Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Page 6 of 20

AppCmd introduction and examples

The AppCmd command is your one-stop-shop for administering Windows Server IIS web servers. In combination with WinRM it’s your Swiss Army knife for your daily routine. This post introduces appcmd and provides you with a lot of helpful appcmd examples.

Continue reading

Ghost on IIS with HTTPS, how to resolve a “Too many redirects” error

When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s config.js file. This happend to me yesterday, and here is the solution.

Continue reading

XSS Vulnerability in Wordfence 6.1.1 to 6.1.6

Security researcher Kacper Szurek reported a reflected XSS vulnerability in the current version of Wordfence. The CVSS scoring mechanism rates the severity of this XSS vulnerability as medium. A Wordfence update 6.1.7 is released to address the XSS vulnerability.

Continue reading

WordPress 4.5.2 Security Release

WordPress 4.5.2 – a security release – is just released tonight. WordPress 4.5.2 fixes a vulnerability through Plupload, the third-party library WordPress uses for uploading files.

Continue reading

ImageMagick Is On Fire –  CVE-2016-3714

TL;DR: There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

Continue reading

Get current number of FTP client connections (NonAnonymous) with PowerShell and Get-Counter

Ever wanted to know the current number of active FTP client connections on your Windows Server FTP Service? You can get this statistic using PowerShell, the Get-Counter cmdlet and the Microsoft FTP Service Current NonAnonymous Users performance counter.

Continue reading

Binary webshell through OPcache in PHP 7

GoSecure wrote up a new PHP exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, it’s possible to bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.

Continue reading

Simple PowerShell introduction for Windows Server administration, automation and scripting

Windows PowerShell (“PS” for short) is an important tool in Windows Server for administrators. You can use PowerShell for Windows Server administration, software installation, automation, and shell/command-line scripting. Here is a small and simple introduction to Windows PowerShell.

Continue reading

Windows Update error 0xc1420127 and 0xc190010b when upgrading Windows 8.1 to Windows 10

Last weekend I had to update my girlfriends laptop from Windows 8.1 to Windows 10. Some might say, an easy task. Well, it wasn’t. After downloading the Windows 10 update through Windows Update, Windows Update returned errors 0xc1420127 and 0xc190010b, even using the Windows 10 media creation tool. And as always there are many reasons for these errors. In this short post, I’ll provide some possible solutions and tips.

Continue reading

Understand Microsoft Hyper Converged Solution

This whitepaper is written by Romain Serre and Charbel Nemnom which describes Microsoft Hyper-Converged solution in Windows Server 2016 using Storage Spaces Direct, Hyper-V and network technologies. The second part of this document shows an example of this implementation.

Continue reading

Installing SQL Server Express and Restoring a Database With Powershell

Here’s a PowerShell script, by Microsoft’s Dave Browne, to install SQL Server Express Edition and restore a database from a command line. It’s intended to be used as part of an installation script for an application that needs a local SQL Express instance. But it also demonstrates several SQL Server and Powershell interop features like handling InfoMessages from the server, dealing with resultsets, embedding TSQL commands with Powershell Here Strings.

Continue reading

Threads in C#

Just stumbled upon the Threads in C# blogpost on CsharpStar. The post gives a nice introduction into what threads in the .NET Framework are, and how to use .NET Thread Class (System.Threading.Thread namespace) for multi-threading, foreground- and background threads and so on.

Continue reading

.NET Framework 4.6 allows side loading of Windows API Set DLL

Securify reports: A DLL side loading vulnerability was found in the .NET Framework version 4.6 when running on Windows Vista or Windows 7. This issue can be exploited by luring a victim into opening an Office document from the attacker’s share. An attacker can use this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet. This issue can be exploited even if the Office document is opened in Protected View.

Continue reading

How to install Microsoft’s SQL Server Driver for PHP

In this article I’ll show you how to install the Microsoft SQL Server Driver for PHP 7+. This makes the use of an SQL Server database back-end for your PHP website easy. If you want to communicatie with SQL Server using PHP you need to rely on some additional software and PHP extensions. This post walks you through the steps necessary to install the SQL Server driver and SQLSRV extension for PHP 7+, on Windows Server IIS of course.

Continue reading

Optimize WordPress MySQL tables through Cron, behind the scenes

To regularly optimize my WordPress database tables, I created a small plugin that utilizes the WordPress Cron feature. This comes in handy to perform database optimization for WordPress on a regular basis, without forgetting about it. Just activate and enjoy. And here is the plugin code …

Continue reading
« Older posts Newer posts »