Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'

Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!

I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.

Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.

Was pretty shaken up but damn I learned my lesson!

Just realized. The only use of port 80 (providing it runs something like NginX/Apache) is (or, should be anyways) redirecting users from a non-secure connection to a secure one.

Poor port 80 😖

Misunderstanding is like running ftp server on port 80!
Ftp responses for http request!
In real life it happens like this

Dev(null networking knowledge): -"i've already deployed the web but it isn't up."

Boss(strong networking skills): Found port 80 blocked.
-Option A: open port 80.
-Option B: disable firewall.
Choose option B.

Me:😐(poker face)

PSA: "sudo apt-get remove nginx" doesn't actually remove nginx. It will still continue to run and block port 80 on every reboot.

Until you run sudo apt-get autoremove, nginx-core and others still remain.

And that's how twenty seconds of scheduled downtime turns into 10 minutes.

Dammit nginx

I spent about 5 hours rewriting an in company C# toolbox because I thought it's connection to a Web API was broken. 5 FUCKING HOURS.

Only to then see I was using port 80 for HTTPS...

Look lighttpd just pass by and took port 80! Lol!

The war for port 80...

Some years ago our company site was hosted by a prick who knew nothing and started to pretend the server got a virus or whatever.

I tested their server and figured out they did not have any firewall policies going on like mitigation of ssh brute force.

It was at this time I learned about SYN flood, and boy I flooded that port 80 of them.

The company site went down for as long as I wanted.

It was great because now we manage it in house and never had a problem anymore.

Working with DigitalOcean boxes for so long has spoiled me.

I went to setup something on my home server today, and couldn't figure out what I was doing wrong for like 30 minutes...

Until I realized that I never forwarded port 80.

*sigh.

Network Security at it's best at my school.
So firstly our school has only one wifi AP in the whole building and you can only access Internet from there or their PCs which have just like the AP restricted internet with mc afee Webgateway even though they didn't even restrict shuting down computers remotely with shutdown -i.
The next stupid thing is cmd is disabled but powershell isn't and you can execute cmd commands with batch files.
But back to internet access: the proxy with Mcafee is permanently added in these PCs and you don't havs admin rights to change them.
Although this can be bypassed by basically everone because everyone knows one or two teacher accounts, its still restricted right.
So I thought I could try to get around. My first first few tries failed until I found out that they apparently have a mac adress wthitelist for their lan.
Then I just copied a mac adress of one of their ARM terminals pc and set up a raspberry pi with a mac change at startup.
Finally I got an Ip with normal DHCP and internet but port 80 was blocked in contrast to others like 443. So I set up an tcp openvpn server on port 443 elsewhere on a server to mimic ssl traffic.
Then I set up my raspberry pi to change mac, connect to this vpn at startup and provide a wifi ap with an own ip address range and internet over vpn.
As a little extra feature I also added a script for it to act as Spotify connect speaker.
So basically I now have a raspberry pi which I can plugin into power and Ethernet and an aux cable of the always-on-speakers in every room.
My own portable 10mbit/s unrestricted AP with spotify connect speaker.
Last but not least I learnt very many things about networks, vpns and so on while exploiting my schools security as a 16 year old.

My grandmother started dating soon after granddad's death.
Death of Grandpa: fuser -k 80/tcp
Announcement to all programs, port 80 is now free

Client wants my code working on port 80, but they have a Apache web server running.

Corporate IT blocks all network traffic, whitelists port 80 and 443 😡

... cos port number is the best predictor of security threats, amirite? 😒

!rant

I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.

I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...

Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.

That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.

Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.

Today,
I tried setting up XAMPP for running my friends code.. it took 5hrs and faced atleast one issue in every step from installation to running.

First
1) XAMPP Did not download itself, found that internet was down.

2) downloaded finally, installation phase went till 98% fatal error, windows collecting info for diagnosis

5)after 3 tries , suddenly it installed successfully

6)Apache force shut, every time I started it

7)1.5 hours later found VM had occupied the port 80, making it shut.
Changed the port

8)PHPmyadmin was recent ,that SQL 5.1 support was not There.

9)Now after setting up new instance of MySql 5.6 , created conflict.
Project referred one instance and PHPmyadmin referred other

10) Changed port numbers and added service entry in windows to make it work

At last the struggle ended up with happy ending.

My installation story precisely

Iam new to PHP development and XAMPP.

!rant
How to self host a website?
Seriously, through many guides out there, I was never been able to see my site (hosted on a raspberrypi with nginx) outside the local network. I always tried to link my router to no-ip without success outside my localhost, the port 80 is already open for the raspberrypi. I live in Italy, can it be that the local ISPs obstacle the creation of such homemade website hosts?

Spending hours trying to figure out why the stack just won't work with SSL. Nearly lost my mind as we started feeling dumber than ever. I really started to doubt my skills after it did not even work with the most minimal nginx site config I could imagine.
The next day I discovered that we missed the 443 port mapping in the docker-compose file...it only had port 80 mapped.

Yup, stepping back from a problem and getting some sleep is really worth it sometimes.

I want to access a webpage on a non-standard port.
On desktop, I can override port bans for Chromium-based browsers and Firefox.
On Android, I FUCKING CAN'T, FIREFOX' CONFIG VALUE USED ON DESKTOP DOESN'T DO ANYTHING ON ANDROID, ANY OTHER BROWSER ALSO DOESN'T HAVE ANY CONFIG FOR THIS, AAAAAAAAAAAAAAAAAAAAAAAAAA

Site's on port 21 because that's one of my school firewall's few allowed outbound ports, and I couldn't use 80/443 since a webpage is already running there.

Professor to the whole class: Apache tomcat runs on port 80 which is the same port used by skype
Me: (change the port of tomcat to something else, obviously)
Professor: Kill Skype
Me: 😐😐

when you need to use skype again for that new client, and you forgot it blocks port 80.. raaaage!

me: block all in&put connection
firewall: ok
me: open port 22 for local network
firewall: ok
me: enable firewall
firewall: ok
me: restart pi
firewall: allow me connect
me: open port 80 for local network
firewall: ok
me: open port 443
firewall: Oh! i have to block icoming connections on port 22

Random guy messages me on WhatsApp that he needs help, that his friend told him I'm good at blah blah blah.........

the issue: he paid for some random php bitcoin thingy blah blah, sent me a link to the site, pretty straightforward instructions on how to use it. I explained everything to him and he says he wants to tweak the php script before he puts it out.
me: then do it

him: how do I start?

me(in my head): did you not think of this before paying for the script?!

also me: oh well, download xampp, good for beginners, easy to setup.

him: not working! please help me

I knew from the onset that he was a windows user.

he started by running it without admin privileges
I had no idea and kept solving problems that didn't exist until I asked him to snap the log, after explaining how to run a software as administrator, we Solved it

port 80 was taken. had to go through the process of changing the ports, I had to validate every single change.

going through the procedure of reinstalling because he installed to some crappy directory. after all the headaches and then redoing all the processes stated above, it still doesn't work.

one final solution left and I am dropping him like a hot potato. I must have close to a hundred pictures of someone's screen on my phone.

little question: when he types localhost on his browser windows IIS page thingy pops up. I was thinking of changing the server name to localserver: new port address

Kubernetes question:
So far I've created two pods, mongo & Go
Exposed those pods using services

Their IP is 10.x.x.x and accessible from my machine only (virtual lan I'm guessing only known to host), but my machine's network ip is 192.x.x.x therefore, not accessible from outside world and to do so I need to put nginx in front to receive requests and route them internally.

Is there a way in kubernetes to make it work like nginx in terms of:

Kubernetes listen to port 80 (for example) route based on received url. As you know in enginx we define a server block with server domain_name.tld

Anything similar in kubernetes? I've cheked ingress-nginx controller, and also saw LoadBalancer but that requires a cloud provider.

If anyone can also give an example it would be great, so far examples I checked ended up screwing my setup and had to reset kubectl to get things back working

Hey Guys
So... I Have a question / rant / frustrated commenting to do...
WHY THA FUCK DO FIRMWARE TAKE SO LONG TO UPDATE!!!
been configuring my webserver and 2 p2p cameras to access from the outside, and for each click or change can take 1 to 5 minutes to implement...
And then, like 6 or 7 hours latter I notice that everytime the port wasn't associated, a small label in like size8 text shows that port is already in use...
And... Da FUCK??
I'm associating the ports myself... how can port 82, 83, 84, 85, 86, ... be In use?
I have my server in 80, WebDav e another non relevant port, and trying to find open ports for the p2p cams...
Fuck I'll just delete all that services that no one uses and are pre configured, like, emule? napster? FifaPC? WTF? I never played Fifa, don't like socker. KaZaA SERVER? WTF why does this shit comes pre-configured?
Btw I'm writing this while I wait for the router to finish every time :p

The company I work in had to build a software that establishes a connection to a MySQL database running on an external server. It doesn't work for the client company because the firewall is very restrictive and only lets through connections on port 80, so we had to build a fucking http server that forwards SQL queries to the MySQL server and returns the result. This is so horrible!
(Running MySQL on port 80 isn't an option as any other connection type than http is blocked by the firewall)

Today i chartered new realms for me.

I created a new hyper-v vm on the company windows servers and added a 5th instance to it, but instead of running another windows server i installed an ubuntu 18.04 (cause i am a bit familiar with debian from my raspberry pi)

we have two servers, one which runs the 4 vms and a replica. I first had the new vm on the main server but it occured me to move it instead to the unusued replica machine. That kinda worked..i did a planned failover but the main server isnt configured to be the replica..and even when activating that it didnt work. This is weird.

For the moment i ignored that and proceeded to install nginx, mariadb and php 7.2..basically the lemp stack. I managed to setup nginx and a static ip adress for the machine (which was different from how i remembered it to do (in 18.04 its not done with the network conf but a yaml file).

in the end i added two different virtual servers, one for actual use and one for dev stuff (with phpmyadmin running for instance), listening on port 80 and some random other port.

as a test i brought a mediawiki onto the Port 80 server and it worked.

on monday i have to figure out how to implement the wildcard certificate i have for our company domain (internal dns simply routes intranet.company.com to the local server vm)

i am mighty proud cause all my experience with linux was with a raspberry pi so far and i am fairly certain i did it right and without shortcuts this time. (unlike my raspberry experience)

just wanted to share

(i also sweated a lot of blood when editing the hyper v settings as i did not set up the server in the first place)

((i also installed xrdp and a mate desktop, but i am less proud of that, but sometimes seeing folders graphically helps me))

Me after my Mac decided to run two unkillable mystery httpd processes on port 80 when I’m just trying to meet deadlines using MAMP for local dev but it no longer works.

*DigitalOcean free trial will end in 10 days*
Thanks for the deployment of my free service for more than 1.5 months
Bye, I have to switch to Heroku for some reasons
Thank you again for the fucking Flask hosting on your server on localhost port 80
I will come back again with NodeJS

I have no specific story to tell (for now. Will post ke if i remember one) but i have had tons of CS teachers that are shit. From ones who don't know shit to ones who are so bad as a human being i am sure thrte are hundreds of people out there to kill them. I have had multiple teachers where all they did was read out a book and we'd have o site everything they read. Whole fucking semester. And not just one person or once. M-U-L-T-I-P-L-E TIMES AND TEACHERS. then I ve had ones who would rejection my code even if it's better, is right, can andle more edge cases, most likely magnitfrs of times faster and isn an eye sore with just effig if-else on op of if-else nested within if-else with many for loops. Then there are those who want you to do just what they want and expect you to not have a life of your own. Those who blatantly abuse their powers. Those who couldn't care less. Those who are not that bad a teacher but their attitude and style just makes you want to leave. There's one currently who wants a group of 4 people in second year to develop a full blown industry level application in mere 3 weeks. AND WE ARE HAVING OUR THEORY PAPRRS INBETWEEN FOR 2 EFFING WEEKS. So that's just like a month. Fortunately I have a group that's good enough that I can have them do the testing and filling up the documentation​ (did I mention that he needs full documentatiin for software plus a report on how our development process) and have them work on presentation (yup. We need to present this thing) all for just 50 marks. 1 uni credit. Our system still gives 80% weightage to pure theory. Plus the practical part is somewhat theory too.

Our HOD wants us *insists*forces** to stay back at college and work on projects (which is nice but what he ments is use the shitty outdated books from early 2000s to study something). Now I'd be happy to stay back if college provided decent internet (I am not asking for gigabit speeds. Even 1-2Mbps would work) and place to sit. But nope, our college non-teaching staff is eager to send us out of their department and by extention college building. There is literally nowhere you can sit. Plus yup, there is no internet and nowhere for you to plug your laptop in. That's a moot point anyway because they don't want you to use your laptop in college library or anywhere anyways. Plus you don't get much of mobile data too because of the building design. Those work only near windows. Why would I be at college if I can get a 50+Mbps down, area to sit, snacks, port to charge all at home. And you'd say we should talk with him about this – well it's not his issue is all he has to say.

Well, such is life in Indian colleges. And my college/uni is one of the better ones.

Sorry for my noob question. Too scared to post in stackoverflow.
I have a domain for my website from namecheap.my website is made with springboot and hosted on my homeserver port 80
I pointed my domain to publicip:80.never works fine except when i put my domain name in the address bar it redirected to my ip and shows the ip in the address bar.
Am I missing any steps?do i need to do something in my embedded tomcat server?

Repeater + Android 4.2.2 + Android web server
Hey guys
I have a stupid problem.. Mas that is the opposite of everyone else (so no Google can help me)
I want my android phone (my personal server) to connect directly to the router, and never to the repeater (the port 80 is blocked this way)
How can I do this magic?
Thanks

Our home ISP seems to he blocking traffic to remote port 80 and it's driving me fucking nuts

Which ons is less risky and which one Is most profitable to succeed ?

0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)

1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.

2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available

3- brute forcing admin password :/

4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)

5- any other way .

Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.

Today wasted around 5 hours installing nginx, apache stills working and keeping listen on 80 port after uninstalling it reboot finally the thing was i dont change the fucking dns of the server and trying to connect to the domain 5 hours later tried to connect to the ip... Fuck my life

Windows why do I need to explicitly tell you in a firewall rule to allow port 80 to allow someone in the same NAT as me which is set to a private network to access the web server?

I already searched for a while and couldn't find a viable solution.
I setup a service with docker-compose, and published it on port 80.
However port 80 is only published on ipv4 networks, not ipv6.

How can I make docker publish the service on ipv6 networks as well.