Information Security

weevely – Backtrack 5 – Maintaining Access – Web Backdoors – weevely

Need a quick way to generate a PHP backdoor for a compromised server you want to come back to later, then weevely is your application. I was pleasantly surprised when I started playing around with weevely in more detail as it provides a ton of built in functionality and does a lot more than I initially though that weevely did. The weevely application is built using Python and its current version on Backtrack 5 R3 is weevely v0.7. The weevley.py Python script is located in the /pentest/backdoors/web/weevely directory and some of its uses are described in more detail below.

Technology Insights

F5 BIG-IP: Resource Provisioning Settings: Dedicated, Nominal, Minimum, None (Disabled)

When setting up a BIG-IP instance as a VM or virtual machine there were various settings that I wanted to become more familiar with and make sure I understood. F5 typically has really great documentation but some of it can be hard to locate and filtering through pages and pages of information to find a small amount of information can be a pain. I will be writing numerous articles related to specific F5 BIG-IP settings even though that same information may easily be available from the F5 support site so people searching Google can hopefully find it much quicker. Below I describe the four Resource Provisioning Settings available for the F5 BIG-IP modules.

Technology Errors

Invalid command ‘FastCGIExternalServer’, perhaps misspelled or defined by a module not included in the server configuration

I got the error below when attempting to configure a Django project to be served by FastCGI via Apache for the first time. I have configured FastCGI but it had been awhile and the server I was working with had ISPConfig installed on it and what I thought to be mod_fastcgi. Below I explain the error, my mix up, and how to resolve on a Linux server.

Technology Errors

Apache: [notice] child pid 27609 exit signal Segmentation fault (11)

After modify some Perl modules with CPAN I started getting the below errors in the Apache error_log.

Errors:
[Sun Jul 12 14:15:03 2009] [notice] child pid 4329 exit signal Segmentation fault (11)
[Sun Jul 12 14:15:27 2009] [notice] child pid 4331 exit signal Segmentation fault (11)
[Sun Jul 12 14:15:30 2009] [notice] child pid 5065 exit signal Segmentation fault (11)
[Sun Jul 12 14:15:31 2009] [notice] child pid 4339 exit signal Segmentation fault (11)
[Sun Jul 12 14:15:48 2009] [notice] child pid 10111 exit signal Segmentation fault (11)
[Sun Jul 12 14:15:48 2009] [notice] child pid 4325 exit signal Segmentation fault (11)

Technology Insights

Monarch Configuration Tips and Tricks to Manage Nagios Configuration Files

As you add services, contacts, contact groups, commands, and devices to Nagios the bulk editing begins to become very tedious. Monarch is a great tool to manage Nagios configuration(.cfg) files.  To install Monarch follow the instructions provided in the README.txt that comes with the product. Below I provide instructions to assist in that installation along with some tips and tricks that I learned along the way.

**UPDATE** I realized when reading back through this article that I had not included a download link for Monarch so click here to download Monarch to manage your Nagios configuration files.

How to Install Monarch

  1. Install Perl Modules: Install the following perl modules via the CPAN shell: CGI-Session, Class-Accessor, XML-LibXML-Common, XML-NamespaceSupport, XML-SAX, XML-LibXML-1.58, CGI, DBI, DBD-mysql, File::Copy, CGI-Ajax, Data-FormValidator, JavaScript-DataFormValidator, Carp, IO-Socket, Time-Local, and URI-Escape.First start CPAN.