GoSecure wrote up a new PHP exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, it’s possible to bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.
Windows PowerShell (“PS” for short) is an important tool in Windows Server for administrators. You can use PowerShell for Windows Server administration, software installation, automation, and shell/command-line scripting. Here is a small and simple introduction to Windows PowerShell.
Last weekend I had to update my girlfriends laptop from Windows 8.1 to Windows 10. Some might say, an easy task. Well, it wasn’t. After downloading the Windows 10 update through Windows Update, Windows Update returned errors 0xc1420127 and 0xc190010b (even using the Windows 10 media creation tool), and as always there are many reasons for these errors. In this short post, I’ll provide some possible solutions and tips.
This whitepaper is written by Romain Serre and Charbel Nemnom which describes Microsoft Hyper-Converged solution in Windows Server 2016 using Storage Spaces Direct, Hyper-V and network technologies. The second part of this document shows an example of this implementation.
Here’s a PowerShell script, by Microsoft’s Dave Browne, to install SQL Server Express Edition and restore a database from a commmand line. It’s intended to be used as part of an installation script for an application that needs a local SQL Express instance. But it also demonstrates several SQL Server and Powershell interop features like handling InfoMessages from the server, dealing with resultsets, embedding TSQL commands with Powershell Here Strings.
Just stumbled upon the Threads in C# blogpost on CsharpStar. The post gives a nice introduction into what threads in the .NET Framework are, and how to use .NET Thread Class (System.Threading.Thread namespace) for multi-threading, foreground- and background threads and so on.
Securify reports: A DLL side loading vulnerability was found in the .NET Framework version 4.6 when running on Windows Vista or Windows 7. This issue can be exploited by luring a victim into opening an Office document from the attacker’s share. An attacker can use this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet. This issue can be exploited even if the Office document is opened in Protected View.
Learn how to install Microsoft SQL Server Driver for PHP 5.6 and PHP 7, to easily use an SQL Server database back-end for your PHP website. If you want to communicatie with an SQL Server database from PHP you need to rely on some additional software and PHP extensions. This post walks you through the steps necessary to install the SQL Server driver and SQLSRV extension for PHP 5.6 and PHP 7, on Windows Server IIS of course.
WordPress DB Cache Reloaded Fix revived! After no updates for years, I decided to fork and revive the popular DB Cache Reloaded Fix plugin for WordPress. It’s still in development, but usable. This post is the plugin’s Plugin URI, stay updated on plugin development here!
To regularly optimize my WordPress database tables, I created a small plugin that utilizes the WordPress Cron feature. This comes in handy to perform database optimization for WordPress on a regular basis, without forgetting about it. Just activate and enjoy. And here is the plugin code …
Optimized WordPress hosting is a subject on which a lot is written about. And therefore, this post is not about where to host your WordPress blog, or who offers the best WordPress hosting. This post is for you developers, what you can do to optimize your WordPress hosting. Or for any other PHP web application for that matter. This post is not about setting up high-availability, fail-over, clustering, IIS versus Nginx versus Apache, RAID 1, 5, 6, 10, different types of storage, and so on. It’s about solving performance issues.
Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your website with this web.config file!
Fix the URL Rewrite error
"Rewrite error: Expression contains a repeat expression" on Windows Server IIS.
Sjoerd Langkemper writes about Cracking PHP rand():
Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling
rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with
Long story short: using recursive
scp -r, symbolic links aren’t preserved and are copied as if they are normal directories. So you have to look for another solution to recursive transfer symlinks over ssh. Here is one: Tar over ssh!