IT Consulting
IT Consulting
WPScan is a tool designed to test the security of a WordPress web site.
To use it, simply type:
wpscan --url <websitetocheck>Adding -e u parameter it will try to find also users
wpscan --url <websitetocheck> -e uIt’s possible to use also brute force to guess users and password using –usernames <filenameWithUserList> –passwords <filenameWithpasswordList>
If you already know the username: -u <username> -P <filenameWithpasswordList>
The HTTP cache directive must be executed by all the devices in the chain (firewall, server, client, db,…) that manage the request/response
The directive in included in the HTTP header as:
Cache-Control: "directive-1, directive-2,..."For instance:
Cache-Control: "private, max-age=60"It is useful to manage
It is useful for
Private means to not cache on the intermediate nodes, but only in the client
Public means cache everywhere
Used with sensitive data for which they should not be cached at all
With the no-cache directive the server will respond with new fresh data, and the data will not be cached.
The Etag directive represents the hash of the response body, and the client will send it back to the server in order, for the server, to check if the data that have been sent previously to the client are the same of the data that it is going to send again.
In this case the server sends back a 304 (not changed) status code. If the data is changed the server will reply with the 200.
It’s the time, in seconds, for which the cache will be valid
We need now a container that should be able to execute a spring boot application (jar) and a linked mysql db.
For this we need a docker compose file and a Dockerfile
FROM openjdk:11
COPY ./app ./app
CMD java -Djava.net.preferIPv4Stack=true -jar /app/JavApp.warIn this example we use the java version 11 (openjdk)
Then we copy all file (actually only the jar file) from our local folder (./app) to the container folder (/app)
Finally we execute the command line to execute the jar file, adding also some java parameter
version: "3.8"
services:
mysqldb:
image: mysql
environment:
MYSQL_ROOT_PASSWORD: thisIsTheRootPwd
MYSQL_DATABASE: fconsulting
MYSQL_USER: fconsuser
MYSQL_PASSWORD: fconspassword
ports:
- "3306:3306"
volumes:
- ./dbdata:/var/lib/mysql
app:
depends_on:
- mysqldb
build:
context: .
dockerfile: Dockerfile
ports:
- 8081:8080
environment:
JDBC_CONNECTION_STRING: 'jdbc:mysql://mysqldb:3306/fconsulting?allowPublicKeyRetrieval=true&useSSL=false'
JDBC_PWD: 'fconspassword'
JDBC_USER: 'fconsuser'
ClientId: '...'
ClientSecret: '...'
mongourl: 'mongodb+srv://...'
stdin_open: true
tty: trueIn the same folder of Dockerfile we have our docker compose yaml file. The most intersting part is the environment field in which we specify all the system props needed by our java application
In this article we saw, in general, which HTTP methods and status code to use in CRUD operation.
Now let’s see better which http status code to use in our API.
There are more than 70 status code, but I suggest to use only the common ones.
| HTTP Status code | When to use |
| 200 OK | all GET, PUT, DELETE |
| 201 Created | after insert (POST) |
| 400 Bad Request | Client wrong params |
| 404 Not Found | during a GET and the object is not found |
| 401 Not Authorized | |
| 403 Forbidden | |
| 500 Internal Server Error | in every back end issue |
{ text: "message", timestamp: new Date(), method: httpMethod, endpoit: endpointInformation, errors: [ { code: codeSpecificApplication, text: "errorMessage", hints: ["hints to help the user", "hint 2", ...], info: "Link to more info" } ], payload: {request payload} (optional, just for debug) }
Create a new file named docker-composer.yml
version: "3.8"
services:
php:
container_name: php8apache
image: php:8.1-apache
volumes:
- ./html:/var/www/html
ports:
- 8080:80
version: “3.8” is the docker compose version to use
services: is the section where to specify all the pieces of our composition
php: is the service name, you can name it as you want
container_name is an optional filed in which you specify the name of this service container
image: php:8.1-apache, means that our service will be implemented starting from php image and version 8.1-apache
volumes: – ./html:/var/www/html in this case we are associating our local folder ./html to the container folder /var/www/html
ports: – 8080:80 we are binding the local port 8080 to the container port 80
To execute the container with docker compose let’s type the following code:
docker-compose up -dAfter it finishes to download artifacts we can try to reach the address http://localhost:8080
Try to personalize the index.php page in the folder ./html adding a index.php file
At the bottom of our docker yaml file we should add a new mysql service:
version: "3.8"
services:
php:
container_name: php8apache
image: php:8.1-apache
volumes:
- ./html:/var/www/html
ports:
- 8080:80
depends_on:
- mysql
mysql:
image: mysql
environment:
MYSQL_ROOT_PASSWORD: thisIsTheRootPwd
MYSQL_DATABASE: fconsulting
MYSQL_USER: fconsuser
MYSQL_PASSWORD: fconspassword
ports:
- "9906:3306"We added the mysql section defining environment parameters and ports to map
The image used is mysql (:latest)
Moreover we added also the depend_on parameter in the php section, because our php service depends on the mysql service to work.
But that is not enough, because, like we would do in a normal environment, we need to install in our container also the php library to make php work with mysql.
To do so we need a Dockerfile in which we specify the php-apache version + the libraries we need.
So create a Dockerfile in the same folder of docker-compose.yaml (actually you can create this docker file wherever you want) and put this code:
FROM php:8.1-apache
RUN docker-php-ext-install mysqli && docker-php-ext-enable mysqli
RUN apt-get update && apt-get upgrade -yFROM php:8.1-apache is the image that we already specified in the docker-compose file
RUN … are the linux commands to download libraries and download updates
Because we are using a Dockerfile to download the image we should update the docker compose file removing, from php section, the “imagine” section replacing it with the docker section:
version: "3.8"
services:
php:
container_name: php8apache
build:
context: .
dockerfile: Dockerfile
volumes:
- ./html:/var/www/html
ports:
- 8080:80
depends_on:
- mysql
mysql:
image: mysql
environment:
MYSQL_ROOT_PASSWORD: thisIsTheRootPwd
MYSQL_DATABASE: fconsulting
MYSQL_USER: fconsuser
MYSQL_PASSWORD: fconspassword
ports:
- "9906:3306"in the build section we specify from which dockerfile to read the imagine and eventually all the other instruction to build our layer.
Now it’s ok.
What is MySql without PhpMyAdmin? Nothing! đ
So let’s add PhP My Admin to the docker compose:
version: "3.8"
services:
php:
container_name: php8apache
build:
context: .
dockerfile: Dockerfile
volumes:
- ./html:/var/www/html
ports:
- 8080:80
depends_on:
- mysql
mysql:
image: mysql
environment:
MYSQL_ROOT_PASSWORD: thisIsTheRootPwd
MYSQL_DATABASE: fconsulting
MYSQL_USER: fconsuser
MYSQL_PASSWORD: fconspassword
ports:
- "9906:3306"
phpmyadmin:
image: phpmyadmin
ports:
- '8090:80'
environment:
PMA_HOST: mysql
depends_on:
- mysqlimagine: phpmyadmin (:latest) is the original phpmyadmin imagine from docker hub
ports: – ‘8090:80’, I chose 8090 but feel free to use whatever port you want
environment: PMA_HOST, mysql it is the reference to which db to use with phpmyadmin
depends_on: – mysql, this service depends on mysql server
To access with phpmyadmin use root as user and the MYSQL_ROOT_PASSWORD as password.
That’s it
There are different tools that can discover devices connected on the same network.
The simpler one is netdiscover.
Let’s check our subnet before. Type, so
ifconfigto discover our ip address and so our subnet
let’s say that our ipaddress is 192.168.1.10
Our subnet is 192.168.1 so all the other device connected on the same subnet are in the following range
192.168.1.0/24 <== it means from 192.168.1.0 to 192.168.1.254
To discover all the other devices connected to the same subnet using netdiscover, type:
netdiscover -r 192.168.1.0/24The result will show you the list of all devices connected:
Currently scanning: Finished! | Screen View: Unique Hosts33 Captured ARP Req/Rep packets, from 12 hosts. Total size: 2094IP At MAC Address Count Len MAC Vendor / Hostname192.168.1.1 e4:8f:34:37:ba:04 20 1200 Vodafone Italia S.p.A.
192.168.1.12 3c:22:fb:b8:8c:c6 1 60 Apple, Inc.
192.168.1.4 5a:92:d0:37:82:da 1 60 Unknown vendor
192.168.1.7 c8:6c:3d:96:65:96 1 174 Amazon Technologies Inc.
192.168.1.6 74:d4:23:c0:e4:88 2 120 Unknown vendor
192.168.1.9 7c:8b:ca:1b:d8:31 1 60 TP-LINK TECHNOLOGIES CO.,LTD.
192.168.1.3 20:f4:78:1c:ed:dc 1 60 Xiaomi Communications Co Ltd
192.168.1.15 7c:8b:ca:1b:d8:31 1 60 TP-LINK TECHNOLOGIES CO.,LTD.
192.168.1.2 80:35:c1:52:d8:e3 1 60 Xiaomi Communications Co Ltd
192.168.1.13 38:1f:8d:ed:70:d2 1 60 Tuya Smart Inc.
192.168.1.11 80:0c:f9:a2:b0:5e 1 60 Amazon Technologies Inc.
192.168.1.124 b8:27:eb:26:8c:04 2 120 Raspberry Pi FoundationThe netdiscover tool can show ipaddress, mac address and the vendor of the device.
A most powerfull tool is nmap
nmap stands for Network MAPping, and is a tool, like netdiscover, that can find devices in your network but will show more information than netdiscover, like open port, services, OS version, …
The visual interface tool for nmap is Zenmap
With Zenmap you can choose graphically which comman on nmap to use.
With Zenmap you can choose different type of scan, for instance, and it basically translate your choose in a nmap command.
For instance, if you choose a °quick scan plus° choise it will execute the command
nmap -sV -T4 -O -F --version-light 192.168.1.1/24
with nmap you can scan a single website or multiple as well, to check port and services exposed
for instance to check google open port and service you can type
nmap google.comsudo nmap -sA <ipadress>sudo nmap -sL <ipadress>We use âsLâ option to find hostnames for the given host by completing a DNS query for each one.
Basically you should follow these principles:
Use the correct HTTP method
Use the correct HTTP status code
| HTTP method | Operation |
| POST | Create (or all NOT idempotent operations) |
| GET | Read or Retrieve |
| PUT | Update all fields of a resource (basically replace it) |
| PATCH | Update only part of a resource |
| DELETE | Delete |
| HTTP status code | Description | Example |
| 1xx | Informational | 100 Continue |
| 2xx | Success | 200 OK |
| 3xx | Redirection | 307 Temporary Redirect |
| 4xx | Client Error | 404 Not Found |
| 5xx | Server Error | 500 Internal Server Error |
A Container ia basically an Image that is executed.
To execute a container you can use the following command:
docker container run [OPTIONS] <imagename> [COMMAND] [ARG]where
[OPTIONS], is the flags used to execute the command
[COMMAND] is the instruction that you could execute the container if we don’t like the default command inside the image
[ARG] is the param that we can pass to the container
First of all Docker tries to find the image locally. If it doesn’t find it it serach into Docker hub.
If we don’t specify a tag the “latest” will be used.
And finally we have our container!
Docker will assign a virtual IP in the private network of the container. After that the binding will be executed
To see all important aspects let’s instantiate a nginx container sing 1.19.5-alpine image
P.S.: Alpine is a Linux distribuition
docker container run -it --rm -d -p 8080:80 --name web nginx:1.19.5-alpinewhere:
-it, is a combination of -i and -t, where -i means interact with the standard input and -t interact with the container with a tty interface
-rm, the container will be automatically deleted once terminated
-d, once instantiated the execution will be in background mode
-p 8080:80, the container port 80 will be linked to the 8080 port of the host
–name web, give the “web’ name to the container
once executed you can reach the server at the address http://localhost:8080
In order to associate a local volume (folder) to a container folder we need to add a param in our command line which map our local folder to container folde:
-v /your/local/folder:/container/folder
So the new complete command line will be:
docker container run -it --rm -d -p 8080:80 --name web -v /your/local/folder:/container/folder nginx:1.19.5-alpineIn our specific example, we would point the container folder /usr/share/nginx/html, in which there is the html folder for nginx to our local, previously created, folder /Users/xxx/nginx/html, to override that specifi folder
docker container run -it --rm -d -p 8080:80 --name web -v /Users/xxx/nginx/html:/usr/share/nginx/html nginx:1.19.5-alpineMAC stands for Media Access Control.
It is a Permanent, Physical, Unique (in the world) “code” assigned to a physical object that allows to connect to a network. This code is the address assigned by the device manufacture.
A MAC address is something like this:
00:11:22:33:44:55
It’s composed by 6 octets. First 3 represent the company that made the device (Organizationally Unique Identifier). The other 3 represent are assigned by the producer and has to be unique inside it.
This address never changes. It will be always the same.
The mac address is used to identify devices on the network.
So every packet that is sent in the network has a source MAC address and a destination MAC address.
first of all let check which network interface we have. Let’s execute the following commanf:
ifconfigThe result will contain all your network interfaces.
The MAC address is the code just after the ether label, and it is in the form like xx:xx:xx:xx:xx:xx
In order to change it first we must disabled that interface, with the following command:
ifconfig <interfacename> downThen we change the MAC address specifying that we want to change the hardware address “hw ether
ifconfig <interfacename> hw ether 00:11:22:33:44:55Finally we eneble the network interface
ifconfig <interfacename> upThe original MAC address is back once the device is restarted
To invoke a REST AP you need an endpoint or url.
A url consists of multiple parts.
Don’t use verb but just resource name. For instance, don’t use /getItems but simply /items
Specify resource name as plural
Actions are operation that we ask the system to perform, but they are not CRUD.
/estimates or /buy or /print and so on.
They are mainly POST and PUT, but we may have GET for search actions followed by the parameters for the search
Associations are resources that contain other resources.
In these cases the rest endpoint could be nested. For example
/items/{id} returns the item details, and /items{id}/reviews or items{id}/photos to return other resources contained in the main item resource
To get a single resource contained in another resource the we will add as last parameter the id of the subresource. For instance items{id}/photos/{idPhoto}
Avoid deep nesting, let’s say 3 levels