Hello guys.

In this post we’ll take a look at how to setup Apache, MySQL and PHP on Windows and Linux. This setup is mainly for a series of SQL injection labs that I’ll be posting in the upcoming days (you’ll find the link for the HTML/PHP below). For this reason, it will be a development setup not a secure one. 😉

What will be covered:

• Installation of Apache, MySQL and PHP
• Configuration of each service where needed
• Creating MySQL user, database and grant privileges
• Download HTML/PHP pages and configure it properly

Since I’ll be doing a series of SQL injection posts, I figured it would make sense to create this post given that understanding the installation process, database users/permissions all contribute to the vulnerability.

With that said, let’s begin!

[ Part 1 (Overview) – Part 2 – Part 3 – Part 4 – Part 5 – Part 6 – Part 7 ]

Welcome to my blog’s first tutorial series!

Hey guys! Ready to write some code?

We’ve put a lot of work in these past five parts and today is no exception, however, we’ll try to take it easy after that insanity in the last article.

Looking back I probably should’ve broken that last article in more parts. At the same time, I guess it serves to separate the kittens from the lions. 😀

Enough jokes for now, let’s keep moving…

Today we’ll be implementing the second part to the text-based user interface which is what I call the active client chat screen.

Of course this also requires us to first implement the logging system for all of our clients, along with notifications as well.

Besides that we’ll add a few more features to wrap it up.

Dive Into The Code

I’m gonna focus on the main blocks of code added this time, so right off the bat, let’s jump into the new ‘active client chat screen’ interface…

[ Part 1 (Overview) – Part 2 – Part 3 – Part 4 – Part 5 – Part 6 – Part 7 ]

Welcome to my blog’s first tutorial series!

How you doing today?

I hope you’re well because this video is about to bang you on the head!

Not in a bad way of course, we’re about to learn a lot of cool stuff; but, I must warn you, grab your drink in advance and strap in that chair. 🙂

In this episode, as promised, we’re going to merge both the server and client script into one and add a bunch of functionality as well.

Analysis Before Coding

Since there’s a lot of ground to cover, let’s take a deep breath first and think about some components before diving into the code.

In the last part, we concluded the server thread and I mentioned we would work on the client thread this time. Which we will. However, before that we must port over some functions from the client script into the server script.

For example, the connect back functionality from the client script will be ported over and improved upon to allow the user to either start a new connection or be used programmatically in the main server.

Only then we’ll be able to consider firing up those client threads…

Now about the main server: we’ll have to place it inside its own function. The main reason is so we can run it in the background as a thread. This will allow us to shut it down once we finish establishing a connection and quickly fire it up again to listen for the next client.

Finally we’ll implement the text-based user interface since all of our main components are now running in the background as daemons: the server threads, the client threads and the main server.

I think that’s enough context for now so let’s jump into some code!

[ Part 1 (Overview) – Part 2 – Part 3 – Part 4 – Part 5 – Part 6 – Part 7 ]

Welcome to my blog’s first tutorial series!

Ayyyyoooo guys! What’s good?

Continuing from my last post, its time to implement the server thread.

A lot of pieces are already in place to handle the server threads, so we should be able to get it done without too much hassle.

There are some minor code changes in the server script which I will only be covering in the video above, so if you’re only following the blog make sure to download the code at the end of the post and compare the changes.

Let’s write some codes!

Server Handler Code

# Server handler
# --------------------------------------------
# This function will listen for connections as daemons
# and keep connected in background.
def ServerHandler(serverIP, serverPort, clientIP):
	sh = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	sh.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
	sh.bind((serverIP, serverPort))
	sh.listen(1)	# Listen for 1 client, each server = 1 client
	
z,b = sh.accept()
	if (z):
		print "\n[" + GetTime() + "] Connection from " + str(b)
		while True:
			msg = Receive(z)
			if len(str(msg)): print "\n[" + GetTime() + "] " + msg

There isn’t much to the server handler. Basically we fire up a socket using the supplied arguments serverIP and serverPort – this port is the one supplied by the AllocAddress() function we created in the previous part (will basically add +1 to the same port of the main server).

[ Part 1 (Overview) – Part 2 – Part 3 – Part 4 – Part 5 – Part 6 – Part 7 ]

Welcome to my blog’s first tutorial series!

What’s going on guys? Are ready to keep on coding?

In this part we won’t write too much code, mostly we’re going to focus on the building blocks to setup our server thread in the future.

This includes setting up a few variables, some new functions and some overall analysis into how the server thread is going to work.

I already explained in the overview how the program is going to operate in regards to handling clients but now we’re actually going under the hood.

Without further ado, let’s code!

Dive Into The Code

On the server script, we’re going to add two new functions:

• CheckAddr(port, verbose)
• AllocAddress()

The purpose of these functions will become clear later on, but for the time being we are going to use them to check if the IP address we chose as a host is available; while the second function will work to find an available port for the client to connect back to us (in the client thread, which will be developed later on).