search
top
Jun 14, 2020 Posted in blog, Linux, Quick Tips, Tutorial

CentOS 8 – Setting up a LAMP environment

CentOS 8 – Setting up a LAMP environment

Welcome back again to another Stealthbay blog. So this week I was trying to setup a LAMP (linux, apache, mariadb, php) setup to test out some web apps. And, I thought I’d post a quick tutorial on what I did to set one up. Hopefully, it helps someone else out there to setup one very quickly using CentOS 8.

Note – I was using CentOS 8 on VMWare 15.5 and noticed there is an issue. Make sure you do not power the machine on right away. Go to the hardware settings on the VM and remove the “autostart.inf” it shows up as a CD/DVD drive. This is the easy install option and it messes up the installation.

Read more Of This Post
Apr 6, 2018 Posted in blog, Information Security, pen testing, Tools

Wappalyzer – Identify technology on websites

Wappalyzer – Identify technology on websites

Wappalyzer – Identify technology on websites

During one of my SANS vLive courses I am currently taking part in. My instructor introduced us to a nifty tool called Wappalyzer. He said he does use it as “one” of his tools of arsenal for pentesting servers and websites. I decided to take a look for myself since it wasn’t part of our SANS course. And, when you have a SANS instructor discussing a tool they use… well you just can’t go wrong by checking it out for yourself.

Finding technologies on a website

One of the most important aspects of pen testing online is to conduct proper recon. You need information to be able to devise a plan to more forward with the pen test. Information gathering is key and Wappalyzer can definetly help with recon. I decided to use Stealthbay.com as an example to see what type of technologies would show up. (more…)

Dec 12, 2016 Posted in Encryption, Information Security, Quick Tips, Tutorial

Forcing HTTPS on Websites (.htaccess)

Forcing HTTPS on Websites (.htaccess)

HTTPS Site Wide

So, I wanted to write up a quick tutorial on using HTTPS globally or on certain directories of a website.

I had a friend asking me about how they could force HTTPS throughout their whole website. So, I listed a tutorial below to do so and he was able to accomplish HTTPS site wide.

Now, there are multiple ways this can be achieved. In the case of my friend he was on a shared hosting web server. Therefore,  shared webhosting users normally will not have access to modify the apache config files.

So that leaves us with a simple solution (htaccess) that all users can make use of fairly easily. All it required is a file edit or creation of a file and the ability to FTP or upload it to your web root directory.

What is an htaccess file?

(more…)

top