March 2017 Archives

How to enable remote debugging of J2EE application running on Tomcat

- Change and sdd the following codes to $CATALINA_HOME/bin/

# exec "$PRGDIR"/"$EXECUTABLE" start "$@"
export JPDA_ADDRESS=${TomcatServerIP}:8000
exec "$PRGDIR"/"$EXECUTABLE" jpda start "$@"

- Restart tomcat

- In Debug Configurations of Eclipse,
- Create new "Remote Java Application",
and set Host and Port to ${TomcatServerIP} , 8000

- Set break point and start debugging

How to Install multipul versions of php using phpenv


Tested in Cent7 + php 5.4.45(default)
Adding php 7 using phpenv.

git clone git:// ~/.phpenv/plugins/php-build
echo 'export PATH="$HOME/.phpenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(phpenv init -)"' >> ~/.bashrc
exec $SHELL -l
phpenv install -l
phpenv install 7.1.3

--> Build error

- Install nesessary packages

yum install openssl-devel
yum install libcurl
yum install curl-devel 
yum --enablerepo=epel install libmcrypt

- Install mcrypt

yum install gcc-c++
tar zxvf re2c-0.16.tar.gz 
cd re2c-0.16/
make install

yum install --enablerepo epel libmcrypt-devel
yum install readline-devel
yum install libtidy
yum install --enablerepo epel libtidy
yum install --enablerepo epel libtidy-devel
yum install libxslt
yum install libxslt-devel
yum install autoconf
yum install automake
phpenv install 7.1.3

--> Success

# phpenv versions


How to implement RSS Server using Tiny Tiny RSS

- Download tt-rss
git clone tt-rss

chown -R apache:apache tt-rss/
mv tt-rss/ /var/www/html/html/

- Create DB

mysql> create database ttrss;
mysql> create user ttrss identified by 'pass';
mysql> grant all on ttrss.* to ttrss@localhost identified by 'pass';

- Install

--> Install mbstring see:

- Initial setting

Initial ID/Pass:
admin	/	password

- Register feeds

- Change permissions

[root@gamzatti tt-rss]# chmod -R 777 cache/images
[root@gamzatti tt-rss]# chmod -R 777 cache/upload
[root@gamzatti tt-rss]# chmod -R 777 cache/export
[root@gamzatti tt-rss]# chmod -R 777 cache/js
[root@gamzatti tt-rss]# chmod -R 777 feed-icons
[root@gamzatti tt-rss]# chmod -R 777 lock

[fmariko@gamzatti ~]$ cd /var/www/html/html/tt-rss/
[fmariko@gamzatti tt-rss]$ ls -ltr
合計 240

-rw-r--r-- 1 apache apache 8292 3月 6 06:33 2017 config.php

drwxrwxrwx  2 apache apache  4096  3月  6 06:33 2017 feed-icons
drwxrwxrwx  2 apache apache  4096  3月  6 06:33 2017 lock

- Update feeds

php update.php --feeds


How to protect Java based web application using mod_security

- Install mod_security

yum install mod_security

httpd -M | grep security
security2_module (shared)

--> mod_security is loaded.

- mod_security Settings


SecRuleEngine On		-->enacle (choise this)
SecRuleEngine Off		-->disable
DetectionOnly             --> Detection Only

- Create rules

SecRule REQUEST_HEADERS "OgnlContext|OgnlUtil" 

- (Install mod_proxy)

[root@struts-sv modules]# ls /etc/httpd/modules/mod_proxy*

--> and are installed by default.

- mod_proxy Settings

- (Load mod_proxy in httpd.conf)

LoadModule proxy_ajp_module modules/

[root@struts-sv modules]# httpd -M | grep proxy
Syntax OK
 proxy_module (shared)
 proxy_ajp_module (shared)

--> and are loaded by default.

- Proxy requests to ajp in httpd.conf

ProxyPass /struts2-showcase-2.3.31/ ajp://localhost:8009/struts2-showcase-2.3.31/

Above example, a request to http://hostname/struts2-showcase-2.3.31/ is forwardes to
http://hostname:8080/struts2-showcase-2.3.31/ via 8009(ajp).

- Restart httpd and tomcat

- Access Struts URI via http port (80) containing malicious requiest
e.g. http://hostname/struts2-showcase-2.3.31

- Request is denied by mod_security

Message: Access denied with code 403 (phase 2). Pattern match "OgnlContext|OgnlUtil" at 
REQUEST_HEADERS:Content-Type. [file "/etc/httpd/modsecurity.d/activated_rules/cve-s2-045.conf"]
[line "1"] [id "001"] [msg "attack"]

- Summary of vulnerabiliry

- When a request is conducted to Strunts application, built-in ServletFilter is executed.

   If content_type contains the strings "multipart/form-data",
org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest#parse() is called.
   (which is built in default parser of Struts core)
   So, if we don't modify the defaut settings of parser, attackers can reveledging the 
vulnerability by sending crafted requests contains multipart/form-data in content_type.

- The cause of the vulnerabiliry is the follwing:

     In processs of JakartaMultiPartRequest#parse(), an Exception is thrown and 
buildErrorMessage() is called if content_type is invalid format.
     During handling Exception object in buildErrorMessage(), malicious OGNL specified 
in content_type is executed, which leads to arbitory code execetion.

- Mitigation

- Reject malicious request by using ServletFilter or WAF.

    The following is an example of ServletFilter which retuns server error against malicious 
Content-Type containing OGNL expression.


    public void doFilter(ServletRequest request, ServletResponse response,
           FilterChain chain) 
           throws, javax.servlet.ServletException

        System.out.println("Servlet Filter: "+this.getClass().getName()+"Called.");
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        String contentType = httpRequest.getHeader(CONTENT_TYPE);
        String uri = httpRequest.getRequestURI();
        BufferedReader reader = null;
        String body = "";
        	reader = httpRequest.getReader();
        	Stream lines = reader.lines();
        	body = lines.collect(Collectors.joining("\r\n"));
        } catch (IOException e) {
        	// skip filter
        	chain.doFilter(request, response);
        } finally{
        Pattern p = Pattern.compile(SIGNATURE_OGNL);
        if (contentType!=null && !contentType.toLowerCase(Locale.ENGLISH).startsWith(MULTIPART) && 
        	System.out.println("Malicious Content-Type:"+contentType);
        	throw new ServletException(ERROR_INVALID_REQUEST);
        } else if (p.matcher(uri).find()){
        	System.out.println("Malicious URI:"+uri);
        	throw new ServletException(ERROR_INVALID_REQUEST);
        } else if (p.matcher(body).find()){
        	System.out.println("Malicious Request body:"+body);
        	throw new ServletException(ERROR_INVALID_REQUEST);
        chain.doFilter(request, response);

Example of Servlet filter


- Switch parser for multipart/form-data from JakartaMultiPartRequest to another.

     In 2.3.18 later, JakartaStreamMultiPartRequest is available. 
     We can switch parser by setting the following property in struts configuration 
(e.g. struts.xml)
     <constant name="struts.multipart.parser" value="jakarta-stream" />
     Then the follwing class is executed instead of JakartaMultiPartRequest:


Selenium Web Driver for python

- Install required modules

pip install selenium
pip install pyvirtualdisplay
yum -y install xorg-x11-server-Xvfb

- Update firefox to the latest

tar xvf firefox-51.0.1.tar.bz2 
mv firefox /opt/
ln -s /opt/firefox/firefox /usr/local/bin/firefox

# /usr/local/bin/firefox -v
Mozilla Firefox 51.0.1

- Create test code

# cat 
from selenium import webdriver
from pyvirtualdisplay import Display

def readURL(filename):
    f = open(filename)
    lines = f.readlines()
    return lines

lines = readURL("url.txt") 
for line in lines:

    display = Display(visible=0, size=(1024, 768))
    driver = webdriver.Firefox()
    html = driver.page_source.encode('utf-8')
               # required for closing browser

yum remove mariadb-libs
ls /var/lib/mysql/
rpm -qa | grep mariadb
rpm -qa | grep mysql

yum localinstall
yum repolist all | grep mysql
yum -y install yum-utils
yum-config-manager --disable mysql57-community
yum-config-manager --enable mysql56-community
yum repolist all | grep mysql
yum info mysql-community-server
yum -y install mysql-community-server
which mysqld
mysqld --version
systemctl status mysqld
systemctl start mysqld
mysqladmin -u root password 'root'

About this Archive

This page is an archive of entries from March 2017 listed from newest to oldest.

February 2017 is the previous archive.

April 2017 is the next archive.

Find recent content on the main index or look in the archives to find all content.