sql injection – How would a beginner test security systems?

I’m a beginner on course to be an expert (hopefully) and I’ve been set assignments to test security systems on the web. The whole assignment is to prepare, test and document the results to correlate with real-life professional work. Coming from a software development background, I am logically solid on information security systems and how they work but I struggle with the practical side.

The assignment is to prepare and to pentest a log in form by SQL injection. I also have a background in website development but never understood the backend of things. What would be the best way to develop a login form with a backend database that’s susceptible to a sql injection (I’m a rookie so the easiest and most vulnerable login form would do)?.

Would I need a CMS? (This would all be in a sandbox environment)
Would I need a server for SQL?

I apologise heavily if this is very plain and makes you cringe.. but help would be great!

logging – How to test filters in syslog-ng?

I would like to send to a telegram bot any successful ssh connections so I wrote this:

filter f_ssh { facility(auth) and match("sshd" value("Accepted.+?ssh2")); };

And later:

log { source(src); filter(f_ssh); destination(d_telegram); };

Unfortunately I never receive anything and it is very cumbersome to change-config, reload, ssh to test if the filter works.

Is there anyway to test the filter before applying?

ssl certificate – Apache stops using VirtualHost and goes back to test page

I am setting up an apache server with SSL and Kerberos.

I keep making progress, but then the server suddenly decides to ignore my virtual host and the webpage switches to an invalid self-signed certificate and only loads the apache test page.

During this time it doesn’t generate any error logs because I am not actually visiting my site.

<VirtualHost *:80>
        ServerName site.my.domain.com
        Redirect "/" "https://site.my.domain.com/"
</VirtualHost>


<VirtualHost *:443>
    ServerName site.my.domain.com
    ServerAlias site.my.domain.com
    DocumentRoot /var/www/site.my.domain.comk/html
    ErrorLog /var/www/site.my.domain.com/log/error.log
    CustomLog /var/www/site.my.domain.com/log/requests.log combined
    SSLEngine on
    SSLCertificateFile /etc/ssl/private/site.cer
    SSLCertificateKeyFile /etc/ssl/private/site.key
    SSLCertificateChainFile /etc/ssl/private/chain.pem

   <Location />
        AuthName "Domain Login"
        AuthType Kerberos
        Krb5Keytab  /etc/httpd/conf.d/krb5.keytab
        KrbAuthRealms MY.DOMAIN.COM
        KrbServiceName HTTP
        KrbMethodNegotiate On
        KrbMethodK5Passwd Off
        KrbVerifyKDC off
        require valid-user
    </Location>

</VirtualHost>

I was in the middle of configuring the website to use the kerberos details being passed (which seemed to be working), when it stopped liking the certificate again.

I thought I may have broken he php website, but I reverted to a working snapshot and rebooted everything and nothing has changed.

This is the second time today and I don’t know what fixed it last time!

apache2 – Apache BasicAuth Require valid-user not working, Require user test works

I am trying to Reverse Proxy an API and protect it with BasicAuth. I have done this successfully in the past on other servers running Apache, on this server, but with Shibboleth, and on nginx.

I have 2 users configured in my .htpasswd file: test and dmaes

This is my Apache config:

<Location /v1/>
    AuthName "Restricted Content"
    AuthType Basic
    AuthUserFile "/opt/test/.htpasswd"
    Require valid-user
    ProxyPass http://127.0.0.1:8088/v1/
</Location>

I get a 401 Unauthorized with both users

If I do this:

<Location /v1/>
    AuthName "Restricted Content"
    AuthType Basic
    AuthUserFile "/opt/test/.htpasswd"
    Require user test
    ProxyPass http://127.0.0.1:8088/v1/
</Location>

I can success fully authenticate with the test user, but (obviously) not with the dmaes user.
Since the users in the .htpasswd file will a) change and b) not be managed by me, Require user x is not really an option…

I’m using Apache 2.4.29 on Ubuntu 18.04.4

c++ – how to do unit test elegant in my application

I have a application deal with graph computation. I want cover unit test on to it, but I found it is hard to do the test.

The main class is shown as follows:

  • Grid store the graph strcture

  • GridInput parse inputfile and save into Grid.

  • GridOperatorA do some operator on Grid.

  • GridOperatorB do some operation on Grid.

the production code is some thing like

string configure_file = "data.txt";
GridInput input(configure_file);
Grid grid = input.parseGrid();
GridOperatorA a;
a.operation(grid);
GridOpeartorB b;
b.operation(grid);

I found the code is hard to test.

My unit test code shown as follow

// unit test for grid input
string configure_file = "data.txt";
GridInput input(configure_file);
Grid grid = input.parseGrid();
// check grid status from input file
assert(grid.someAttribute(1) == {1,2,3,4,...,100}); // long int array hard to understand
...
assert(grid.someAttribute(5) == {100,101,102,...,200}); // long int array hard to understand
// unit test for operator A
string configure_file = "data.txt";
GridInput input(configure_file);
Grid grid = input.parseGrid();
GridOperatorA a;
a.operation(grid);
// check grid status after opeator A
assert(grid.someAttribute(1) == {1,3,,7,4,...,46}); // long int array hard to understand
...
assert(grid.someAttribute(5) == {59,78,...,32}); // long int array hard to understand
// unit test for operator B
string configure_file = "data.txt";
GridInput input(configure_file);
Grid grid = input.parseGrid();
GridOperatorA a;
a.operation(grid);
GridOperatorA b;
b.operation(grid);
// check grid status after opeator B
assert(grid.someAttribute(1) == {3,2,7,9,...,23}); // long int array hard to understand
...
assert(grid.someAttribute(5) == {38,76,...,13}); // long int array hard to understand

In my option, my unit test is not good, it have many backness

  • the unit test is slow, in order to test OperatorA,OperatorB it need to do file IO

  • the unit test is not clear, they need to check the grid status after operator, but check a lot of array is hard for programmer to understand what the array stand for. a few days later, programmer can not understand what have happened.

  • the unit test is only for one configure file, if I need to test grid from many configure file, there will be even more array hard to understand.

I have read some technique to break dependency, such as mock object. I can mock the grid read from configure file. But the mock data is just like the data store in configure file. I can mock the Grid after operatorA, but the mock data is just like the grid status after operatorA. They will also leads to a lot of array hard to understand.

I do not know how to do unit test elegant in my situation. Any voice is appreciate. Thanks for your time.

python – Django Test DoesNotExist : `matching query does not exist` error when testing functions in the models

I’m still new to the language so my implementations might not be correct. I get this error when testing the methods in my models in Django with Unit testing. The problem is that two different functions has the same implementation but only one of them triggers the error.

Can anyone explain why this happens and suggest any hints on how to resolve this?

Thank you

Here are the functions in models.py:

class Staff(models.Model):
    ------------------------
    # Get the current (latest) commission the staff has at the moment (Function 1)
    @property
    def current_commission(self):
        return Commission.objects.filter(staff=self).latest('date_applied').sale_commission

class Sale(models.Model):
    staff_id = models.ForeignKey(Staff, on_delete=models.CASCADE)
    product_id = models.ForeignKey(LemonadeProduct, on_delete=models.DO_NOTHING)
    quantity = models.IntegerField(default=1)
    date_sale = models.DateTimeField(auto_now=True)

    @property (Function 2)
    def get_staff_commission(self):
        commission = Commission.objects.filter(staff=self.staff_id, date_applied__lte=self.date_sale).latest('date_applied')
        return "%.2f" % (self.product_id.price * self.quantity * (commission.sale_commission / 100))

Here are my test cases in tests.py:

def create_commission(commission, days, staff):
    time = timezone.now() + datetime.timedelta(days=days)
    return Commission.objects.create(sale_commission=commission, date_applied=time, staff=staff)

# Create your tests here.
class StaffModelTestCase(TestCase):
    def test_current_commission(self):
        staff_1 = Staff(name='A', position='B')
        staff_1.save()

        com_1 = create_commission(10, 0, staff_1)
        com_1.save()

        # No errors in this line
        self.assertEqual(staff_1.current_commission, 10)


class SaleModelTestCase(TestCase):
    def setUp(self):
        --------------------------------

    def test_get_staff_commission(self):
        test_sale_1 = Sale.objects.get(quantity=1)
        test_sale_2 = Sale.objects.get(quantity=2)

        staff = Staff.objects.get(name="C")

        first_commission = create_commission(10, 0, staff)
        first_commission.save()

        # 'Commission matching query does not exist' Error
        self.assertEquals(test_sale_1.get_staff_commission, "2")

gui design – Navigation fake door test

My team have decided to run a fake door test in order to help us, quickly, understand if there is an appetite for a product showcase page. We’ve added the fake door link, but I’m wondering what would be the best way to inform the user that this page is coming soon.

Idea 1:

Inline notification

enter image description here

Idea 2:

Modal

enter image description here

Are either of these ideas any good? If not, what other ways can I handle the displaying of this information. Thanks

penetration test – Nmap scanning with and without proxychains has different behaviour

I’m doing a nmap scan to my own machine to my own machine. First of all I set the port 333 to listen with this command sudo nc -lvnp 333

On the other terminal I run sudo nmap -O -sV -p 0-65535 IP where IP is my local IP. The result I got on the nmap terminal is this one:

enter image description here

But on the terminal where I opened the port, the process finishes and I have this message:

    root@kali:~$ sudo nc -lvnp 333
    listening on (any) 333 ...
    connect to (IP) from (UNKNOWN) (IP) 47462

I got curious and I tried to do the same thing with proxychain just to check which IP would appear, so I run sudo proxychains nmap -O -sV -p 0-65535 IP

The result on the nmap terminal was different I guessed because the limitations of nmap through proxy I read in other places:

enter image description here

But when I checked on the nc terminal the process didn’t finish and it doesn’t seem that noticed some scan was checking that port.
Which is the reason that with proxychains the scan was stealthy?