIX THESE ISSUES

So now our target is to fix these small issues. To fix this issue follow the path: "C:\Windows\System32\inetsrv\config" and open the "applicationHost.config" file on notepad.

Image 1: Below image shows the exact path of the file. See the below image for more details:


FIND AND COMMENT THE STRING

Image 2:
Once you open a in notepad, then follow these steps:

STEP1: Search for the string "OPTIONSVerbHandler".
STEP 2: Comment it out using <!--      --> symbols as shown in the below screenshot.
STEP 3: Add a new line: <add name="MyOPTIONSVerbHandler" path="*"
verb="OPTIONS" modules="StaticFileModule" requireAccess="None" />

STEP 4: Save your file.

See the below screenshot for more details:

RESTART SERVER
  • Image 3:Now open IIS (Internet Information Services) Manager and restart the Website.
  • See the below screenshot for more details:

MANUALLY CROSS CHECKED
  • Image 4: Solutions works, no methods are disclosed after sending the OPTIONS methods request to the IIS Server.
  • See the below image for more details:

SUMMARY
THIS TUTORIAL IS JUST FOR EDUCTIONAL PURPOSE ONLY/-



HOW TO REMOVE SERVER HEADER


HOW TO REMOVE SERVER HEADER

DESCRIPTION 

OBJECTIVE 

The main objective of this tutorial is remove server header from the response.
To save IIS server by disclosing un-necessary information.
EXAMPLE 



COUNTERMEASURE 

  • Download the URL Rewrite extention from Microsoft Website. Follow all the below steps to download it.
  • Image 1: Click on the link: http://www.iis.net/downloads/microsoft/url-rewrite to download URL-Rewrite extension.
  • When the web page open, click on the "Install this extension" link.
  • See the below screenshot for more help:



Image 2: Click on "Install Now" button.


Image 3: Click on Install button. See the below image for more help:


Image 4: Download started wait sometime. Have some patience.


Image 5: Download Finished. Click on the Finish button.


OPEN IIS MANAGER 

Image 1: Open IIS Manager using "inetmgr" command. See the below image for more details:



OPEN URL-REWRITE
Image 1: click on the "URL Rewrite". See the below image for more details:



Image 2: Click "Add Rule". See the below screenshot for more help:


CREATE OUTBOUND RULE

Image 1: Click on "Blank rule". See the below image for more help:

EDIT OUTBOUND RULE 

  1. Name: Remove Server Header (Any name you can specify)
  2. Variable name: RESPONSE_Server
  3. Pattern: (.+)
  4. Value: Not Permitted ( Any value you can entered)
  5. Click on Apply button.
See the below screenshots for more help:



MANUALLY CROSS CHECKED 

Now observe the difference, there is no IIS version disclosed in the response headers. This way we can handle the server header easily.


Thursday, 15 October 2015

HOW TO DISABLE SSLV3 PROTOCOL IN IIS SERVER


HOW TO DISABLE SSL3.0 PROTOCOL IN IIS SERVER

Overview of SSLv3 protocol 
  • SSL stands for Secure Socket Layer. It is a cryptography protocol, which is designed to provide communication security over a computer network.
  • SSL 3.0 is more secure protocol than SSL2 because of adding SHA-1-based ciphers and supports for certificate authentication.
  • In SSL 3.0 Cipher suites have weaker derivation process, half of the master key that is established is dependent on the MD5 hash function which is not resistant to collisions and not considered secure
  • Again there is a point to not use SSL 3.0 protocol is vulnerability in the design, which makes CBC mode of operation with SSL 3.0 Vulnerable to POODLE attack.
  • Microsoft recommends to use TLS 1.2 and the more secure AES-GCM (Advanced Encryption Standard-Galois/Counter Mode) cipher as the RC4  alternative.
In the overview, there are many points which tell us why we should not use SSL 3.0 protocol. Now let see how we can remove SSL 3.0 protocol in IIS Server.

Objective
To make IIS more secure and free from vulnerabilities that are detected in the network scanners.

Example:
  • In the example, while testing SSL on port 443, we found SSLv3 protocol is running with vulnerable ciphers such as RC4-SHA and RC4-MD5.
  • In the below image see the highlighted box for more details. Also same RC4 ciphers are also supported by TLSv1 protocol.
Testing SSL on port 443
FIXING Now fixing won't be easy earlier but using "IIS Crypto" tool this becomes easy to disable SSLv3 protocol and remove weak RC4 ciphers from the cipher suites list.

Download IIS Crypto
Link: https://www.nartac.com/Products/IISCrypto/Download
  • After download, double click on the IISCrypto executable file and click on the "best practices" button. 
  • Now click on "Apply" button and restart the server.
Using IIS Crypto Tool disable SSL 3.0 protocol and to removed vulnerable RC4 ciphers

Message Pop up
As you click on he Apply button, a message pop up, click ok and restart the server.

REBOOTING SERVER MESSAGE
Windows Server Restarting

RESTARTING WINDOWS SERVER 
SSLv3 and RC4 ciphers removed successfully
  • After restarting the server, when we test again the SSL server on port 443, now SSLv3 protocol is disabled successfully and also observe vulnerable RC4 ciphers are also removed.
  • See the below image for more details: 
TESTING SSL SERVER AGAIN ON PORT 443
AT THE END 
  • This tutorial give  a short overview of SSL 3.0 protocol with reasons why we have to disable SSL 3.0 protocol.
  • Using IIS Crypto tool how we can disable SSL 3.0 and RC4 ciphers 
  • Keep following server practice and hackingdna.com
REFERENCES
For more information, follow the reference link.
Wikipedia

THIS TUTORIAL IS JUST FOR EDUCATIONAL PURPOSE ONLY/-

Saturday, 25 April 2015

DEPLOYING NETWORK POLICY AND ACCESS SERVICES ON WINDOWS SERVER 2012


DEPLOYING NETWORK POLICY AND ACCESS SERVICES ON WINDOWS SERVER 2012

DESCRIPTION 
  • Network Policy and Access Services (NPAS) allows you to provide local and remote network access and to define and enforce policies for network access authentication, authorization, and client health. 
  • The NPAS server role includes Network Policy Server (NPS), the Routing and Remote Access service (RRAS), Health Registration Authority (HRA), and Host Credentials Authorization Protocol (HCAP).
OPEN SERVER MANAGER 

1. Open the server manager.
2. Click on Manage button.
3. Click on "Add Roles and Features".
4. See the below image for more details:


ADD ROLES AND FEATURES WIZARD 
  1. Click on the "Next" button.
  2. See the below image for more details: 

SELECT INSTALLATION TYPE 

1. Click on the "Role-based or feature-based Installation".
2. Click on the "Next" button.
3. See the below image for more details: 


SELECT DESTINATION SERVER 
1. Click on the "Next" button.
2. See the below image for more details: 


SELECT SERVER ROLES

1. Network Policy and Access Service.
2. Click on Add Features.
3. See the below image for more details:


NETWORK POLICY AND ACCESS SERVICES 

1. Click on "Next" button
2. See the below image for more details": 


FEATURES 
1. Click on the "Next" button.
2. See the below image for more details: 


CLICK NEXT 


SELECT ROLE SERVICE 

1. Check the option "Network Policy Server".
2. See the below image for more details:


CONFIRM INSTALLATION SELECTIONS 

1. Click On Install button.


INSTALLATION PROGRESS 

1. Installation start after click on the "Install" button.
2. Click on "Close" button, when installation finished.
3. See the below image for more details: 


ROLE INSTALLED SUCCESSFULLY
  • Roles installed successfully.
  • Open NPS (Network Policy Server).

AT THE END 
  • This is how we can install the "Network Policy and Access Services" (NPAS) on windows server 2012 server.
  • This tutorial is helpful for network administrator.
  • Keep following "SERVER PRACTICE" for more tutorials.

THIS  TUTORIAL IS JUST FOR EDUCATIONAL PURPOSE ONLY/-