Our last post can be found here, where we described why did we chose DRBD along with heartbeat, lighttpd and NFS. It is recommended to read that first to have idea why we are setting up this.
In this article i will explain how to configure it step by step. This is copy, paste HowTo you will need to replace the IPs and other information according to your requirements.
Example scenario :
node1.hackersgarage.com - 192.168.0.61
node2.hackersgarage.com - 192.168.0.62
LAN Virtual IP for NFS Service
Virtual IP for LAN - 192.168.0.63
Internet Virtual IP for Lighttpd Service
static.hackersgarage.com - 75.127.109.111
Few months back we posted Apache Range Byte flaw named ‘KillApache’ where we posted a perl script that can be use to freeze Apache web server in seconds(We have tested it) This time Miroslave Stampar(Co-Author of SQLMap tool) written this tool with few extended features in python scripting language named it ‘KillApachePy’
In this article we will discuss how can you build a high availability storage solution to store your static data.
Case :
Client is running a business portal that have approx. 300-500 MB data uploads per day. There was NFS Storage server which had 500 GB drive which was running out of space. This Server was also running lighttpd web server to provide access for users to view these files.
Problems :
No Failover. (Except offline backup)
When ever server gets done, Users are unable to upload data.
Users are unable to access their data because lighttpd was also running on same server.
Network Miner 1.1 is a Network Forensic Analysis Tool that can be used to capture packets in order to detect sessions, plain text logins(user,password), hosts, open ports, certificates and dozen of other features that can be only viewed when you install it. It also support Offline analysis of PCap files that i captured using different tools/Operating systems.
Our previous post about Network Miner 1.0 can be viewed for the detail description. How ever this post is about Network Miner 1.1 release.
Network Miner 1.1 ChangeLog Summary :
Google Analytic’s parameters (Screen resolution,language,browser and other info) in Network Miner under ‘Host Details’.
Drag n Drop pcap files directly, make sure Networkminer 1.1 is running
Provide PCap files as a arguments using CLI interface.
Improvements for SMB/CIFS and NetBIOS.
Point-to-Point Protocol (PPP) frames Support in PCap data files.
FBPwn is releasing new version very quickly. What we believe, It is because of the tool has some outstanding features that given developers a new thought, how facebook data can be accessed with different ways. Our previous post regarding FBPwn Beta – 0.1.4 was in detail about its strength and HowTo use it.
FBPwn Beta - 0.1.5 version contain new FEATURES and one FIX.
FBPWN is a crossplateform java based Facebook profile dumper developed by Information Security Analyst team from RISST, released under GPL License. This tiny but worth full application is still in beta phase but can do plenty of usefull jobs for you
How FBPwn works?
FBPwn sends requests to your facebook friends/polls and wait for the acceptance notification. Once your target(victim) accepts friend request, it dumps all info that includes everything(username,email,friends list, etc) it is visible.
What if your victim UnFriend/Delete from friend list you?
This application is super fast and it fetches data rapidly as soon victim access requests. It will dump all victim information including username, email, friend list, photos and other info. So it doesn’t matter if victim figures out it as a fake account because it is too late
Crawl Facebook Contact list, profiles that contain email addresses and build a
mailing list of million emails contact by writing a small piece of bash script.
How to use FBPwn?
As we said, it is cross platform so it can be run on any operating system that have java installed. In our example, i am using it on BackTrack Linux.
wget http://fbpwn.googlecode.com/files/FBPwn-beta-0.1.4.zip
unzip FBPwn-beta-0.1.3.zip
cd FBPwn-beta-0.1.3
./run.sh
We have shoot FBPwn Video Tutorial. It covers how can you use this application. But due to codecs we could not upload it youtube. that will be posted soon. Stay tune.
Update – 15th Sep, 2011:
Sorry guys we couldn’t convert it, ofcourse we tried few times but failed . So STOP sending Video tutorial REQUESTS emails.
Download FBPwn Video Tutorial directly from
https://rapidshare.com/files/507532677/FBPwn-Video-Tutorial.ogv
Our last post can be found here, where we described why did we chose DRBD along with heartbeat, lighttpd and NFS. It is recommended to read that first to have idea why we are setting up this.
